I have a VPC. In it I have two sub-nets (subnet-1, subnet-2).
Subnet-1 has these EC2 instances: 10.0.0.66, 10.0.0.83 Subnet-2 has these EC2 instances: 10.0.0.203, 10.0.0.208
I would expect to be able to ping from 10.0.0.66 to 10.0.0.83 and I can.
However, I would not expect to be able to ping from 10.0.0.203 to 10.0.0.83 but I can. I thought the whole point of a subnet was to keep instances in it isolated from other subnets? Why then can I ping across subnets?
Yes, You can able to Ping/SSH all your instance within your VPC.
When you create your VPC with your preferred CIDR range,Your main Route table will be created automatically and which will allow you to reach whole CIDR range. It does not matter how many subnets you have created under the VPC. This is default behavior in AWS.
If you want to block the access from one subnet to another subnet you can restrict.Select VPC associated Network ACL and edit the Inbound rule. By default source will be 0.0.0.0/0 ,You Mention the subnet which you want to access. You can restrict based on protocol/Port also.Post changes You can't reach from the subnet which you have not allowed.
For Reference : https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html