Nope, 10.8.0.0/24 doesn’t fall into 10.0.0.0/16. AWS is correct, sorry 🙂
In your 10.0.0.0/16 you can create subnets between 10.0.0.0/24 to 10.0.255.0/24, e.g. 10.0.8.0/24 would work.
Let’s say we’ve got CIDR address 10.20.30.40 – that can fall for example into these subnets:
10.0.0.0/8– /8 means only the first byte (10.) in the address is the network address.10.20.0.0/16– /16 means the first two bytes (10.20.) are network.10.20.30.0/24– /24 means the first three bytes (10.20.30.) are network.10.20.30.40/32– /32 covers the whole address (10.20.30.40) and sometimes this notation is used to explicitly say it’s a host address. AWS uses that a lot.
Hope that helps 🙂