A total of two subnets is required. One is open to the public, while the other is closed to the public.
Subnetwork open to the general public
The public IP address of a public subnet can be enabled. A NAT gateway and a route table should be included:
Destination Target
10.0.0.0/24 local
0.0.0.0/0 internet-gateway
subnet (private)
In the private subnet, your private instance should be. A route table for the subnet is required:
Destination Target
10.0.0.0/24 local
0.0.0.0/0 nat-gateway-id