> ## Documentation Index
> Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Subnets
> This article explains AWS subnets, their types, requirements, and configuration considerations within a Virtual Private Cloud.
In AWS, a **subnet** is a contiguous range of IP addresses within a Virtual Private Cloud (VPC). Each subnet resides in a single Availability Zone (AZ) and determines where resources—such as EC2 instances—are placed. Selecting a subnet implicitly chooses the AZ for those resources, enabling high availability and fault isolation.
## What Is an AWS Subnet?
* A subnet’s CIDR block must be a subset of its VPC’s CIDR block.
* AWS supports subnet sizes from `/16` (65,536 IPs) down to `/28` (16 IPs).
* You distribute subnets across multiple AZs to increase resilience.
Example:
* Subnet A: `192.168.10.0/24` in `us-east-1a`
* Subnet B: `192.168.20.0/24` in `us-east-1b`
By spreading workloads across AZs, you achieve higher availability and withstand AZ-level failures.
## Public vs. Private Subnets
| Subnet Type | Route Target | Typical Use Cases |
| ----------- | ---------------- | ------------------------------ |
| Public | Internet Gateway | Web servers, load balancers |
| Private | NAT Gateway | Databases, application servers |
* Public subnets have a route to an Internet Gateway (IGW) for direct internet access.
* Private subnets use a NAT Gateway (or NAT instance) for outbound internet connectivity without exposing resources to inbound traffic.
Configure route tables to associate subnets with the IGW or NAT Gateway as needed.
## Subnet Requirements
1. **CIDR containment**\
Your subnet’s CIDR must lie within the VPC’s CIDR block.
* Valid: VPC `192.168.0.0/16`, Subnet `192.168.10.0/24`
* Invalid: VPC `192.168.0.0/16`, Subnet `10.100.1.0/24`
2. **Reserved IP addresses**\
AWS reserves five IPs in each subnet:
| Address Offset | Purpose |
| -------------- | ----------------- |
| `.0` | Network address |
| `.1` | VPC router |
| `.2` | DNS |
| `.3` | AWS future use |
| `/.last` | Broadcast address |
3. **Size constraints**
* Minimum: `/28` (16 IPs)
* Maximum: `/16` (65,536 IPs)
## Configuration Considerations
* No overlapping CIDRs within the same VPC. Overlapping is only permitted across distinct VPCs.
Defining overlapping CIDR blocks in the same VPC causes route conflicts and deployment failures.
Example of an invalid overlap:
```text theme={null}
10.16.0.0/24
10.16.0.128/25
```
* IPv6 support: You can associate a `/56` IPv6 CIDR block with your VPC. Subnets may be configured as:
* IPv4 only
* IPv6 only
* Dual-stack (IPv4 + IPv6)
* Default communication: All subnets in a VPC can communicate without extra route entries.
* **Auto-assign public IP**: Enabling this on a subnet ensures every instance launched receives a public IPv4/IPv6 address in addition to its private IP.
## Summary
* Subnets are AZ-scoped IP ranges within a VPC.
* Choose public or private routing by using an Internet Gateway or NAT Gateway.
* Support for IPv4, IPv6, or dual-stack.
* CIDR blocks must be non-overlapping and nested within the VPC’s CIDR.
## Links and References
* [Amazon VPC Concepts](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html)
* [NAT Gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html)
* [IPv6 in Amazon VPC](https://docs.aws.amazon.com/vpc/latest/userguide/ipv6.html)