Table Of Contents

Feedback

User Guide

First time using the AWS CLI? See the User Guide for help getting started.

Note: You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . ec2 ]

provision-byoip-cidr

Description

Provisions an IPv4 or IPv6 address range for use with your AWS resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr .

AWS verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide .

Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned . To monitor the status of an address range, use DescribeByoipCidrs . To allocate an Elastic IP address from your IPv4 address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

Synopsis

  provision-byoip-cidr
--cidr <value>
[--cidr-authorization-context <value>]
[--publicly-advertisable | --no-publicly-advertisable]
[--description <value>]
[--dry-run | --no-dry-run]
[--pool-tag-specifications <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

Options

--cidr (string)

The public IPv4 or IPv6 address range, in CIDR notation. The most specific IPv4 prefix that you can specify is /24. The most specific IPv6 prefix you can specify is /56. The address range cannot overlap with another address range that you've brought to this or another Region.

--cidr-authorization-context (structure)

A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP.

Message -> (string)

The plain-text authorization message for the prefix and account.

Signature -> (string)

The signed authorization message for the prefix and account.

Shorthand Syntax:

Message=string,Signature=string

JSON Syntax:

{
  "Message": "string",
  "Signature": "string"
}

--publicly-advertisable | --no-publicly-advertisable (boolean)

(IPv6 only) Indicate whether the address range will be publicly advertised to the internet.

Default: true

--description (string)

A description for the address range and the address pool.

--dry-run | --no-dry-run (boolean)

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

--pool-tag-specifications (list)

The tags to apply to the address pool.

(structure)

The tags to apply to a resource when the resource is being created.

ResourceType -> (string)

The type of resource to tag. Currently, the resource types that support tagging on creation are: capacity-reservation | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | import-image-task | import-snapshot-task | instance | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | placement-group | prefix-list | natgateway | network-acl | route-table | security-group | spot-fleet-request | spot-instances-request | snapshot | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-route-table | volume |vpc | vpc-peering-connection | vpc-endpoint (for interface and gateway endpoints) | vpc-endpoint-service (for AWS PrivateLink) | vpc-flow-log | vpn-connection | vpn-gateway .

To tag a resource after it has been created, see CreateTags .

Tags -> (list)

The tags to apply to the resource.

(structure)

Describes a tag.

Key -> (string)

The key of the tag.

Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

Value -> (string)

The value of the tag.

Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Shorthand Syntax:

ResourceType=string,Tags=[{Key=string,Value=string},{Key=string,Value=string}] ...

JSON Syntax:

[
  {
    "ResourceType": "client-vpn-endpoint"|"customer-gateway"|"dedicated-host"|"dhcp-options"|"egress-only-internet-gateway"|"elastic-ip"|"elastic-gpu"|"export-image-task"|"export-instance-task"|"fleet"|"fpga-image"|"host-reservation"|"image"|"import-image-task"|"import-snapshot-task"|"instance"|"internet-gateway"|"key-pair"|"launch-template"|"local-gateway-route-table-vpc-association"|"natgateway"|"network-acl"|"network-interface"|"placement-group"|"reserved-instances"|"route-table"|"security-group"|"snapshot"|"spot-fleet-request"|"spot-instances-request"|"subnet"|"traffic-mirror-filter"|"traffic-mirror-session"|"traffic-mirror-target"|"transit-gateway"|"transit-gateway-attachment"|"transit-gateway-multicast-domain"|"transit-gateway-route-table"|"volume"|"vpc"|"vpc-peering-connection"|"vpn-connection"|"vpn-gateway"|"vpc-flow-log",
    "Tags": [
      {
        "Key": "string",
        "Value": "string"
      }
      ...
    ]
  }
  ...
]

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Examples

To provision an address range

The following provision-byoip-cidr example provisions a public IP address range for use with AWS.

aws ec2 provision-byoip-cidr \
    --cidr 203.0.113.25/24 \
    --cidr-authorization-context Message="$text_message",Signature="$signed_message"

Output:

{
    "ByoipCidr": {
        "Cidr": "203.0.113.25/24",
        "State": "pending-provision"
    }
}

For more information about creating the messages strings for the authorization context, see Bring Your Own IP Addresses in the Amazon EC2 User Guide.

Output

ByoipCidr -> (structure)

Information about the address range.

Cidr -> (string)

The address range, in CIDR notation.

Description -> (string)

The description of the address range.

StatusMessage -> (string)

Upon success, contains the ID of the address pool. Otherwise, contains an error message.

State -> (string)

The state of the address pool.