What it is: A smaller network segment inside a VPC, mapped to a single Availability Zone.

What it’s for:

• Organize resources by exposure level (public/private).
• Spread across AZs for high availability.

Key ideas:

• Best practice: create at least 2 subnets in 2 AZs.
• A subnet becomes “public” or “private” mainly by its route table:
  • Public subnet has a route to IGW.
  • Private subnet does not; it may route to NAT for outbound internet.

Exam cues:

• “subnet per AZ” → typical HA design.
• “place DB in private subnet” → DB not directly reachable from internet.

Hard words:

• *segment* /ˈseɡmənt/: phân đoạn
• *mapped* /mæpt/: ánh xạ/gắn với
• *exposure* /ɪkˈspoʊʒər/: mức độ lộ ra ngoài

Child pages:

• Public Subnet
• Private Subnet