Defining networks in a VPC

Within a VPC, we define a network and then we split the network down into one or several subnets. For instance, a network with the 10.0.0.0/16 address can have two /17 subnets, where the first one has the 10.0.0.0/17 address with host addresses from 10.0.0.0 to 10.0.127.255 and the second subnet has the address 10.0.128.0/17 with host addresses of 10.0.128.0–10.0.255.255. The following best practices should be followed when creating a VPC:

• Make sure to size the network appropriately so that it can support the correct number of both private and public subnets
• A /16 network is usually recommended as it is the largest logical network that can be created and gives us the most flexibility with defining subnets
• Make sure to size your subnets correctly, as once the network and the subnets are defined, they cannot be changed
• Subnets of size /24 or larger are usually recommended so that they can support the correct number of instance IP addresses
• Separate subnets into public and private according to the role of the services within the subnet
• Secure instances within the same group with the same security group
• Use ACLs to achieve granular control over network security and traffic flows