Subnet
What
Subnet belongs to a VPC. One subnet belongs to an AZ.
AWS Reserved IP
AWS reserve 5 IP address in each subnet.
Example: For a subnet with CIDR 10.0.0.0/24
- 10.0.0.0 is the subnet address
- 10.0.0.1 is aws reserved IP for VPC router
- 10.0.0.2 is aws reserved IP for AWS hosted DNS server
- 10.0.0.3 is aws reserved IP for future usage…
- 10.0.0.255 is the broadcast IP address. However AWS does not allow broadcasting in VPC, therefore reserved.
Therefore, if you needs 28 IP address in a subnet, you must open a CIDR with /26, since /27 will have 32-5 = 27 max IP address available.
More Info
- Subnet can have settings of Auto Assign Public IP settings, which will apply to resouces in subnet by default.
Tips
- For subnets with same usage, allocate to different AZ to have HA.
- Can be associate to a route table.
Private Subnet vs Public Subnet
Public subnet
- Public subnet is accessible from the Internet.
- Public subnet attach to a public route table, usually with Internet Gateway route.
- For public subnet to access Internet, use Internet Gateway.
Private subnet
- Private subnet is NOT accessible from the Internet.
- Private subnet attach to a private route table, without Internet Gateway.
- For private subnet to access Internet, use NAT Gateway.
- If really needs public accees from the Internet to private subnet, use a Bastion Host.