Understanding AWS VPC Route Tables: A Simple Guide

Jay TilluJay Tillu
5 min read

In AWS, Route Table is like a Delivery App’s Map System

Meet Arjun, a cloud engineer building “RideGo” — a ride-sharing app. His app runs on AWS and has two types of servers:

  • One that talks to the internet (e.g., users logging in)

  • One that is kept private, away from public eyes (e.g., a database)

He sets these up using subnets inside an AWS VPC (Virtual Private Cloud):

  • Public Subnet → servers that must be reachable by users

  • Private Subnet → secure servers that should never be exposed directly

Everything is in place… but something’s not working.
Public servers can’t load the homepage. Private servers can't even ping AWS services.

🛑 What’s missing?

👉 Route Tables — the map that tells every zone where to send traffic.


🚦 What Exactly is a Route Table?

In AWS, every subnet needs directions on how to move network traffic. That’s what a Route Table does.

Think of it like:

  • Google Maps for delivery drivers

  • GPS routes for your food delivery app

  • Signboards on a highway telling packets where to go

No Route Table = no one knows where to send stuff.


🏙️ Real-Life App Example

Imagine your RideGo app infrastructure looks like this:

  • 10.0.1.0/24 = Public Subnet → App servers, user logins

  • 10.0.2.0/24 = Private Subnet → Internal APIs, database

Now you must create a route table for each Subnet:

🔓 Public Subnet Route Table

Let’s say Arjun wants users to visit the app via internet.

He needs a rule in the route table like this:

DestinationWhere to Send ItMeaning
10.0.0.0/16LocalTraffic inside the VPC stays here
0.0.0.0/0Gateway to NetSend all internet-bound traffic out

Now people can access ridego.com 🎉

🧠 Notes:

  • 10.0.0.0/16 is your whole VPC CIDR block.

  • 0.0.0.0/0 means "everything else not matched above" – essentially internet traffic.

  • “Gateway to Internet” in your original table is a placeholder. To be technically accurate, it should be:

    • Target: igw-xxxxxxxx (Internet Gateway ID)

🔐 Private Subnet Route Table

This subnet has no direct access to the internet. That’s by design. Route table looks like:

DestinationWhere to Send It
10.0.0.0/16Local

This means:
🛑 Can talk to other parts of the app inside the VPC ✅
❌ Cannot access internet services ❌

That’s fine for databases, but what if your backend wants to download updates? You’ll need more setup — but for now, this subnet stays quiet and safe.


🔁 Why Route Tables Matter (Without the Fancy Stuff)

Without Route TablesWith Route Tables
Traffic gets lostTraffic knows where to go
Users can’t access your appApp loads normally
Backend can’t functionBackend works as expected

It’s like turning on GPS for every server — so packets don’t get lost.


🧠 TL;DR

  • A Route Table is just a list of "traffic rules" for a subnet.

  • It says, “If traffic is going here, send it there.”

  • Every subnet must have one.

  • It’s simple when you break it down:

    • Local = stay inside VPC

    • 0.0.0.0/0 = “I don’t know where this is” → usually means internet


🔍 Summary in 1 Line:

Without a Route Table, your AWS servers are like delivery drivers without maps.
They won’t know where to go, and your app will be stuck in traffic.


More AWS SAA Articles

Follow me for more such content

0
Subscribe to my newsletter

Read articles from Jay Tillu directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Jay Tillu
Jay Tillu

Hello! I'm Jay Tillu, an Information Security Engineer at Simple2Call. I have expertise in security frameworks and compliance, including NIST, ISO 27001, and ISO 27701. My specialities include Vulnerability Management, Threat Analysis, and Incident Response. I have also earned certifications in Google Cybersecurity and Microsoft Azure. I’m always eager to connect and discuss cybersecurity—let's get in touch!