Create another subnet named bastion, with CIDR block 172.31.112.0/20 in Availability Zone us-east-1a:
![](http://images-20200215.ebookreading.net/11/2/2/9781787281066/9781787281066__learning-aws-__9781787281066__assets__10f9a9a5-b24e-412a-9450-ca550451fcd4.png)
There is no need to assign a private route table to it as the EC2 instances running in this subnet will be accessed by clients from the public internet.