menu
Architect's Log: AWS VPC Subnet & Routing Learning

Architect's Log: AWS VPC Subnet & Routing Learning

posted Originally published at www.linkedin.com 2 min read

ARCHITECT’S LOG | Episode 10: Traffic Control inside the VPC

Previously i wrote on AWS VPC Basics, now I'm looking into the Traffic control of AWS VPC.

"A network without subnets is like a house without rooms. You need walls to stay organized and secure."
Last time, we looked at S3, but now we’re heading back into the VPC to talk about the "pipes and wires." Once you’ve defined your private network, the next step is to create Subnets and configure Routing.

Here is how we organize the flow of traffic:

  1. Subnets: Carving the Space ️
    A subnet is a slice of your VPC’s Range of IP addresses, carved from CIDR.
    One AZ Only: While a VPC spans a whole region, a subnet is tied to a single Availability Zone (AZ).

Public vs. Private: This is the big architectural decision.
Public Subnet: Has a direct route to an Internet Gateway (IGW).
Private Subnet: Isolated from the direct internet perfect for databases or backend logic doesn't have an Internet Gateway (IGW).

  1. The Routing Secret Sauce
    How does a subnet know where to send its data? Through a Route Table.
    Every subnet must be associated with a route table.
    For a subnet to be "Public," its route table must have a entry pointing 0.0.0.0/0 (all traffic) to an Internet Gateway. Exactly one route table per subnet.
    Without that specific route, your resources are effectively locked inside the VPC.

  2. Internet Communication
    Even if an instance is in a public subnet, it can’t talk to the world unless it has a Public IPv4 address or an Elastic IP. Think of the subnet as the "road" and the Public IP as the "passport" needed to cross the border.

The Architect’s Take
As an architect, your default should always be Private First. If a resource doesn't need to be reached from the internet, put it in a private subnet. Use public subnets only for your "front door" components like Load Balancers or NAT Gateways. Security starts with smart routing.

Next Episode: We dive into the ultimate security showdown Security Groups vs. NACLs. Which one do you need, and when?

Watch this space every Friday.

Kindly like, share and follow.

More Posts

Why most people quit AWS

Ijay - Feb 3

What Is an Availability Zone Explained Simply

Ijay - Feb 12

Entry-Level Careers You Can Start After Learning AWS

Ijay - Feb 10

AWS Account Locked! How One IAM Mistake Cost Me

Ijay - Mar 18

Can a Non-Technical Person Understand AWS

Ijay - Apr 16
chevron_left

More From Opeyemi Ogunsanya

Architect's Log: AWS S3 Learning

How to Search in VS Code Faster Using Regex (With Examples)

Related Jobs

View all jobs →

Commenters (This Week)

1 comment
1 comment

Contribute meaningful comments to climb the leaderboard and earn badges!