Score:1

Is it necessary to put public and private subnet in different vpc for extra safety

at flag

Currently we put public accessible resources like ALB inside public subnet, application servers and data storages inside private subnet (different data storage, say RDS and Elasticache, have their own subnets). All the subnets are living inside a single VPC.

My question is, is it 1) possible; 2) necessary to split this VPC into 2 separate VPCs, one VPC contains only public subnet and another VPC with only private subnet, to gain extra safety?

By saying extra safety, it means the 2-vpc topology could achieve additional security benefits than the current single vpc topology.

Score:0
gp flag
Tim

No, there is no need to do that, unless you mess up your configuration and leave it insecure. Think about the threat assessment, what are you protecting against?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.