Adding Subnets to AWS VPC | Overview & Hands-On.

Adding Subnets to AWS VPC - Overview & Hands-On.

Scope:

• Intro,
• Using the AWS Management Console,
• Alternative Methods,
• Link to documentation,
• Core Concepts Recap & Description,
• Subnet Design Planning (Plan Before creating subnets),
• Methods to Add Subnets (deep dive),
• Using AWS Management Console (deep dive),
• Using AWS CLI to  Create subnet (CLI Sample),
• Using Infrastructure as Code (Terraform Sample) deep dive,
• Using CloudFormation (YAML Sample) Deep dive,
• Route Table Considerations (Subnet Type, Default Route & Target),
• Security & Access Considerations,
• Best Practices,
• Visual Summary Diagram,
• Project: Hands-On.

Intro:

Using the AWS Management Console:

• To add a subnet to an existing Amazon VPC, follow these steps using the AWS Management Console:
• Navigate to the VPC Dashboard and select Subnets from the left sidebar.
• Click Create subnet.
• VPC ID: Choose the target VPC where you want to add the subnet.
• Subnet settings:Subnet name: Enter a descriptive name (e.g., "Private-Subnet-App").
• Availability Zone: twtech Chooses a specific zone or let AWS select one for it.
• IPv4 CIDR block: twtech Enters a range that falls within its VPC's CIDR block and does not overlap with existing subnets (e.g., 10.0.2.0/24).
• Click Create subnet at the bottom of the page. 

Alternative Methods

• AWS CLI: Use the create-subnet command:
• aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.1.0/24.
• Terraform: Define an aws_subnet resource in twtech configuration.
• CloudFormation: Use the AWS::EC2::Subnet resource type in twtech template.
• Terraform Registry

NB:

• After creation, remember to associate the subnet with a Route Table to define its internet access (Public vs. Private). 

Link to documentation:

https://docs.aws.amazon.com/vpc/latest/userguide/create-subnets.html

 1. Core Concepts Recap & Description.

Concept	Description
VPC (Virtual Private Cloud)	A logically isolated section of AWS where twtech defines IP ranges, subnets, routing, etc.
Subnet	A range of IP addresses in twtech VPC. Subnets are tied to a single Availability Zone (AZ).
Public Subnet	A subnet that routes traffic to an Internet Gateway (IGW).
Private Subnet	A subnet without a direct route to the Internet; outbound access is via NAT Gateway or Transit Gateway.
Subnet CIDR	Each subnet has its own CIDR block (subset of the VPC CIDR). For example: VPC = 10.0.0.0/16; Subnet = 10.0.1.0/24.

 2. Subnet Design Planning (Plan Before creating subnets):

1. VPC CIDR range: e.g., 10.0.0.0/16
2. Number of AZs: Typically 2–3 for high availability.
3. Subnet segmentation:
• Public subnets (for ALBs, bastion hosts)
• Private subnets (for app servers)
• Isolated subnets (for databases)
4. CIDR allocations:
• 10.0.1.0/24 → Public Subnet in AZ-A
• 10.0.2.0/24 → Public Subnet in AZ-B
• 10.0.3.0/24 → Private Subnet in AZ-A
• 10.0.4.0/24 → Private Subnet in AZ-B

 3. Methods to Add Subnets (deep dive)

A. Using AWS Management Console (deep dive)

1. Go to VPC → Your VPCs → Select VPC → Subnets → Create subnet.
2. Choose:
• VPC ID (e.g., vpc-123abc)
• Subnet name (e.g., Public-Subnet-A)
• Availability Zone (e.g., us-east-1a)
• CIDR block (e.g., 10.0.1.0/24)
3. Repeat for other subnets.
4. (Optional) Edit Route Tables:
• Public subnet route: 0.0.0.0/0 → igw-xxxx
• Private subnet route: 0.0.0.0/0 → nat-xxxx (NAT Gateway)

B. Using AWS CLI to  Create subnet (deep dive),

# bash

aws ec2 create-subnet \

  --vpc-id vpc-123abc \

  --cidr-block 10.0.1.0/24 \

  --availability-zone us-east-2a \

  --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=twtech-Public-Subnet-A}]'

# Optional: Modify route table for public subnet

# bash

aws ec2 associate-route-table \

  --subnet-id subnet-abc123 \

  --route-table-id twtech-rtb-public

C. Using Infrastructure as Code (Terraform Sample) deep dive

# hashicorp-configuration-languaga.hcl

# hcl 

resource "aws_subnet" "twtech-public-subnet_a" {

  vpc_id                  = aws_vpc.main.id

  cidr_block              = "10.0.1.0/24"

  availability_zone       = "us-east-2a"

  map_public_ip_on_launch = true

  tags = {

    Name = "twtech-Public-Subnet-A"

  }

}

resource "aws_route_table_association" "twtech-public-subnet_a" {

  subnet_id      = aws_subnet.public_a.id

  route_table_id = aws_route_table.public.id

}

D. Using CloudFormation (YAML Sample) Deep dive

# yaml

PublicSubnetA:

  Type: AWS::EC2::Subnet

  Properties:

    VpcId: !Ref twtech-VPC

    CidrBlock: 10.0.1.0/24

    AvailabilityZone: us-east-2a

    MapPublicIpOnLaunch: true

    Tags:

      - Key: Name

        Value: twtech-Public-Subnet-A

 4. Route Table Considerations (Subnet Type, Default Route & Target)

Subnet Type	Default Route	Target
Public	0.0.0.0/0	Internet Gateway
Private	0.0.0.0/0	NAT Gateway
Isolated	None	—

 5. Security & Access Considerations

• Network ACLs (NACLs): Optional stateless layer; typically leave default unless advanced control needed.
• Security Groups: Attach to EC2, ENIs, or ALBs for instance-level control.
• Public vs Private IP assignment: Controlled by map_public_ip_on_launch.

 6. Best Practices

✅   Always create subnets across multiple AZs for high availability (HA).
✅   Keep CIDR blocks non-overlapping.
✅   Tag subnets clearly (e.g., env, tier, az).
✅   Enable VPC Flow Logs for auditing.
✅   Avoid /32 or /30 subnets —Because  AWS reserves 5 IPs per subnet.
✅   For large environments, use subnet tiers (public/app/db).
✅   Use NAT Gateways in each AZ for failover.

7. Visual Summary Diagram

Project: Hands-On

• How twtech creates Subnets for its Custom VPC.
• Search for aws service: VPC

• Filter (select) the VPC to add subnets to: twtechvpc

• Create subnet:

• Adding Public subnets in AZ-A: twtechPublicSubnetA

• Adding more Public subnets in AZ-A : twtechPublicSubnetA

• Adding Private subnets in AZ-B: twtechPublicSubnetB

• Adding more Private subnets in AZ-B: twtechPrivateSubnetB

• Create subnet: