AWS - VPC Route Table Priority

Posted August 17, 2018 by Matthew McGeehan

While studying for the AWS Certified Advanced Networking exam, I came across a few things that I wanted to write down. First on the list is route priority. As a network engineer, I've been taught that the most specific route wins. That is not necessarily the case in a VPC. Instead a subnet that is marked as local in the VPC route table is always preferred. It does not matter if there is a more specific prefix pointing to a resource outside the VPC.

In the example shown below, resources within the VPC ( will not be able to communicate with the data center ( The VPC router will ignore the route learned from the virtual private gateway. This happens because the VPC owns the IP space.

VPC Route Table
Destination Target Local vgw-xxxxxxxx

AWS VPC Route Table Priority:

The VPC route table uses the following process to determine how to route traffic.

  1. Local routes are the most preferred.
  2. Next up is longest prefix match.
  3. Followed by static routes.
    • Internet gateway
    • Virtual private gateway
    • Network interface
    • Instance ID
    • VPC peering connection
    • NAT gateway
    • VPC endpoint

For overlapping routes from a VPN connection:

  1. First, BGP routes learned over Direct Connect are the most preferred.
  2. Then, static routes from a VPN connection.
  3. Finally, BGP routes learned from a VPN connection