I wish to make my VPCs subnets accessible from the Internet.
More specifically: traffic from the Internet Gateway (igw-f43c4690) to my subnets must be allowed.
For that I created a Route Table and associated it with my subnets.
Question:
I understand the traffic will be redirected from the Internet Gateway (Target) to the IP range (Destination) - right?
Why must I name a more generic ip range here (0.0.0.0/0
in pic above), than mentioned in the local route?
Why can't I name an IP range, the same as in my subnet, here and then associate the route table with my subnet?
Think of the Route Table as defining where traffic goes when it leaves the subnet. If an Amazon EC2 instance on a subnet wishes to send traffic to a destination on the Internet, the Route Table tells it to go via the Internet Gateway.
The Route Table also controls whether a subnet can receive traffic from the Internet, but it is defined with outgoing rules. That's why the column is called Destination.
Traffic going out of a subnet is evaluated against all the rules in the Route Table, starting with the smallest range of addresses through to the largest range (which is 0.0.0.0/0
). Thus, traffic can be routed through a Virtual Private Gateway, VPC Peering, NAT Gateway, and so on, before it is finally routed to the Internet as a 'catch-all' setting.
Bottom line: Define your outgoing routes and the in-going routes will work just fine.