Document advantages of using private VPCs instead of public?

[EmmanuelOga]

Hi, thanks for making fck-nat available!

What do you think about documenting advantages of using private VPCs with fck-nat, versus putting everything on pubic VPCs?

From the top of my head I think the argument is on isolating everything as much as possible, and only have the NAT gw be the point of access, to minimize surface attack. While this may be great for security, given the costs and added overhead of adding the gw instance, perhaps having everything running on public VPCs could be a sensible alternative?

• Amazon announced $0.005 per IP per hour starting feb'24, but this would represent $3.6 per ip per month. Depending on the number of instances and inbound traffic, it could be cheaper to use the public IPs than running the NAT gw.
• Perhaps with a judicious use of security groups and NACLs, a safe-enough environment can be configured, even if the attack surface becomes larger than with private VPC alternative.

Not sure if I'm missing something else.

Thank you!