A subnet is a segment of the IP address range that you use when provisioning your Amazon VPC. It directly provides the active network range to the AWS resources that may run within it, such as Amazon EC2 and Amazon RDS (Amazon Relational Database Service). Subnets are identified through CIDR blocks (e.g., 10.0.1.0/24 and 192.168.0.0/24), and the subnet’s CIDRs must be within the VPC’s CIDR.
An Availability Zone (AZ) is a single or multi-data center located within a Region and identified based on geographical location. Within an AZ, there can be one or more subnets. However, a subnet can only reside in a single AZ and cannot extend to other AZs.
Subnets are categorized as:
Regardless of the subnet type, the internal IP addresses within the subnet are always private, meaning they cannot be directly connected to from outside the Internet.
When selecting CIDR for subnets, consider the number of IPs needed for allocated resources (such as EC2, Lambda, etc.). For example, creating a subnet with 10.0.1.0/24 allows for 256 IPs, excluding AWS’s 5 reserved IPs, leaving 251 available IPs. Plan the quantity of subnets to be created in the future for easy management.
Utilize subnetting tools.