What is it?

• VPC Subnets are subdivisions of a VPC, allowing you to segment your AWS network logically. A subnet defines a range of IP addresses in the VPC where you can place resources like EC2 instances.
• Subnets are either public (can access the internet) or private (isolated from direct internet access).

Key Concept:

• CIDR Block: Each subnet is associated with a specific IP range (CIDR block) within the larger VPC.
• Public and Private Subnets: Public subnets are connected to the Internet through an Internet Gateway, while private subnets do not have direct Internet access.
• Availability Zones (AZs): Each subnet is mapped to one Availability Zone, offering high availability by distributing resources across multiple AZs.
• Routing Tables: Subnets rely on routing tables to direct traffic. Public subnets route through the Internet Gateway, and private subnets often route through a NAT Gateway for external traffic.

Important Points:

1. Fixed CIDR Block: Once you assign a CIDR block to a subnet, it cannot be changed, so careful planning is important.
2. Subnet Size: Choose the size of your subnet based on the number of IP addresses you need (e.g., /24 gives 256 IP addresses).
3. Isolation: Resources in private subnets cannot be accessed from the internet unless explicitly configured (via a NAT Gateway or VPN).
4. Communication Between Subnets: Resources within the same VPC (and across subnets) can communicate directly unless restricted by Security Groups or Network ACLs.
5. NAT Gateway: Use a NAT Gateway in a public subnet to allow private subnets to initiate outbound internet connections while remaining isolated from inbound traffic.
6. Elastic IPs: Only public subnets can use Elastic IPs to give resources a static, public-facing IP address.

Best Practices / Best Used For:

1. Separate Public and Private Subnets: Use public subnets for resources that need internet access (e.g., web servers) and private subnets for internal resources (e.g., databases).