Ref: https://learn.cantrill.io/courses/1820301/lectures/41301349

DEMO: https://learn.cantrill.io/courses/1820301/lectures/41301350

• Summary
• Contents:

VPC Subnet - Key Concepts

• 🔧 Definition: a subnetwork of a VPC within a single AZ
  • ❗ VPC subnets are where private AWS services/resources are deployed and run
  • The structure, functionality and resilience of a VPC is determined by its subnets
• Color code in AWS VPC structures/diagrams:
  • Blue = private subnet (default)
  • Green = public subnet
    • Extra configuration is needed to make a private subnet become public
• AZ-resilient: if an AZ fails, that subnet fails → all services in that subnet fail
  • ‼️ When designing a HA system, we need to make sure to spread services in multiple subnets/AZs so that failure of one AZ doesn't automatically mean failure of the whole system!
  • A subnet is in 1 AZ
    • ‼️ The AZ of a subnet can never be changed!
  • An AZ can have 0+ subnets
• ❗ Subnets can communicate with other subnets in the VPC by default
  • Isolation of the VPC is at the perimeter of the VPC
  • Inside a VPC there's free communication

VPC Subnet - IP Addressing

• Subnet IPv4 CIDR
  • Used by default
  • Is a subset of the VPC IPv4 CIDR
• Subnet IPv6 CIDR
  • Optional
  • ❗ Only available if VPC IPv6 CIDR exists
  • Is a /64 subset of the VPC IPv6 /56 CIDR → the VPC has space for 256 IPv6 subnets
• ❗ Subnet CIDRs can't overlap with CIDRs of other subnets!
• IP allocation options for a subnet:
  • Auto Assign Public IPv4
    • resources in the subnet are automatically assigned a public IPv4 address (in addition to a private IPv4 in the subnet, which happens always)
    • necessary step to make subnet public
  • Auto Assign IPv6
    • resources in the subnet are automatically assigned an IPv6 address
• ❗ 5 IP addresses (3 AWS specific and 2 NW-specific) are reserved in every subnet.
  • Using 10.16.16.0/20 as an example CIDR:
    1. Network address = Base IP address of a NW: first IP in the subnet → 10.16.16.0 (not exclusive to AWS, this is in any Internet Protocol NW)
    2. VPC router: Network + 1 → 10.16.16.1 - The VPC router moves traffic between subnets as well as in and out of the VPC if configured to allow that. It has a subnet interface in each subnet, and this is its reserved address.
    3. DNS (R53) server: Network + 2 → 10.16.16.2
       • ❗ Reserved whether DNS is enabled in the subnet or not!
    4. Reserved for Future Use: Network + 3 → 10.16.16.3
    5. Broadcast address: last IP in the subnet → 10.16.31.255 (Even if broadcasting is not supported in Amazon VPC, the address is reserved regardless - applies for any Internet Protocol NW)
  • ‼️ If a subnet has 16 addresses, it actually only has 16-5=11 usable addresses!!
    • Important to consider when configuring many small subnets

DHCP Options Set

• 🔧 DHCP = Dynamic Host Configuration Protocol → protocol that automatically assigns IP addresses to hosts