Table Of Contents


User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . ec2 ]



Provisions an address range for use with your AWS resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr .

AWS verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide .

Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned . To monitor the status of an address range, use DescribeByoipCidrs . To allocate an Elastic IP address from your address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.


--cidr <value>
[--cidr-authorization-context <value>]
[--description <value>]
[--dry-run | --no-dry-run]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]


--cidr (string)

The public IPv4 address range, in CIDR notation. The most specific prefix that you can specify is /24. The address range cannot overlap with another address range that you've brought to this or another Region.

--cidr-authorization-context (structure)

A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP.

Shorthand Syntax:


JSON Syntax:

  "Message": "string",
  "Signature": "string"

--description (string)

A description for the address range and the address pool.

--dry-run | --no-dry-run (boolean)

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.


To provision an address range

The following provision-byoip-cidr example provisions a public IP address range for use with AWS.

aws ec2 provision-byoip-cidr \
    --cidr \
    --cidr-authorization-context Message="$text_message",Signature="$signed_message"


    "ByoipCidr": {
        "Cidr": "",
        "State": "pending-provision"

For more information about creating the messages strings for the authorization context, see Bring Your Own IP Addresses in the Amazon EC2 User Guide.


ByoipCidr -> (structure)

Information about the address pool.

Cidr -> (string)

The public IPv4 address range, in CIDR notation.

Description -> (string)

The description of the address range.

StatusMessage -> (string)

Upon success, contains the ID of the address pool. Otherwise, contains an error message.

State -> (string)

The state of the address pool.