1Custom vs Main Tables
Never use the main route table for public subnets. Keep the main table completely private and explicitely associate custom tables to public subnets. This acts as a fail-safe so any newly created subnet that defaults to the main table remains isolated from the internet.
