Subnets and Availability Zones

A VPC spans an entire AWS Region. Subnets, however, live inside a single Availability Zone (AZ).

This design is intentional.

A subnet is a subdivision of your VPC CIDR block. For example:

• VPC: 10.0.0.0/16
• Subnet A: 10.0.1.0/24
• Subnet B: 10.0.2.0/24

Each subnet provides 256 IP addresses when using /24.

Why subnets matter architecturally:

• They segment workloads.
• They define failure domains (because they belong to a single AZ).
• They determine routing behavior.

High availability in AWS is achieved by distributing resources across multiple AZs. That means:

• At least two public subnets in different AZs.
• At least two private subnets in different AZs.

Production insight:

• Never deploy all resources in one AZ.
• Use small subnet blocks for workload isolation.
• Reserve space for future services (databases, internal services, containers).

Public vs Private Subnets:

A subnet becomes “public” when it has a route to an Internet Gateway. A subnet is “private” when it does not.

The subnet itself does not inherently know whether it is public or private. Routing defines that behavior.

Subnets and Availability Zones

Question 1 of 2

0/2

Why do subnets belong to a single Availability Zone?

For cost optimizationFor failure isolationFor faster DNSFor IAM control

Back

Submit

In this section, I learned:

0 of 4 completed

What a subnet isHow subnets relate to Availability ZonesWhy multi-AZ design mattersHow routing determines public vs private subnets