We have dbs, basion ..etc, total 10 things that need to be separated.
If we put each of them into a separated subnet, we have total 10 subnnet and plus 1 for second zone for high availability. So we have total 20 subnets need to be created.
Do we really need to create 20 subnets in total in aws? Because we off-load infrastructure to azamon and amazon uses security group to separate things, I don't find good reason to do that.
I'm considering only two private subnets and two public subnets in two different zone (for ha), adding ec2 instances to a private subnets and use security group to make logical separating between things. Two subnets because some aws resource require that, for example: rds
You are correct. You should only need one Public subnet and one Private subnet per Availability Zone.
And, in fact, you could just use public subnets by configuring Security Groups to restrict traffic.
There really is no good reason to put resources in separate subnets unless you have additional security requirements (eg DMZs, subnet sharing, VPC peering).