Subnets

Understanding Amazon VPC Subnets

ℹ️ What is a Subnet?
A subnet is a segmented portion of your VPC’s IP address range that provides network connectivity to AWS resources. Subnets are defined using CIDR notation (e.g., 10.0.1.0/24 for IPv4, 2001:db8::/64 for IPv6) and must be contained within your VPC’s CIDR block. They serve as the fundamental building blocks for organizing your network topology within AWS.

Subnet Characteristics

  • Subnets are identified by their CIDR blocks (e.g., 10.0.1.0/24, 192.168.0.0/24)
  • The smallest subnet you can create is /28 (16 IP addresses)
  • Each subnet exists within a single Availability Zone and cannot span multiple AZs

⚠️ Reserved IP Addresses
AWS reserves 5 IP addresses in each subnet for internal networking purposes:

  • The first 4 IP addresses
  • The last IP address

For example, in a /28 subnet with 16 total IP addresses, only 11 are available for your resources.

Subnet Types

Subnets are categorized based on their routing configuration:

  1. Public Subnet - Contains a route table entry that directs internet-bound traffic to an Internet Gateway (IGW)
  2. Private Subnet - Lacks a direct route to an Internet Gateway
  3. VPN-only Subnet - Contains routes that direct traffic to a Virtual Private Gateway (VGW)

🔒 Security Note
Regardless of subnet type, all subnet IP address ranges are private by default. External internet traffic cannot directly reach these addresses without proper configuration of network components like Internet Gateways, NAT Gateways, or VPN connections.

Availability Zone Relationship

An Availability Zone (AZ) is a distinct location within an AWS Region that is engineered to be isolated from failures in other AZs. When designing your VPC architecture:

  • A single AZ can contain multiple subnets
  • A subnet must reside entirely within one AZ
  • For high availability, distribute resources across multiple subnets in different AZs

🏗️ Multi-AZ Best Practices
For production workloads, follow these subnet distribution strategies:

  • Deploy at least one public and one private subnet in each AZ you plan to use
  • Use a minimum of 2 AZs for high availability (3+ AZs for critical workloads)
  • Consider subnet sizing to accommodate future growth in each AZ
  • Plan for consistent CIDR allocation patterns across AZs (e.g., 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24)

💡 Pro Tip
When designing your VPC, plan your subnet CIDR blocks carefully to allow for future growth. Consider allocating larger CIDR blocks than immediately needed to accommodate expansion of your workloads.

Subnets