How do I modify the IPv4 CIDR block of my Amazon VPC?
Last updated: 2022-03-24
I want to change the IPv4 CIDR block of my Amazon Virtual Private Cloud (Amazon VPC). How can I do this?
It's not possible to change or modify the IP address range of an existing virtual private cloud (VPC) or subnet. However, you can do one of the following:
- Add an additional IPv4 CIDR block as a secondary CIDR to your VPC.
- Create a new VPC with your preferred CIDR block and then migrate the resources from your old VPC to the new VPC (if applicable).
Add a secondary IPv4 CIDR block to your VPC
To extend the IPv4 address range of your VPC, see Associating a secondary IPv4 CIDR block with your VPC. Make sure that you follow the CIDR block association restrictions.
If your depleted CIDR block is a secondary CIDR block, then associate another CIDR block with a new IP address range.
Note: By default, a local route is added to all routing tables in the VPC for every CIDR block associated with the VPC. This allows you to route traffic between the primary and secondary CIDR resources without additional routing. To restrict unintended traffic, use security groups and network access control lists (ACLs).
Create a new VPC with a different IPv4 CIDR block and migrate your resources (if applicable)
If extending your VPC's IP address range with an additional IPv4 CIDR block isn't an option, you can create a new VPC with your preferred IPv4 CIDR block. Then, manually migrate all of your existing resources to the new VPC (if applicable).
Note: After you complete migrating all of the resources to your new VPC, you can delete all underlying resources in your old VPC. This includes the following:
- Terminating all instances running in the VPC.
- Deleting all security groups associated with the VPC (except the default one).
- Deleting all route tables associated with the VPC (except the default one),
- Deleting any other resources as needed.
After you delete the underlying resources, you can Delete your old VPC.