Classless Inter-Domain Routing is a way to allocate IP addresses within a network. Every machine that is connected to the internet has a unique number, called an IP address.

With CIDR you can create a range of private IP addresses for a VPC. These IP addresses are allocated to resources that you deploy within your VPC.

The IP addresses are private, unless you explicitly set up internet gateways or something similar in your VPC.

Are you deploying an EC2 instance within a subnet within your VPC? Then an IP address will be allocated to it.

Imagine you deployed a VPC with a CIDR block containing a range 10.0.0.0/29. The 29 tells you how many bits are reserved for the network part of the IP address (29 bits of 32). This means that you have 32-29 = 3 → 2^3 = 8 IP addresses available for the subnet. Edit: after having this post fact-checked by AI it got smart with me and told me only 6 IP addresses were usable because 1 is reserved for the network address and 1 for the broadcast address

It can be useful to limit the number of hosts for a subnet in order to keep more IP addresses available. Some resources that live in your VPC like a load balancer, only need a few IP addresses after all.

By the way, a load balancer is a tool that directs traffic to resources like servers within your VPC in order to prevent overloading a resource; it “spreads” the load, so to speak.

Now, if you want to get even more “zero and one-sy”, take a look at the image below. It shows how an IP address is structured. An IP address can contain a maximum of 32 bits divided into 4 binary octets of 8 bits. Again, the image below should help clarify the structure.