Amazon EC2 instances that function as web servers can be deployed in the public subnet, and the Amazon RDS DB instances are deployed in the private subnet.
In such a deployment, only the web servers have access to the DB instances.
When creating a DB instance in VPC, you must select a DB subnet group.
The following procedures help you create a DB instance in a VPC.
If your account has a default VPC, you can begin with step 3 because the VPC and DB subnet group have already been created for you.
Amazon RDS uses that DB subnet group and your preferred Availability Zone to select a subnet and an IP address within that subnet to associate with your DB instance.
If the primary DB instance of a Multi-AZ deployment fails, Amazon RDS can promote the corresponding standby and subsequently create a new standby using an IP address of the subnet in one of the other Availability Zones.