Configure your VPC - Amazon Virtual Private Cloud

Configure your VPC

Use the following procedures to view and configure your virtual private clouds (VPC).

For information about creating or deleting a VPC, see Create a VPC or Delete your VPC.

View details about your VPC

Use the following steps to view the details about your VPCs.

To view VPC details using the console
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose VPCs.

  3. Select the VPC, and then choose View Details to see the configuration details of your VPC.

To describe a VPC using the AWS CLI

Use the describe-vpcs command.

To view all of your VPCs across all Regions

Open the Amazon EC2 Global View console at https://console.aws.amazon.com/ec2globalview/home. For more information, see List and filter resources using the Amazon EC2 Global View in the Amazon EC2 User Guide for Linux Instances.

Visualize the resources in your VPC

Use the following steps to see a visual representation of the resources in your VPC using the Resource map tab. The following resources are visible in the resource map:

  • VPC

  • Subnets

    • The Availability Zone is represented with a letter.

    • Public subnets are green.

    • Private subnets are blue.

  • Route tables

  • Internet gateways

  • Egress-only internet gateways

  • NAT gateways

  • Gateway endpoints (Amazon S3 and Amazon DynamoDB)

The resource map shows relationships between resources inside a VPC and how traffic flows from subnets to NAT gateways, internet gateway and gateway endpoints.

You can use the resource map to understand the architecture of a VPC, see how many subnets it has in it, which subnets are associated with which route tables, and which route tables have routes to NAT gateways, internet gateways, and gateway endpoints.

You can also use the resource map to spot undesirable or incorrect configurations, such as private subnets disconnected from NAT gateways or private subnets with a route directly to the internet gateway. You can choose resources within the resource map, such as route tables, and edit the configurations for those resources.

To visualize the resources in your VPC
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose VPCs.

  3. Select the VPC.

  4. Choose the Resource map tab to display a visualization of the resources.

  5. Choose Show details to view details in addition to the resource IDs and zones displayed by default.

    • VPC: The IPv4 and IPv6 CIDR ranges assigned to the VPC.

    • Subnets: The IPv4 and IPv6 CIDR ranges assigned to each subnet.

    • Route tables: The subnet associations, and the number of routes in the route table.

    • Network connections: The details related to each type of connection:

      • If there are public subnets in the VPC, there is an internet gateway resource with the number of routes and the source and destination subnets for traffic using the internet gateway.

      • If there is an egress-only internet gateway, there is an egress-only internet gateway resource with the number of routes and the source and destination subnets for traffic using the egress-only internet gateway.

      • If there is a NAT gateway, there is a NAT gateway resource with the number of network interfaces and Elastic IP addresses for the NAT gateway.

      • If there is a gateway endpoint, there is a gateway endpoint resource with the name of the AWS service (Amazon S3 or Amazon DynamoDB) that you can connect to using the endpoint.

  6. Hover over a resource to see the relationship between the resources. Solid lines represent relationships between resources. Dotted lines represent network traffic to network connections.

Add an IPv4 CIDR block to your VPC

Your VPC can have up to five IPv4 CIDR blocks by default, but this limit is adjustable. For more information, see Amazon VPC quotas. For information about restrictions on IPv4 CIDR blocks for a VPC, see VPC CIDR blocks.

To add an IPv4 CIDR block to a VPC using the console
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Select the VPC, and then choose Actions, Edit CIDRs.

  4. Choose Add new IPv4 CIDR.

  5. For IPv4 CIDR block, do one of the following:

    • Choose IPv4 CIDR manual input and enter an IPv4 CIDR block.

    • Choose IPAM-allocated IPv4 CIDR and select a CIDR from an IPv4 IPAM pool.

  6. Choose Save and then choose Close.

  7. After you've added an IPv4 CIDR block to your VPC, you can create subnets that use the new CIDR block. For more information, see Create a subnet.

To associate an IPv4 CIDR block with a VPC using the AWS CLI

Use the associate-vpc-cidr-block command.

Add an IPv6 CIDR block to your VPC

Your VPC can have up to five IPv6 CIDR blocks by default, but this limit is adjustable. For more information, see Amazon VPC quotas. For information about restrictions on IPv6 CIDR blocks for a VPC, see VPC CIDR blocks.

To add an IPv6 CIDR block to a VPC using the console
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Select the VPC, and then choose Actions, Edit CIDRs.

  4. Choose Add new IPv6 CIDR.

  5. For IPv6 CIDR block, do one of the following:

    • Choose IPAM-allocated IPv6 CIDR block if you are using Amazon VPC IP Address Manager and you want to provision a IPv6 CIDR from an IPAM pool. You have two options for provisioning an IP address range to the VPC under CIDR block:

      • Netmask length: Choose this option to select a netmask length for the CIDR. Do one of the following:

        • If there is a default netmask length selected for the IPAM pool, you can choose Default to IPAM netmask length to use the default netmask length set for the IPAM pool by the IPAM administrator. For more information about the optional default netmask length allocation rule, see Create a Regional IPv6 pool in the Amazon VPC IPAM User Guide.

        • If there is no default netmask length selected for the IPAM pool, choose a netmask length that's more specific than the netmask length of the IPAM pool CIDR. For example, if the IPAM pool CIDR is /50, you can choose a netmask length between /52 to /60 for the VPC. Possible netmask lengths are between /44 and /60 in increments of /4.

      • Select a CIDR: Choose this option to manually enter an IPv6 address. You can only choose a netmask length that's more specific than the netmask length of the IPAM pool CIDR. For example, if the IPAM pool CIDR is /50, you can choose a netmask length between /52 to /60 for the VPC. Possible IPv6 netmask lengths are between /44 and /60 in increments of /4.

    • Choose Amazon-provided IPv6 CIDR block to request an IPv6 CIDR block from an Amazon pool of IPv6 addresses. For Network Border Group, select the group from which AWS advertises IP addresses. Amazon provides a fixed IPv6 CIDR block size of /56.

    • Choose IPv6 CIDR owned by me to provision an IPv6 CIDR that you have already brought to AWS. For more information about bringing your own IP address ranges to AWS, see Bring your own IP addresses (BYOIP) in Amazon EC2 in the Amazon EC2 User Guide for Linux Instances. You have two options for provisioning an IP address range to the VPC under CIDR block:

      • No preference: Choose this option to use netmask length of /56.

      • Select a CIDR: Choose this option to manually enter an IPv6 address and choose a netmask length that's more specific than the size of BYOIP CIDR. For example, if the BYOIP pool CIDR is /50, you can choose a netmask length between /52 to /60 for the VPC. Possible IPv6 netmask lengths are between /44 and /60 in increments of /4.

  6. Choose Select CIDR and then choose Close.

  7. After you've added an IPv6 CIDR block to your VPC, you can create subnets that use the new CIDR block. For more information, see Create a subnet.

To associate an IPv6 CIDR block with a VPC using the AWS CLI

Use the associate-vpc-cidr-block command.

Remove an IPv4 CIDR block from your VPC

If your VPC has more than one IPv4 CIDR block associated with it, you can remove an IPv4 CIDR block from the VPC. You cannot remove the primary IPv4 CIDR block. You must remove an entire CIDR block; you cannot remove a subset of a CIDR block or a merged range of CIDR blocks. You must first delete all subnets in the CIDR block.

To remove a CIDR block from a VPC using the console
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Select the VPC, and choose Actions, Edit CIDRs.

  4. Under VPC IPv4 CIDRs, remove the CIDR by choosing Remove.

  5. Choose Close.

To disassociate an IPv4 CIDR block from a VPC using the AWS CLI

Use the disassociate-vpc-cidr-block command.

Remove an IPv6 CIDR block from your VPC

If you no longer want IPv6 support in your VPC, but you want to continue using your VPC to create and communicate with IPv4 resources, you can remove the IPv6 CIDR block.

To remove an IPv6 CIDR block, you must first unassign any IPv6 addresses that are assigned to any instances in your subnet.

Removing an IPv6 CIDR block does not automatically delete any security group rules, network ACL rules, or route table routes that you've configured for IPv6 networking. You must manually modify or delete these rules or routes.

To remove an IPv6 CIDR block from a VPC using the console
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Your VPCs.

  3. Select your VPC, choose Actions, Edit CIDRs.

  4. Under IPv6 CIDRs, remove the IPv6 CIDR block by choosing Remove.

  5. Choose Close.

To disassociate an IPv6 CIDR block from a VPC using the AWS CLI

Use the disassociate-vpc-cidr-block command.