https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html aws document says - Public – (Default) Instances in private subnets can connect to the internet through a public NAT gateway, but cannot receive unsolicited inbound connections from the internet.
if private instance does not receive inbound connection how do they communicate with internet, does it mean they can receive inbound request only through NAT gateway?
HTTP request is inbound, so is there any protocol which makes non inbound connection? what are the other types of connections possible if not inbound.
I am lost at the point --> internet connection is possible but not inbound.
internet connection is possible but not inbound
This means that instances in a private subnet, behind NAT, can only access internet. For example, you can download software on them, or perform their update. But, you can't access them from the internet. For example, you can't ssh into them from the internet.