Menu
Amazon Virtual Private Cloud
User Guide

Working with VPCs and Subnets

The following procedures are for manually creating a VPC and subnets. You also have to manually add gateways and routing tables. Alternatively, you can use the Amazon VPC wizard to create a VPC plus its subnets, gateways, and routing tables in one step. For more information, see Scenarios and Examples.

Creating a VPC

You can create an empty VPC using the Amazon VPC console.

To create a VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs, Create VPC.

  3. Specify the following VPC details as necessary and choose Create VPC.

    • Name tag: Optionally provide a name for your VPC. Doing so creates a tag with a key of Name and the value that you specify.

    • IPv4 CIDR block: Specify an IPv4 CIDR block for the VPC. We recommend that you specify a CIDR block from the private (non-publicly routable) IP address ranges as specified in RFC 1918; for example, 10.0.0.0/16, or 192.168.0.0/16.

      Note

      You can specify a range of publicly routable IPv4 addresses; however, we currently do not support direct access to the internet from publicly routable CIDR blocks in a VPC. Windows instances cannot boot correctly if launched into a VPC with ranges from 224.0.0.0 to 255.255.255.255 (Class D and Class E IP address ranges).

    • IPv6 CIDR block: Optionally associate an IPv6 CIDR block with your VPC by choosing Amazon-provided IPv6 CIDR block.

    • Tenancy: Select a tenancy option. Dedicated tenancy ensures that your instances run on single-tenant hardware. For more information, see Dedicated Instances in the Amazon EC2 User Guide for Linux Instances.

Alternatively, you can use a command line tool.

To create a VPC using a command line tool

To describe a VPC using a command line tool

For more information about IP addresses, see IP Addressing in Your VPC.

After you've created a VPC, you can create subnets. For more information, see Creating a Subnet in Your VPC.

Creating a Subnet in Your VPC

To add a new subnet to your VPC, you must specify an IPv4 CIDR block for the subnet from the range of your VPC. You can specify the Availability Zone in which you want the subnet to reside. You can have multiple subnets in the same Availability Zone.

You can optionally specify an IPv6 CIDR block for your subnet if an IPv6 CIDR block is associated with your VPC.

To add a subnet to your VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Subnets, Create Subnet.

  3. Specify the subnet details as necessary and choose Create Subnet.

    • Name tag: Optionally provide a name for your subnet. Doing so creates a tag with a key of Name and the value that you specify.

    • VPC: Choose the VPC for which you're creating the subnet.

    • Availability Zone: Optionally choose an Availability Zone in which your subnet will reside, or leave the default No Preference to let AWS choose an Availability Zone for you.

    • IPv4 CIDR block: Specify an IPv4 CIDR block for your subnet, for example, 10.0.1.0/24. For more information, see VPC and Subnet Sizing for IPv4.

    • IPv6 CIDR block: (Optional) If you've associated an IPv6 CIDR block with your VPC, choose Specify a custom IPv6 CIDR. Specify the hexadecimal pair value for the subnet, or leave the default value.

  4. (Optional) If required, repeat the steps above to create more subnets in your VPC.

Alternatively, you can use a command line tool.

To add a subnet using a command line tool

To describe a subnet using a command line tool

After you've created a subnet, you can do the following:

Associating a Secondary IPv4 CIDR Block with Your VPC

You can add another IPv4 CIDR block to your VPC. Ensure that you have read the applicable restrictions.

After you've associated a CIDR block, the status goes to associating. The CIDR block is ready to use when it's in the associated state.

To add a CIDR block to your VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Select the VPC, and choose Actions, Edit CIDRs.

  4. Choose Add IPv4 CIDR, and enter the CIDR block to add; for example, 10.2.0.0/16. Choose the tick icon.

  5. Choose Close.

Alternatively, you can use a command line tool.

To add a CIDR block using a command line tool

After you've added the IPv4 CIDR blocks that you need, you can create subnets. For more information, see Creating a Subnet in Your VPC.

Associating an IPv6 CIDR Block with Your VPC

You can associate an IPv6 CIDR block with any existing VPC. The VPC must not have an existing IPv6 CIDR block associated with it.

To associate an IPv6 CIDR block with a VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Select your VPC, choose Actions, Edit CIDRs.

  4. Choose Add IPv6 CIDR. After the IPv6 CIDR block is added, choose Close.

Alternatively, you can use a command line tool.

To associate an IPv6 CIDR block with a VPC using a command line tool

Associating an IPv6 CIDR Block with Your Subnet

You can associate an IPv6 CIDR block with an existing subnet in your VPC. The subnet must not have an existing IPv6 CIDR block associated with it.

To associate an IPv6 CIDR block with a subnet using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Subnets.

  3. Select your subnet, choose Subnet Actions, Edit IPv6 CIDRs.

  4. Choose Add IPv6 CIDR. Specify the hexadecimal pair for the subnet (for example, 00) and confirm the entry by choosing the tick icon.

  5. Choose Close.

Alternatively, you can use a command line tool.

To associate an IPv6 CIDR block with a subnet using a command line tool

Launching an Instance into Your Subnet

After you've created your subnet and configured your routing, you can launch an instance into your subnet using the Amazon EC2 console.

To launch an instance into your subnet using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. On the dashboard, choose Launch Instance.

  3. Follow the directions in the wizard. Select an AMI and an instance type and choose Next: Configure Instance Details.

    Note

    If you want your instance to communicate over IPv6, you must select a supported instance type. All current generation instance types, except M3 and G2, support IPv6 addresses.

  4. On the Configure Instance Details page, ensure that you have selected the required VPC in the Network list, then select the subnet in to which to launch the instance. Keep the other default settings on this page and choose Next: Add Storage.

  5. On the next pages of the wizard, you can configure storage for your instance, and add tags. On the Configure Security Group page, choose from any existing security group that you own, or follow the wizard directions to create a new security group. Choose Review and Launch when you're done.

  6. Review your settings and choose Launch.

  7. Select an existing key pair that you own or create a new one, and then choose Launch Instances when you're done.

Alternatively, you can use a command line tool.

To launch an instance into your subnet using a command line tool

Deleting Your Subnet

If you no longer need your subnet, you can delete it. You must terminate any instances in the subnet first.

To delete your subnet using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Terminate all instances in the subnet. For more information, see Terminate Your Instance in the EC2 User Guide.

  3. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  4. In the navigation pane, choose Subnets.

  5. Select the subnet to delete and choose Subnet Actions, Delete.

  6. In the Delete Subnet dialog box, choose Yes, Delete.

Alternatively, you can use a command line tool.

To delete a subnet using a command line tool

Disassociating an IPv4 CIDR Block from Your VPC

If your VPC has more than one IPv4 CIDR block associated with it, you can disassociate an IPv4 CIDR block from the VPC. You cannot disassociate the primary IPv4 CIDR block. You can only disassociate an entire CIDR block; you cannot disassociate a subset of a CIDR block or a merged range of CIDR blocks. You must first delete all subnets in the CIDR block.

To remove a CIDR block from a VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Select the VPC, and choose Actions, Edit CIDRs.

  4. Under VPC IPv4 CIDRs, choose the delete button (a cross) for the CIDR block to remove.

  5. Choose Close.

Alternatively, you can use a command line tool.

To remove an IPv4 CIDR block from a VPC using a command line tool

Disassociating an IPv6 CIDR Block from Your VPC or Subnet

If you no longer want IPv6 support in your VPC or subnet, but you want to continue using your VPC or subnet for creating and communicating with IPv4 resources, you can disassociate the IPv6 CIDR block.

To disassociate an IPv6 CIDR block, you must first unassign any IPv6 addresses that are assigned to any instances in your subnet. For more information, see Unassigning an IPv6 Address From an Instance.

To disassociate an IPv6 CIDR block from a subnet using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Subnets.

  3. Select your subnet, choose Subnet Actions, Edit IPv6 CIDRs.

  4. Remove the IPv6 CIDR block for the subnet by choosing the cross icon.

  5. Choose Close.

To disassociate an IPv6 CIDR block from a VPC using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Select your VPC, choose Actions, Edit CIDRs.

  4. Remove the IPv6 CIDR block by choosing the cross icon.

  5. Choose Close.

Note

Disassociating an IPv6 CIDR block does not automatically delete any security group rules, network ACL rules, or route table routes that you've configured for IPv6 networking. You must manually modify or delete these rules or routes.

Alternatively, you can use a command line tool.

To disassociate an IPv6 CIDR block from a subnet using a command line tool

To disassociate an IPv6 CIDR block from a VPC using a command line tool

Deleting Your VPC

You can delete your VPC at any time. However, you must terminate all instances in the VPC first. When you delete a VPC using the VPC console, we delete all its components, such as subnets, security groups, network ACLs, route tables, internet gateways, VPC peering connections, and DHCP options.

If you have a VPN connection, you don't have to delete it or the other components related to the VPN (such as the customer gateway and virtual private gateway). If you plan to use the customer gateway with another VPC, we recommend that you keep the VPN connection and the gateways. Otherwise, your network administrator must configure the customer gateway again after you create a new VPN connection.

To delete your VPC using the console

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Terminate all instances in the VPC. For more information, see Terminate Your Instance in the Amazon EC2 User Guide for Linux Instances.

  3. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  4. In the navigation pane, choose Your VPCs.

  5. Select the VPC to delete and choose Actions, Delete VPC.

  6. To delete the VPN connection, select the option to do so; otherwise, leave it unselected. Choose Yes, Delete.

Alternatively, you can use a command line tool. When you delete a VPC using the command line, you must first terminate all instances, delete all subnets, custom security groups, and custom route tables, and detach any internet gateway in the VPC.

To delete a VPC using a command line tool