AWS::EC2::Subnet - AWS CloudFormation

AWS::EC2::Subnet

Specifies a subnet for a VPC.

When you create each subnet, you provide the VPC ID and IPv4 CIDR block for the subnet. After you create a subnet, you can't change its CIDR block. The size of the subnet's IPv4 CIDR block can be the same as a VPC's IPv4 CIDR block, or a subset of a VPC's IPv4 CIDR block. If you create more than one subnet in a VPC, the subnets' CIDR blocks must not overlap. The smallest IPv4 subnet (and VPC) you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses).

If you've associated an IPv6 CIDR block with your VPC, you can create a subnet with an IPv6 CIDR block that uses a /64 prefix length.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::EC2::Subnet", "Properties" : { "AssignIpv6AddressOnCreation" : Boolean, "AvailabilityZone" : String, "AvailabilityZoneId" : String, "CidrBlock" : String, "EnableDns64" : Boolean, "Ipv6CidrBlock" : String, "Ipv6Native" : Boolean, "MapPublicIpOnLaunch" : Boolean, "OutpostArn" : String, "PrivateDnsNameOptionsOnLaunch" : Json, "Tags" : [ Tag, ... ], "VpcId" : String } }

YAML

Type: AWS::EC2::Subnet Properties: AssignIpv6AddressOnCreation: Boolean AvailabilityZone: String AvailabilityZoneId: String CidrBlock: String EnableDns64: Boolean Ipv6CidrBlock: String Ipv6Native: Boolean MapPublicIpOnLaunch: Boolean OutpostArn: String PrivateDnsNameOptionsOnLaunch: Json Tags: - Tag VpcId: String

Properties

AssignIpv6AddressOnCreation

Indicates whether a network interface created in this subnet receives an IPv6 address. The default value is false.

If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock.

Required: No

Type: Boolean

Update requires: No interruption

AvailabilityZone

The Availability Zone of the subnet.

If you update this property, you must also update the CidrBlock property.

Required: No

Type: String

Update requires: Replacement

AvailabilityZoneId

The AZ ID of the subnet.

Required: No

Type: String

Update requires: Replacement

CidrBlock

The IPv4 CIDR block assigned to the subnet.

If you update this property, we create a new subnet, and then delete the existing one.

Required: No

Type: String

Update requires: Replacement

EnableDns64

Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. For more information, see DNS64 and NAT64 in the Amazon Virtual Private Cloud User Guide.

Required: No

Type: Boolean

Update requires: No interruption

Ipv6CidrBlock

The IPv6 CIDR block.

If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock.

Required: Conditional

Type: String

Update requires: No interruption

Ipv6Native

Indicates whether this is an IPv6 only subnet. For more information, see Subnet basics in the Amazon Virtual Private Cloud User Guide.

Required: No

Type: Boolean

Update requires: Replacement

MapPublicIpOnLaunch

Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is false.

Required: No

Type: Boolean

Update requires: No interruption

OutpostArn

The Amazon Resource Name (ARN) of the Outpost.

Required: No

Type: String

Update requires: Replacement

PrivateDnsNameOptionsOnLaunch

The hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries to the instances should be handled. For more information, see Amazon EC2 instance hostname types in the Amazon Elastic Compute Cloud User Guide.

Available options:

  • EnableResourceNameDnsAAAARecord (true | false)

  • EnableResourceNameDnsARecord (true | false)

  • HostnameType (ip-name | resource-name)

Required: No

Type: Json

Update requires: No interruption

Tags

Any tags assigned to the subnet.

Required: No

Type: List of Tag

Update requires: No interruption

VpcId

The ID of the VPC the subnet is in.

If you update this property, you must also update the CidrBlock property.

Required: Yes

Type: String

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the subnet.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

AvailabilityZone

The Availability Zone of this subnet. For example:

{ "Fn::GetAtt" : [ "mySubnet", "AvailabilityZone" ] }

Ipv6CidrBlocks

The IPv6 CIDR blocks that are associated with the subnet, such as [ 2001:db8:1234:1a00::/64 ].

NetworkAclAssociationId

The ID of the network ACL that is associated with the subnet's VPC, such as acl-5fb85d36.

OutpostArn

The Amazon Resource Name (ARN) of the Outpost.

SubnetId

The ID of the subnet.

VpcId

The ID of the subnet's VPC, such as vpc-11ad4878.

Examples

Subnet

The following example uses the VPC ID from a VPC named myVPC that was declared elsewhere in the same template. For an example with IPv6 enabled, see Creating an IPv6 enabled VPC.

JSON

"mySubnet" : { "Type" : "AWS::EC2::Subnet", "Properties" : { "VpcId" : { "Ref" : "myVPC" }, "CidrBlock" : "10.0.0.0/24", "AvailabilityZone" : "us-east-1a", "Tags" : [ { "Key" : "stack", "Value" : "production" } ] } }

YAML

mySubnet: Type: AWS::EC2::Subnet Properties: VpcId: Ref: myVPC CidrBlock: 10.0.0.0/24 AvailabilityZone: "us-east-1a" Tags: - Key: stack Value: production

See also