menu
Architect's Log: AWS VPC Subnet & Routing Learning

Architect's Log: AWS VPC Subnet & Routing Learning

posted Originally published at www.linkedin.com 2 min read

ARCHITECT’S LOG | Episode 10: Traffic Control inside the VPC

Previously i wrote on AWS VPC Basics, now I'm looking into the Traffic control of AWS VPC.

"A network without subnets is like a house without rooms. You need walls to stay organized and secure."
Last time, we looked at S3, but now we’re heading back into the VPC to talk about the "pipes and wires." Once you’ve defined your private network, the next step is to create Subnets and configure Routing.

Here is how we organize the flow of traffic:

  1. Subnets: Carving the Space ️
    A subnet is a slice of your VPC’s Range of IP addresses, carved from CIDR.
    One AZ Only: While a VPC spans a whole region, a subnet is tied to a single Availability Zone (AZ).

Public vs. Private: This is the big architectural decision.
Public Subnet: Has a direct route to an Internet Gateway (IGW).
Private Subnet: Isolated from the direct internet perfect for databases or backend logic doesn't have an Internet Gateway (IGW).

  1. The Routing Secret Sauce
    How does a subnet know where to send its data? Through a Route Table.
    Every subnet must be associated with a route table.
    For a subnet to be "Public," its route table must have a entry pointing 0.0.0.0/0 (all traffic) to an Internet Gateway. Exactly one route table per subnet.
    Without that specific route, your resources are effectively locked inside the VPC.

  2. Internet Communication
    Even if an instance is in a public subnet, it can’t talk to the world unless it has a Public IPv4 address or an Elastic IP. Think of the subnet as the "road" and the Public IP as the "passport" needed to cross the border.

The Architect’s Take
As an architect, your default should always be Private First. If a resource doesn't need to be reached from the internet, put it in a private subnet. Use public subnets only for your "front door" components like Load Balancers or NAT Gateways. Security starts with smart routing.

Next Episode: We dive into the ultimate security showdown Security Groups vs. NACLs. Which one do you need, and when?

Watch this space every Friday.

Kindly like, share and follow.

Opeyemi Ogunsanya
759 Points13 Badges1 3 9
opeyemiweb.dev
4Posts
3Comments
2Followers
2Connections
Build your own developer journey
Track progress. Share learning. Stay consistent.
Create your profile

2 Comments

nice breakdown , how do you usually decide between SGs vs NACLs in real setups?

1 vote

@[Darkbee] follow me to read about that in next episode

1
🔥 Join developers growing publicly
Share your knowledge, build in public, and grow your developer presence with a global community.
Join CoderLegion

More Posts

10 Proven Ways to Cut Your AWS Bill

rogo032 - Jan 16

How to Reduce Your AWS Bill by 50%

rogo032 - Jan 27

Learn AWS for Free Hands On Without Getting Charged

Ijay - Feb 24

3 Ways to Configure Resources in Terraform

Ijay - Apr 14

Architect's Log: Building the Bridges

Opeyemi Ogunsanya - May 8
chevron_left

More From Opeyemi Ogunsanya

Architect's Log: Building the Bridges

Architect's Log: AWS S3 Learning

How to Search in VS Code Faster Using Regex (With Examples)

Related Jobs

View all jobs →

Commenters (This Week)

4 comments
1 comment

Contribute meaningful comments to climb the leaderboard and earn badges!