For the past few days, I’m trying to replicate a setup in AWS where the database server access is secured in a private subnet while the web server is located in a public subnet. The documentation is pretty straightforward for working with an Amazon RDS DB Instance in a VPC, however, there are slight changes that the old document didn’t cover.
The document says that you need to create a NAT instance to enable the public/private networking. NAT instance will provision a small EC2 instance (micro instance) which I don’t like. A newer method is to use a NAT Gateway through an Elastic IP.
Therefore, before you create a VPC with public/private subnet, be sure you have allocated an Elastic IP first which can be created at the EC2 dashboard. Once you are in the create VPC wizard, you will be able to select the Elastic IP you have allocated within the create VPC form.
Please note that Elastic IP is billable.