AWS::EC2::Subnet

Specifies a subnet for the specified VPC.

For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block.

For more information, see Subnets for your VPC in the Amazon VPC User Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::EC2::Subnet",
  "Properties" : {
      "AssignIpv6AddressOnCreation" : Boolean,
      "AvailabilityZone" : String,
      "AvailabilityZoneId" : String,
      "CidrBlock" : String,
      "EnableDns64" : Boolean,
      "Ipv6CidrBlock" : String,
      "Ipv6Native" : Boolean,
      "MapPublicIpOnLaunch" : Boolean,
      "OutpostArn" : String,
      "PrivateDnsNameOptionsOnLaunch" : PrivateDnsNameOptionsOnLaunch,
      "Tags" : [ Tag, ... ],
      "VpcId" : String
    }
}

YAML

Type: AWS::EC2::Subnet
Properties: 
  AssignIpv6AddressOnCreation: Boolean
  AvailabilityZone: String
  AvailabilityZoneId: String
  CidrBlock: String
  EnableDns64: Boolean
  Ipv6CidrBlock: String
  Ipv6Native: Boolean
  MapPublicIpOnLaunch: Boolean
  OutpostArn: String
  PrivateDnsNameOptionsOnLaunch: 
    PrivateDnsNameOptionsOnLaunch
  Tags: 
    - Tag
  VpcId: String

Properties

AssignIpv6AddressOnCreation

Indicates whether a network interface created in this subnet receives an IPv6 address. The default value is false.

If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock.

Required: No

Type: Boolean

Update requires: No interruption

AvailabilityZone

The Availability Zone of the subnet.

If you update this property, you must also update the CidrBlock property.

Required: No

Type: String

Update requires: Replacement

AvailabilityZoneId

The AZ ID of the subnet.

Required: No

Type: String

Update requires: Replacement

CidrBlock

The IPv4 CIDR block assigned to the subnet.

If you update this property, we create a new subnet, and then delete the existing one.

Required: Conditional

Type: String

Update requires: Replacement

EnableDns64

Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. For more information, see DNS64 and NAT64 in the Amazon Virtual Private Cloud User Guide.

Required: No

Type: Boolean

Update requires: No interruption

Ipv6CidrBlock

The IPv6 CIDR block.

If you specify AssignIpv6AddressOnCreation, you must also specify Ipv6CidrBlock.

Required: Conditional

Type: String

Update requires: Some interruptions

Ipv6Native

Indicates whether this is an IPv6 only subnet. For more information, see Subnet basics in the Amazon Virtual Private Cloud User Guide.

Required: No

Type: Boolean

Update requires: Replacement

MapPublicIpOnLaunch

Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is false.

Required: No

Type: Boolean

Update requires: No interruption

OutpostArn

The Amazon Resource Name (ARN) of the Outpost.

Required: No

Type: String

Update requires: Replacement

PrivateDnsNameOptionsOnLaunch

The hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries to the instances should be handled. For more information, see Amazon EC2 instance hostname types in the Amazon Elastic Compute Cloud User Guide.

Available options:

• EnableResourceNameDnsAAAARecord (true | false)

• EnableResourceNameDnsARecord (true | false)

• HostnameType (ip-name | resource-name)

Required: No

Type: PrivateDnsNameOptionsOnLaunch

Update requires: No interruption

Tags

Any tags assigned to the subnet.

Required: No

Type: List of Tag

Update requires: No interruption

VpcId

The ID of the VPC the subnet is in.

If you update this property, you must also update the CidrBlock property.

Required: Yes

Type: String

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the subnet.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

AvailabilityZone

The Availability Zone of this subnet. For example:

{ "Fn::GetAtt" : [ "mySubnet", "AvailabilityZone" ] }

Ipv6CidrBlocks

The IPv6 CIDR blocks that are associated with the subnet, such as [ 2001:db8:1234:1a00::/64 ].

NetworkAclAssociationId

The ID of the network ACL that is associated with the subnet's VPC, such as acl-5fb85d36.

OutpostArn

The Amazon Resource Name (ARN) of the Outpost.

SubnetId

The ID of the subnet.

VpcId

The ID of the subnet's VPC, such as vpc-11ad4878.

Examples

Subnet

The following example uses the VPC ID from a VPC named myVPC that was declared elsewhere in the same template. For an example with IPv6 enabled, see Creating an IPv6 enabled VPC.

JSON

"mySubnet" : {
   "Type" : "AWS::EC2::Subnet",
   "Properties" : {
      "VpcId" : { "Ref" : "myVPC" },
      "CidrBlock" : "10.0.0.0/24",
      "AvailabilityZone" : "us-east-1a",
      "Tags" : [ { "Key" : "stack", "Value" : "production" } ]
   }
}

YAML

  mySubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Ref: myVPC
      CidrBlock: 10.0.0.0/24
      AvailabilityZone: "us-east-1a"
      Tags:
      - Key: stack
        Value: production

See also

• CreateSubnet in the Amazon EC2 API Reference

• VPC and subnets in the Amazon VPC User Guide