amazon-web-servicesroutesamazon-vpcroutetable

Understanding AWS route-tables - cannot create a more specific route


I wish to make my VPCs subnets accessible from the Internet.

More specifically: traffic from the Internet Gateway (igw-f43c4690) to my subnets must be allowed.

For that I created a Route Table and associated it with my subnets.

enter image description here

Question:

I understand the traffic will be redirected from the Internet Gateway (Target) to the IP range (Destination) - right?

Why must I name a more generic ip range here (0.0.0.0/0 in pic above), than mentioned in the local route?

Why can't I name an IP range, the same as in my subnet, here and then associate the route table with my subnet?

enter image description here


Solution

  • Think of the Route Table as defining where traffic goes when it leaves the subnet. If an Amazon EC2 instance on a subnet wishes to send traffic to a destination on the Internet, the Route Table tells it to go via the Internet Gateway.

    The Route Table also controls whether a subnet can receive traffic from the Internet, but it is defined with outgoing rules. That's why the column is called Destination.

    Traffic going out of a subnet is evaluated against all the rules in the Route Table, starting with the smallest range of addresses through to the largest range (which is 0.0.0.0/0). Thus, traffic can be routed through a Virtual Private Gateway, VPC Peering, NAT Gateway, and so on, before it is finally routed to the Internet as a 'catch-all' setting.

    Bottom line: Define your outgoing routes and the in-going routes will work just fine.