Cloud Architecture

VPC with Public and Private Subnets Pattern

A standard AWS network pattern with internet-facing resources in public subnets and application or database workloads in private subnets, typically duplicated across multiple availability zones for resilience.

AI Prompt

Draw an AWS VPC architecture with two availability zones. Each zone has one public subnet and one private subnet. Put an Application Load Balancer in public subnets, ECS services in private subnets, NAT Gateways for outbound internet access, and an RDS PostgreSQL database in private subnets.

Try this in AIDrawIO

Free — no credit card required

Scenario summary

A standard AWS network pattern with internet-facing resources in public subnets and application or database workloads in private subnets, typically duplicated across multiple availability zones for resilience.

Why this architecture matters

  • 1

    It documents exposure boundaries so reviewers can quickly see what is internet-facing versus private.

  • 2

    It clarifies ingress, egress, and east-west traffic paths across availability zones before teams add more services.

  • 3

    It reduces ambiguity during security reviews, cost discussions, and Terraform implementation work.

Refine it with follow-up prompts

After generating the base diagram, use these prompts to iterate and add detail — the same way a real architect would refine a whiteboard sketch.

  • 1

    Add route tables, internet gateway, and security group boundaries.

    Try this follow-up
  • 2

    Show a bastion-free admin path using Systems Manager instead of SSH.

    Try this follow-up
  • 3

    Highlight east-west traffic between private application components.

    Try this follow-up

What to emphasize in the diagram

  • Make subnet boundaries visible and label each availability zone clearly.
  • Distinguish inbound internet traffic from internal service traffic.
  • Place stateful services in private subnets unless public access is explicitly required.

How AIDrawIO generates this diagram

  1. 1.You paste the prompt above into the chat input.
  2. 2.AIDrawIO sends it to your chosen AI model (GPT-5, Claude, or Gemini).
  3. 3.The model returns draw.io-compatible XML — rendered instantly in the canvas.
  4. 4.Export as SVG, PNG, or XML. Edit any element manually or with follow-up prompts.

Related tools

ToolAWS Diagram GeneratorAI-generated AWS architecture diagramsToolNetwork Diagram GeneratorAI network topology diagramsToolTerraform Diagram GeneratorVisualize Terraform infrastructure

Frequently asked questions

Why split workloads into public and private subnets?

The split reduces exposure by keeping application and database resources off the public internet while still allowing controlled ingress through load balancers or gateways.

What should a subnet architecture diagram show?

It should show the VPC boundary, availability zones, subnet types, ingress path, egress path, and where stateful services are deployed.

More Cloud Architecture pages

Cloud ArchitectureAWS Serverless APIAPI Gateway → Lambda → DynamoDB with SQS, S3, and CloudWatchCloud ArchitectureMulti-Region Active-ActiveAWS us-east-1 + eu-west-1 with Route 53, Aurora Global, and DynamoDB global tablesCloud ArchitectureAWS Lambda + API Gateway + DynamoDB Architecture PatternA common AWS serverless backend pattern where public HTTP traffic lands on API Gateway, Lambda handles business logic, and DynamoDB stores application data with optional S3, SQS, and CloudWatch support services.
All examples