VPC Subnet

  • A subnet is a range of IP addresses in your VPC and it is a logical subdivision of the VPC network.
  • The practice of dividing a network into two or more networks is called subnetting.
  • AWS provides two types of subnetting one is Public which allows the internet to access the machine and another is private which is hidden from the internet.
  • A subnet is a span to a single availability zone.
  • AWS always reserves 5 IPs addresses (first 4 and last one IP address) in each Subnet.
  • These 5 IPs are not available for use and cannot be assigned to an instance.
  • Ex, if the CIDR range of subnet block 10.0.0.0/24, then Reserved IP is
  • 10.0.0.0- Network address
  • 10.0.0.1- Reserved by AWS for the VPC router
  • 10.0.0.2- Reserved by AWS for mapping to Amazon-provided DNS
  • 10.0.0.3- Reserved by AWS for future use
  • 10.0.0.255- Network broadcast address.
  • AWS does not support broadcast in a VPC, therefore the address is reserved
  • If you need 29 IP addresses for EC2 instances, you can’t choose a Subnet of size /27 (32 IP) because 5 IP addresses is used by AWS so you need at least a CIDR of /26.
  • A public subnet is a subnet that’s associated with a route table (public route table) that has a route to an internet gateway.
  • Resources that reside within the public subnet can access the Internet with an Internet gateway.
  • A public subnet is a subnet that’s associated with a route table (private route table) that has a route to a NAT gateway.
  • Resources that reside within the private subnet can access the Internet with a NAT gateway.
  • The resources from private subnet such as Mysql DB, private VM can’t be accessed directly from the internet.
  • We can use VPN as a service from AWS or can a bastion host in the public subnet to connect the resources in the private subnet.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store