A subnet is a range of IP addresses in a VPC that’s dedicated to a single AZ. We can launch resources like EC2 instances and AWS Lambda functions in a specific subnet.

  • A subnet spans a single AZ.
  • When creating a subnet, we specify a subset of the VPC CIDR range to be used as the subnet CIDR range.
    • The first four and the last IP addresses (five in total) of a CIDR in subnets are reserved by AWS and can’t be assigned to the resources in the subnet. For example, for a subnet with CIDR, the following IP addresses are reserved:
      • Network address
      • Used for VPC router
      • Used as the IP address of the DNS server
      • Reserved for future use
      • Network broadcast address

Note: A VPC router is a logical router in AWS that’s part of every VPC. AWS uses this logical device in the background, and we, as users, never interact with it. It shouldn’t be confused with route tables.

The following illustration shows an AWS Region with two AZs (AZ-A, AZ-B) and two VPCs (VPC 1, VPC 2). Notice that the VPC spans both AZs and has a public and private subnet in each.

Get hands-on with 1200+ tech skills courses.