[AWS] VPC – Subnets and Routing Tables

Subnets

• A subnet is an isolated local network confined in a single AZ.
• Different application tiers are in different subnets.
• 5 IPs are reserved for a subnet (ex. /24 network  251 IPs available)
  • 0 (first) – Network, 1 – Router, 2 – DNS, 3 – Future, X (last) – Broadcast
• Subnets must be associated with a route table.
• Subnets are by default private unless created in a default VPC.
• The CIDR block of a subnet cannot overlap the CIDR blocks of other subnets in the same VPC.

Route Tables

• One route table is attached to a subnet, but multiple route tables can be created in VPC, unlike IGW.
• Every VPC has a virtual routing device called the VPC router.
• A router has a collection (route table) of rules. A route contains a destination and a target.

• Route Table is a set of rules, called routes.
  • By default, all subnets’ traffic is allowed within a VPC, which is called a local route.
  • If multiple routes apply, the most specific one is chosen (/32 is chosen before /24).
  • A default route (0.0.0.0/0 or ::/0) can be added that match any traffic not already matched.

• The default VPC already has a main route table: local route + IGW

Public Subnets

• Subnets can be public or private.
• A subnet is public when
  • (1) The subnet has a public IP or EIP; You can modify auto-assign IP settings for a subnet.
  • (2) VPC has an Internet Gateway.
  • (3) The subnet has a route to send all non-local traffic to the Internet Gateway.
  • And (4) Network ACL and security groups allow sending and receiving traffic from the Internet.