A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet that youselect. Use a public subnet for resources that must be connected to the Internet, and a privatesubnet for resources that won't be connected to the Internet. To protect the AWS resources in each subnet, you can use multiple layers of security, includingsecurity groups and network access control lists (ACL). Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html