https://aws.amazon.com/tw/blogs/aws/inspect-subnet-to-subnet-traffic-with-amazon-vpc-more-specific-routing/?utm_source=pocket_mylist Until today, it was not possible because a route in a routing table cannot be more specific than the default local route (check the VPC documentation for more details). In plain English, it means that no route can have a destination using a smaller CIDR range than the default local route (which is the CIDR range of the whole VPC). For example, when the VPC range is 10.0.0/16 and a subnet has 10.0.1.0/24, a route to 10.0.1.0/24 is more specific than a route to 10.0.0/16.