VPC Components: Part I
Build on your understanding of VPCs by learning about their features and components.
We'll cover the following...
Subnets
A subnet is a range of IP addresses in a VPC that’s dedicated to a single AZ. We can launch resources like EC2 instances and AWS Lambda functions in a specific subnet.
- A subnet spans a single AZ.
- When creating a subnet, we specify a subset of the VPC CIDR range to be used as the subnet CIDR range.
- The first four and the last IP addresses (five in total) of a CIDR in subnets are reserved by AWS and can’t be assigned to the resources in the subnet. For example, for a subnet with CIDR 192.168.0.0/24, the following IP addresses are reserved:
- 192.168.0.0: Network address
- 192.168.0.1: Used for VPC router
- 192.168.0.2: Used as the IP address of the DNS server
- 192.168.0.3: Reserved for future use
- 192.168.0.255: Network broadcast address
- The first four and the last IP addresses (five in total) of a CIDR in subnets are reserved by AWS and can’t be assigned to the resources in the subnet. For example, for a subnet with CIDR 192.168.0.0/24, the following IP addresses are reserved:
Note: A VPC router is a logical router in AWS that’s part of every VPC. AWS uses this logical device in the background, and we, as users, never interact with it. It shouldn’t be confused with route tables.
The following illustration shows an AWS Region with two AZs (AZ-A, AZ-B) and two VPCs (VPC 1, VPC 2). Notice that the VPC spans both AZs and has a public and private subnet in each.
Internet gateway
An internet gateway is a highly scalable, redundant, and available VPC component that allows communication between resources in a VPC and services and resources in other VPCs and the internet. We can have only one internet gateway per VPC.
An internet gateway doesn’t scale in the traditional sense of adding more instances. Instead, it’s inherently designed to handle a vast amount of traffic (automatic scaling) without requiring explicit scaling actions by the user.
Note: Creating an internet gateway doesn’t automatically give internet access to all resources in the VPC. To enable internet access for resources in a VPC, we must configure the associated subnets and route tables to route traffic through the internet gateway. For more details, refer to the section at the end of this lesson titled “How can we enable an internet connection for a subnet?”
Egress-only internet gateways
An ...