How do I modify the IPv4 CIDR block of my Amazon VPC?
I want to change the IPv4 CIDR block of my Amazon Virtual Private Cloud (Amazon VPC).
Resolution
You can't change or modify the IP address range of an existing virtual private cloud (VPC) or subnet.
Remove and add a new IPv4 CIDR block to your VPC
If you create a new VPC, then the default IPv4 CIDR block might be incorrect. You can remove the default CIDR block and then manually add a new IPv4 CIDR block.
Add a secondary IPv4 CIDR block to your VPC
To extend the IPv4 address range of your VPC, add a CIDR block to your VPC. Make sure that you follow the CIDR block association restrictions.
If your depleted CIDR block is a secondary CIDR block, then associate another CIDR block with a new IP address range.
Note: By default, the VPC automatically adds a local route to all routing tables for every CIDR block associated with the VPC. This routing feature allows you to route traffic between the primary and secondary CIDR resources without additional routing. To restrict unintended traffic, use security groups and network access control lists (network ACLs).
Create a new VPC with a different IPv4 CIDR block and migrate your resources
If you can't extend your VPC's IP address range with an additional IPv4 CIDR block, then create a new VPC with your IPv4 CIDR block. Then, manually migrate your existing resources to the new VPC.
Note: After you migrate your resources to your new VPC, you can delete your previous VPC.
Related information
How do I change the VPC for an Amazon Relational Database Service (Amazon RDS) DB instance?
How do I resolve a dependency error I receive when I try to delete my VPC?
- Tags
- Amazon VPC
- Language
- English
Blocked using option 1
I was following the first option Add an additional IPv4 CIDR block as a secondary CIDR. Where in current VPC we have AZ1 and AZ2, so I added a secondary CIDR block to have a AZ3, but here I'm running into an issue in exportVpc function, its not able to update the subnet IDs for the AZ3, as it says that the export VpcSubnetIds cannot be updated as it is already in use by Load balancer.
As we are doing changes in production, we cannot delete the existing Load balancer. So is there a way where we can export the AZ3 and update load balancer to have all the 3 AZs.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
I think the first solution is Good, but this does not support automation if you see here in resource "Type" : "AWS::EC2::VPCCidrBlock", CIDRBLOCK is a string and it will not support an array please implement an api for this resource "AWS::EC2::VPCCidrBlock" to support both CIDR and automation
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
The rule that the initially assigned random IPv4 CIDR cannot be changed to match customer network plans if the initial random assignment happens to be in a different old routing class (A, B or C) can get quite problematic . For example, if the customer plan dictates that the VPC in Sao Paulo should be 192.168.172.0/20 but AWS assigned 10.11.0.0/16, then the customer cannot correct this .
When there are no allocations in the initial CIDR block, it should be allowed to change it to any other allowed CIDR block.
Relevant content
- asked 4 years ago
- AWS OFFICIALUpdated 9 months ago
