What is VPC Subnet?
- A subnet is a range of IP addresses in your VPC and it is a logical subdivision of the VPC network.
- The practice of dividing a network into two or more networks is called subnetting.
- AWS provides two types of subnetting one is Public which allows the internet to access the machine and another is private which is hidden from the internet.
- A subnet is a span to a single availability zone.
- AWS always reserves 5 IPs addresses (first 4 and last one IP address) in each Subnet.
- These 5 IPs are not available for use and cannot be assigned to an instance.
- Ex, if the CIDR range of subnet block 10.0.0.0/24, then Reserved IP is
- 10.0.0.0- Network address
- 10.0.0.1- Reserved by AWS for the VPC router
- 10.0.0.2- Reserved by AWS for mapping to Amazon-provided DNS
- 10.0.0.3- Reserved by AWS for future use
- 10.0.0.255- Network broadcast address.
- AWS does not support broadcast in a VPC, therefore the address is reserved
- If you need 29 IP addresses for EC2 instances, you can’t choose a Subnet of size /27 (32 IP) because 5 IP addresses is used by AWS so you need at least a CIDR of /26.
- A public subnet is a subnet that’s associated with a route table (public route table) that has a route to an internet gateway.
- Resources that reside within the public subnet can access the Internet with an Internet gateway.
- A public subnet is a subnet that’s associated with a route table (private route table) that has a route to a NAT gateway.
- Resources that reside within the private subnet can access the Internet with a NAT gateway.
- The resources from private subnet such as Mysql DB, private VM can’t be accessed directly from the internet.
- We can use VPN as a service from AWS or can a bastion host in the public subnet to connect the resources in the private subnet.