VPC route tables

5 minutes 5 Questions

VPC route tables are fundamental components in Amazon Virtual Private Cloud (VPC) that control how network traffic is directed within your AWS environment. Every VPC automatically comes with a main route table, and you can create custom route tables for more granular traffic management. A route ta…

VPC Route Tables - Complete Guide for AWS SysOps Administrator Associate

What are VPC Route Tables?

A Route Table is a set of rules, called routes, that determine where network traffic from your subnets or gateway is directed within your Amazon Virtual Private Cloud (VPC). Every VPC automatically comes with a main route table that you can modify, and you can create additional custom route tables.

Why are Route Tables Important?

Route tables are fundamental to VPC networking because they:
• Control traffic flow between subnets, the internet, and other AWS services
• Enable you to create public and private subnets
• Allow connectivity to on-premises networks through VPN or Direct Connect
• Support VPC peering connections and Transit Gateway attachments
• Provide security by restricting traffic paths

How Route Tables Work

Key Components:

1. Destination - The range of IP addresses (CIDR block) where you want traffic to go
2. Target - The gateway, network interface, or connection through which to send the destination traffic

Route Table Types:

• Main Route Table - Automatically created with your VPC; applies to subnets not explicitly associated with another route table
• Custom Route Tables - Created by you for specific routing requirements

Common Targets:

• local - For communication within the VPC (automatically added, cannot be modified)
• Internet Gateway (igw-xxx) - For internet access
• NAT Gateway (nat-xxx) - For private subnet internet access
• Virtual Private Gateway (vgw-xxx) - For VPN connections
• VPC Peering Connection (pcx-xxx) - For peered VPC communication
• Transit Gateway (tgw-xxx) - For centralized routing
• Network Interface (eni-xxx) - For routing through specific instances

Route Priority and Selection

AWS uses the most specific route that matches the traffic. For example:
• 10.0.1.0/24 takes precedence over 10.0.0.0/16
• More specific CIDR blocks always win

Public vs Private Subnets

• Public Subnet: Route table has a route to an Internet Gateway (0.0.0.0/0 → igw-xxx)
• Private Subnet: Route table has NO route to an Internet Gateway; may route to NAT Gateway for outbound internet

Route Propagation

Route propagation allows a virtual private gateway to automatically propagate routes to route tables. This is useful for VPN and Direct Connect scenarios where you want on-premises routes to appear automatically.

Gateway Route Tables

You can associate a route table with an internet gateway or virtual private gateway. This enables you to route incoming traffic to specific network interfaces, useful for security appliances inspection.

Exam Tips: Answering Questions on VPC Route Tables

Key Points to Remember:

1. Every subnet must be associated with a route table - If not explicitly associated, it uses the main route table

2. The local route is mandatory - You cannot delete or modify the local route; it enables intra-VPC communication

3. Most specific route wins - When multiple routes match, AWS selects the route with the most specific CIDR

4. Public subnet = Internet Gateway route - If asked what makes a subnet public, the answer involves having a route to an IGW

5. One route table per subnet - A subnet can only be associated with one route table at a time, but one route table can be associated with multiple subnets

6. Route propagation for VPN/DX - Enable route propagation when you need dynamic routing from on-premises networks

7. NAT Gateway placement - NAT Gateways go in public subnets; private subnet route tables point to them for outbound internet

8. Troubleshooting connectivity - Always check route tables first when instances cannot communicate

9. VPC Peering routes are not transitive - You must add routes for each peering connection; traffic cannot hop through a peered VPC

10. 0.0.0.0/0 represents all IPv4 traffic - Used for default routes to internet or NAT gateways

Common Exam Scenarios:

• Instance cannot reach the internet → Check if subnet has route to IGW or NAT Gateway
• Peered VPCs cannot communicate → Verify routes exist in both VPCs pointing to the peering connection
• Private instances need software updates → Add route to NAT Gateway in the private subnet route table
• On-premises routes not appearing → Enable route propagation on the route table

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

🎓 Unlock Premium Access

AWS Certified SysOps Administrator - Associate + ALL Certifications

🎓 Access to ALL Certifications: Study for any certification on our platform with one subscription
4720 Superior-grade AWS Certified SysOps Administrator - Associate practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
SOA-C02: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!