Route tables control where traffic goes within your VPC. Each subnet associates with one route table.
Route entries:
- Destination: CIDR range to match
- Target: Where to send matched traffic
Common targets:
- local: Traffic stays in VPC
- Internet gateway: Goes to internet
- NAT gateway: Outbound for private subnets
- VPC peering: Goes to peered VPC
- Transit gateway: Goes to central hub
Rules:
- Most specific route wins
- Local route always exists
- Add routes for internet, peering, VPN
Create separate route tables for public and private subnets.