Menu
I have a VPC in AWS account and there are 5 subnets associated with that VPC. Subnets are of 2 types - Public and private. How to identify which subnet is public and which is private ? Each subnet has CIDR 10.249.?.? range.
Basically when I launch an EMR in that subnet with lists of ec2SubnetIds , it says ***The subnet configuration was invalid: Provided subnet list contains both public and private subnet. Only one type of subnet is allowed.
How to recify this error.
483
Public subnets have a default route to an Internet Gateway; private subnets do not. So, to determine if a given subnet is public or private, you need to describe the route table that is associated with that subnet. That will tell you the routes and you can test for a 0.0.
You can use the Amazon EC2 console to view the private IPv4 addresses, public IPv4 addresses, and Elastic IP addresses of your instances. You can also determine the public IPv4 and private IPv4 addresses of your instance from within your instance by using instance metadata.
Instances in your VPC do not require public IP addresses to communicate with resources in the service. A public subnet is a subnet that is associated with a route table that has a route to an Internet gateway. This connects the VPC to the Internet and to other AWS services.
The key benefit of an Amazon Web Services (AWS) Virtual Private Cloud (VPC) or virtual private networks is a basic one: your devices are not openly accessible via the Internet. This keeps proprietary applications and data protected since they can be accessed only from within your own secure network.
The question is how to identify public subnets vs. private subnets, and the answer lies in what it means in AWS for a subnet of a VPC to be 'public' vs. 'private'.
Public subnets have a default route to an Internet Gateway; private subnets do not.
So, to determine if a given subnet is public or private, you need to describe the route table that is associated with that subnet. That will tell you the routes and you can test for a 0.0.0.0/0 route with a gateway ID of igw-xxxxxxxxxxxxxxxxx (as opposed to local).
You can tell if a subnet is public in the AWS VPC Console by reviewing the subnet's route table, for example:
You can also do this as follows for a given subnet ID, using the awscli:
aws ec2 describe-route-tables \ --filter Name=association.subnet-id,Values=subnet-0a123fc414ad5b999 \ --query "RouteTables[].Routes[]" The output will look like this:
[ { "DestinationCidrBlock": "10.0.0.0/16", "GatewayId": "local", "Origin": "CreateRouteTable", "State": "active" }, { "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": "igw-0fca21fadaa22a1b2", "Origin": "CreateRoute", "State": "active" } ] Here, you can see a destination route of 0.0.0.0/0 with a target that is an Internet Gateway (its GatewayId is igw-xxxxxxxxxxxxxxxxx). This confirms that you are looking at a public subnet.
71
The best solution is to specify only a single subnet, so that you don't incur cross-AZ data charges.
There's no definite way to identify public and private subnets without looking at their routing tables: a public subnet will route to an Internet Gateway, while a private subnet won't. If you're creating your clusters via some program then maybe that's a reasonable check, but I wouldn't go there.
The best alternative is to give the subnet a name when you create it: something like "Private B" for a private subnet in availability zone B (us-east-1b, us-west-1b, whatever). If you're launching your cluster via the console that name should be shown in the list of available subnets (I haven't manually launched an EMR cluster in years, so don't know for sure).
Alternatively, you can give your subnets arbitrary tags. This is probably most useful if you're accessing them programmatically.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
