Intro

• Regional resource
• Soft limit of 5 VPCs per region
• Only the Private IPv4 ranges are allowed

Subnets

• Sub-ranges of IP addresses within the VPC
• Each subnet is bound to an AZ
• Subnets in a VPC cannot have overlapping CIDRs
• Default VPC only has public subnets (1 public subnet per AZ, no private subnet)
• AWS reserves 5 IP addresses (first 4 & last 1) in each subnet. These 5 IP addresses are not available for use. Example: if CIDR block 10.0.0.0/24, then reserved IP addresses are 10.0.0.0, 10.0.0.1, 10.0.0.2, 10.0.0.3 & 10.0.0.255

<aside> 💡 To make the EC2 instances running in private subnets accessible on the internet, place them behind an internet-facing (running in public subnets) Elastic Load Balancer.

</aside>

<aside> 💡 There is no concept of Public and Private subnets. Public subnets are subnets that have:

• “Auto-assign public IPv4 address” set to “Yes”
• The subnet route table has an attached Internet Gateway

This allows the resources within the subnet to make requests that go to the public internet. A subnet is private by default.

Since the resources in a private subnet don't have public IPs, they need a NAT gateway for address translation to be able to make requests that go to the public internet. NAT gateway also prevents these private resources from being accessed from the internet.

</aside>

Internet Gateway (IGW)

• Allows resources in a VPC to connect to the Internet
• Attached to the VPC (not subnets)
• Should be used to connect public resources to the internet (use NAT gateway for private resources since they need network address translation)
• Route table of the public subnets must be edited to allow requests destined outside the VPC to be routed to the IGW