Small glitch in VPC Share example diagram

[kailashSwaminathan]

Hi,

The diagram (https://docs.aws.amazon.com/images/vpc/latest/userguide/images/vpc-share-internet-gateway-example_updated.png) found in the "Example of sharing public subnets and private subnets" (https://docs.aws.amazon.com/vpc/latest/userguide/example-vpc-share.html) page in the Amazon Virtual Private Cloud userguide shows a Private subnet connected directly to the Internet gateway and a Public subnet connected to the Internet gateway via a NAT gateway. This is in contradiction to the definition of the Private and Public subnet found in a later section of the userguide (https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html).

Subnet types
Depending on how you configure your VPC, subnets are considered public, private, or VPN-only:

Public subnet: The subnet traffic is routed to the public internet through an internet gateway or an egress-only internet gateway. 

Private subnet: The subnet traffic can't reach the public internet through an internet gateway or egress-only internet gateway. 
Access to the public internet requires a NAT device.

I think the diagram should be more like the one attached

[julieso]

Thanks for your feedback. Yes, the diagram should not have implied that there is a route from a private subnet to an internet gateway. The NAT gateway does belong in the public subnet. I've changed the arrows so that traffic from the private subnet goes to the NAT gateway and traffic from the NAT gateway goes to the internet gateway.