Subnets & CIDR

A VPC (Virtual Private Cloud) is your house. Subnets are the rooms. You decide which rooms have windows (Public) and which are locked vaults (Private).

🔪 Understanding the "Slice" (CIDR)

/16 vs /24

CIDR notation defines the size. /16 is huge (65,536 IPs). /24 is standard (256 IPs). /32 is just one IP.

VPC (/16) - The Whole Cake

10.0.0.0/16

Subnets (/24) - The Slices

10.0.1.0

10.0.2.0

10.0.3.0

...

Public vs Private

Public: Has a Route Table pointing to an Internet Gateway (IGW).
Private: Has NO route to IGW. It uses a NAT Gateway to talk out, but nothing can talk in.

🕹️ Subnet Architect Simulator

Mission: Drag the items to the correct zone.
⚠️ Putting a Database in Public is a Security Risk. Putting a Load Balancer in Private makes it Unreachable.

Infrastructure Queue

🌐

Web Server

Needs Internet Access

🗄️

Main Database

Holds User Passwords

⚖️

Load Balancer

Entry Point for Users

🔑

Secret Keys

Top Secret Storage

Drag items to the map ➔

VPC (10.0.0.0/16)

Public Subnet (10.0.1.0/24)

Connected to Internet (IGW)

Private Subnet (10.0.2.0/24)

✅

Secure!

Correct placement.

❓ Common Questions

How many IPs do I actually get?

In a /24 (256 IPs), AWS reserves 5 IPs. So you actually get 251 usable IPs.

What is a NACL?

Network Access Control List. It's a firewall for the Subnet itself (the building door), whereas Security Groups are firewalls for the Instance (the apartment door).