menu
Architect's Log: AWS VPC Subnet & Routing Learning

Architect's Log: AWS VPC Subnet & Routing Learning

1 3 9
calendar_todayschedule2 min read
— Originally published at www.linkedin.com

ARCHITECT’S LOG | Episode 10: Traffic Control inside the VPC

Previously i wrote on AWS VPC Basics, now I'm looking into the Traffic control of AWS VPC.

"A network without subnets is like a house without rooms. You need walls to stay organized and secure."
Last time, we looked at S3, but now we’re heading back into the VPC to talk about the "pipes and wires." Once you’ve defined your private network, the next step is to create Subnets and configure Routing.

Here is how we organize the flow of traffic:

  1. Subnets: Carving the Space ️
    A subnet is a slice of your VPC’s Range of IP addresses, carved from CIDR.
    One AZ Only: While a VPC spans a whole region, a subnet is tied to a single Availability Zone (AZ).

Public vs. Private: This is the big architectural decision.
Public Subnet: Has a direct route to an Internet Gateway (IGW).
Private Subnet: Isolated from the direct internet perfect for databases or backend logic doesn't have an Internet Gateway (IGW).

  1. The Routing Secret Sauce
    How does a subnet know where to send its data? Through a Route Table.
    Every subnet must be associated with a route table.
    For a subnet to be "Public," its route table must have a entry pointing 0.0.0.0/0 (all traffic) to an Internet Gateway. Exactly one route table per subnet.
    Without that specific route, your resources are effectively locked inside the VPC.

  2. Internet Communication
    Even if an instance is in a public subnet, it can’t talk to the world unless it has a Public IPv4 address or an Elastic IP. Think of the subnet as the "road" and the Public IP as the "passport" needed to cross the border.

The Architect’s Take
As an architect, your default should always be Private First. If a resource doesn't need to be reached from the internet, put it in a private subnet. Use public subnets only for your "front door" components like Load Balancers or NAT Gateways. Security starts with smart routing.

Next Episode: We dive into the ultimate security showdown Security Groups vs. NACLs. Which one do you need, and when?

Watch this space every Friday.

Kindly like, share and follow.

2 Comments

nice breakdown , how do you usually decide between SGs vs NACLs in real setups?

1 vote

@[Darkbee] follow me to read about that in next episode

1
🔥 Join developers growing publicly
Share your knowledge, build in public, and grow your developer presence with a global community.
Join CoderLegion

More Posts

10 Proven Ways to Cut Your AWS Bill

rogo032 - Jan 16

How to Reduce Your AWS Bill by 50%

rogo032 - Jan 27

AWS Certifications Are a Building Block, Not the Final Destination

Ijay - Jun 16

Learn AWS for Free Hands On Without Getting Charged

Ijay - Feb 24

3 Ways to Configure Resources in Terraform

Ijay - Apr 14
chevron_left
Opeyemi Ogunsanya
759 Points13 Badges
opeyemiweb.dev
4Posts
3Comments
2Connections

More From Opeyemi Ogunsanya

Architect's Log: Building the Bridges

Architect's Log: AWS S3 Learning

How to Search in VS Code Faster Using Regex (With Examples)

Related Jobs

View all jobs →

Commenters (This Week)

2 comments
1 comment

Contribute meaningful comments to climb the leaderboard and earn badges!