Route Tables as Security Controls
Use routing to keep sensitive subnets isolated by design.
Routing Is Security
A route table is a set of rules that decides where network traffic from a subnet is directed. Beyond connectivity, route tables are a security control: by controlling which destinations a subnet can reach, you decide what is even possible before any firewall rule is consulted.
How Routes Work
Each route maps a destination CIDR to a target such as an internet gateway, NAT gateway, peering connection, or transit gateway. AWS uses the most specific matching route for each packet. The local route for the VPC CIDR is always present and cannot be removed.
All lessons in this course
- Public and Private Subnet Design
- Internet, NAT, and Egress Gateways
- Route Tables as Security Controls
- Securing VPC Peering and Transit Gateway