Skip to content
Gallery
5. Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)
VPC Peering
AWS Privatelink
VPC Endpoints
Difference between VPC Peering, PrivateLink, and VPC Endpoints
AWS Managed VPN
AWS VPN CloudHub
AWS Direct Connect (DX)
VPC Flow Logs
Misc
More
Share
Explore
Amazon Virtual Private Cloud (VPC)

icon picker
Subnets and Subnet Sizing

Types of Subnets
Public Subnet: Traffic is routed to an internet gateway.
Private Subnet: No route to the internet gateway.
VPN-Only Subnet: No route to the internet gateway, but traffic is routed to a virtual private gateway for a VPN connection.
VPC and CIDR Blocks
Master Address Range: VPC is created with a CIDR block ranging from /16 to /28.
CIDR Block Immutability: Once the VPC is created, the CIDR block cannot be changed.
Non-Overlapping Blocks:
Cannot create additional CIDR blocks that overlap with existing ones.
Cannot create additional CIDR blocks in a different RFC 1918 range.
Reserved IPs: The first 4 and the last 1 IP addresses in a subnet are reserved.
Subnet Creation and Characteristics
AZ Specific: Subnets are created within Availability Zones (AZs) and must reside entirely within one AZ.
Default Route Table: New subnets are always associated with the default route table.
Isolation: Availability Zones are designed to be isolated from failures in other AZs but are connected with low latency, high throughput, and highly redundant networking.
Types: Can create private, public, or VPN subnets.
1:1 Mapping: Subnets map 1:1 to AZs and cannot span across AZs.
Internet Gateway and IPv6
Internet Gateway: Only one internet gateway can be attached to a custom VPC.
IPv6 Addresses: All IPv6 addresses are public and allocated by AWS.
Recommended IP Ranges
RFC 1918 Private IP Ranges:
10.0.0.0 – 10.255.255.255 (/8 prefix)
172.16.0.0 – 172.31.255.255 (/12 prefix)
192.168.0.0 – 192.168.255.255 (/16 prefix)
Publicly Routable CIDR Block: Possible but not recommended.
CIDR Block Rules
Allowed Block Size: Between a /28 netmask and /16 netmask.
Non-Overlapping Subnets: CIDR blocks of the subnets within a VPC cannot overlap.
Reserved IP Addresses in Subnets:
For example, in a subnet with CIDR block 10.0.0.0/24:
10.0.0.0: Network address.
10.0.0.1: Reserved by AWS for the VPC route.
10.0.0.2: Reserved by AWS.
10.0.0.3: Reserved by AWS for future use.
10.0.0.255: Network broadcast address (broadcast not supported).

Refer:
Subnets for your VPC - Amazon Virtual Private Cloud

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.