AWS Subnets & CIDR Blocks

Learn how to organize your VPC network with public and private subnets using CIDR notation.

subnet-config.json

{

"Subnet": {

"Type": "Public",

"CIDR": "10.0.1.0/24"

}

subnet-config.json

1 / 9

🌐

Tutor:Subnets are logical subdivisions of a VPC's IP address range. They allow you to organize your network and control traffic flow. Each subnet must be associated with an Availability Zone.

⭐ 0 EXP

Subnet Mastery

Unlock nodes by learning subnet concepts.

Concept 1: Subnets

Subnets are logical subdivisions of a VPC's IP address range. Public subnets have a route to an Internet Gateway, allowing direct internet access. Private subnets do not have direct internet access and require NAT Gateway for outbound connectivity.

System Check

What is the main difference between public and private subnets?

Private subnets have route to Internet GatewayPublic subnets have route to Internet GatewayBoth have the same routingNeither has internet access

Community Holo-Net

Share Your Subnet Architecture

Configured subnets and CIDR blocks? Share your networking configurations.

Support Us

Subnets (Public vs. Private) & CIDR Blocks

Pascual Vila

Cloud Instructor.

Subnets are logical subdivisions of a VPC's IP address range. They allow you to organize your network and control traffic flow. Public subnets have direct internet access through an Internet Gateway, while private subnets require NAT Gateway or NAT Instance for outbound internet connectivity.

Public Subnets

Public subnets have a route to an Internet Gateway in their route table. This allows resources in public subnets to have direct internet access. Public subnets are typically used for load balancers, NAT Gateways, and bastion hosts.

Private Subnets

Private subnets do not have a route to an Internet Gateway. Resources in private subnets cannot directly access the internet. For outbound internet access, they require a NAT Gateway or NAT Instance. Private subnets are used for application servers, databases, and other resources that should not be directly accessible from the internet.

CIDR Blocks

CIDR (Classless Inter-Domain Routing) blocks define the IP address range for your VPC and subnets. CIDR notation uses IP address and prefix length, like 10.0.0.0/16, where /16 means the first 16 bits are the network portion. Common CIDR blocks include /16 (65,536 IPs), /24 (256 IPs), and /28 (16 IPs). AWS reserves 5 IPs in each subnet, so a /24 subnet has 251 usable IPs.

Subnets & CIDR Blocks Glossary

Subnet: A logical subdivision of a VPC's IP address range. Each subnet must be associated with an Availability Zone and can be either public or private.
Public Subnet: A subnet with a route to an Internet Gateway, allowing resources to have direct internet access. Typically used for load balancers and NAT Gateways.
Private Subnet: A subnet without a route to an Internet Gateway. Resources cannot directly access the internet and require NAT Gateway or NAT Instance for outbound connectivity.
CIDR Block: Classless Inter-Domain Routing notation that defines an IP address range. Format is IP address/prefix length, like 10.0.0.0/16. The prefix length indicates how many bits are used for the network portion.
CIDR Notation: The format for specifying IP address ranges. For example, 10.0.0.0/16 means the first 16 bits are the network portion, leaving 16 bits for host addresses, providing 65,536 total IPs.