The Route table and Network ACL tabs allow you to view the associated route table and NACL with the subnet and make changes as necessary.
The following screenshot shows a default route (local) with another route pointing to the NAT gateway. The NAT gateway handles internet requests (0.0.0.0/0) for this private subnet.
Figure 10.11: The Route table screen for the subnet
In the following Network ACL tab, which is the tab after the previously shown Route table tab, you will see two rules, including a default rule denying all traffic to the subnet that doesn’t meet any other rules in the access control list. NACLs are covered in more detail in a later section of this chapter titled The Role of NACLs in VPC Security.
It’s worth pointing out that a subnet can only be associated with a single NACL and a single route table, but multiple subnets can share the same NACL and route table. The topics of route tables and NACLs will have more coverage as you go further through the chapter.
The CIDR Reservations tab shows any blocks of IP addresses that you have set aside so that Amazon cannot assign them to your network interfaces. Any reservations that you have in place currently that fall into that subnet’s CIDR range will be shown in the tab.
In the Sharing tab, you are shown which accounts you are currently sharing your subnet with. This tab also allows you to share the subnet you are on with another account in your organization using Resource Access Manager.
If you would like to read more on how Resource Access Manager can be used with microservices architectures and Network Load Balancers, AWS has published an article that you can read at the following address: https://packt.link/b5XHV.
The Tags tab allows you to use key-value pairs to categorize and organize your subnets. You can see from the screenshot provided in Figure 10.12 that, in addition to the name of the subnet, some automated tags have been added to this subnet since it was created using CloudFormation.
Figure 10.12: The Tags screen for the subnet
You should have more than a basic understanding of the components that make up a VPC subnet and how to navigate those components on the AWS Management Console. The next section discusses the component of your VPC that helps move the packets to the correct locations: route tables.
Route tables provide a way of directing network traffic to the appropriate locations. When a route table packet leaves a subnet, it needs to determine how to reach its destination and uses the route table to find that route.
Whenever a new VPC is created, by default, a main route table is also created and will typically look as shown in the following screenshot if the VPC has been created from scratch:
Figure 10.13: Main route table of a VPC
It is very basic and will contain a single route. This local route allows every subnet created within the VPC to route to each other. This main route table can’t be deleted. However, you can modify it and add routes as and when needed.
You aren’t just limited to this single route table for your VPCs, as you saw when creating the new VPC from the CloudFormation template. You can create additional route tables and associate those different route tables with different subnets. Every route table you create will always have this default local route.
The route table comprises several different tabs, just like the subnets, which are discussed in detail in the following subsections.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
