Subnetting in AWS: VPC Guide

When you create a VPC in AWS, you choose a CIDR block — and then divide it into subnets. Let's walk through AWS VPC subnetting.

Choosing Your VPC CIDR Block

Common VPC CIDR blocks:

10.0.0.0/16     - Most common, plenty of room
172.16.0.0/12    - Classic, from Cisco world
192.168.0.0/16   - Home network style

Recommendation: Use 10.0.0.0/16. It's large enough (/16 = 65,534 hosts) and standard for AWS.

Subnet Types in AWS

Public Subnets

Private Subnets

Standard VPC Architecture

VPC: 10.0.0.0/16

Public Subnets (one per AZ):
- 10.0.1.0/24    (us-east-1a)
- 10.0.2.0/24    (us-east-1b)
- 10.0.3.0/24    (us-east-1c)

Private Subnets (one per AZ):
- 10.0.10.0/24   (us-east-1a)
- 10.0.20.0/24   (us-east-1b)
- 10.0.30.0/24   (us-east-1c)

Database Subnets:
- 10.0.100.0/24  (us-east-1a)
- 10.0.110.0/24  (us-east-1b)
- 10.0.120.0/24  (us-east-1c)

Each Availability Zone gets one of each subnet type for high availability.

Subnet Sizing for AWS

Avoid the temptation of using /16 for every subnet. Better to allocate smaller subnets:

You won't hit these limits, but you leave room to grow.

Key AWS Subnet Rules

• Subnets can't overlap: Each subnet has unique IP range
• One AZ per subnet: Don't put two subnets in same AZ for HA
• Reserve 5 IPs: AWS reserves 5 per subnet (first 4 + last 1)

For 10.0.1.0/24:
10.0.1.0      - Network
10.0.1.1      - Router (reserved)
10.0.1.2      - DNS (reserved)
10.0.1.3       - Future use
...
10.0.1.255     - Broadcast

What About /28? Some People Recommend It

A /28 gives you 16 IPs, but only 11 are usable after AWS reserves 5. That's tight for anything but tiny workloads.

Our recommendation: Use /24 for most subnets. It's simple, consistent, and gives you 251 usable hosts.

← Back to Blog | Privacy Policy | Contact Us