I want to modify the IP address range of my VPC or subnet in my VPC. How can I do this?

The IP address range of a VPC is made up of the CIDR blocks associated with it. You select one CIDR block when you create the VPC, and you can add or remove secondary CIDR blocks later. The CIDR block that you add when you create the VPC cannot be changed, but you can add and remove secondary CIDR blocks to change the IP address range of the VPC.

You cannot change the IP address range of a VPC subnet after you create that subnet. You must instead create a new VPC subnet with your desired IP address range. 

Modify the IP address range of a VPC

Determine the primary CIDR block for your VPC, and then modify the IP address range of your VPC by associating or disassociating secondary CIDR blocks with your VPC. See Adding IPv4 CIDR Blocks to a VPC and VPC and Subnet Sizing for IPv6 for information about limitations regarding secondary CIDR blocks.

To view the primary CIDR for your VPC:

  1. Open the Amazon VPC console.
  2. Choose Your VPCs.
  3. Select your VPC.
  4. Note the first entry under CIDR blocks.

Or, use the describe-vpcs command:

aws ec2 describe-vpcs --vpc-id vpc-1a2b3c4d

In the output that returns, the primary CIDR is returned in the top-level CidrBlock element (the second-last element in the example output below).

{
    "Vpcs": [
        {
            "VpcId": "vpc-1a2b3c4d", 
            "InstanceTenancy": "default", 
            "Tags": [
                {
                    "Value": "MyVPC", 
                    "Key": "Name"
                }
            ], 
            "CidrBlockAssociations": [
                {
                    "AssociationId": "vpc-cidr-assoc-3781aa5e", 
                    "CidrBlock": "10.0.0.0/16", 
                    "CidrBlockState": {
                        "State": "associated"
                    }
                }, 
                {
                    "AssociationId": "vpc-cidr-assoc-0280ab6b", 
                    "CidrBlock": "10.2.0.0/16", 
                    "CidrBlockState": {
                        "State": "associated"
                    }
                }
            ], 
            "State": "available", 
            "DhcpOptionsId": "dopt-e0fe0e88", 
            "CidrBlock": "10.0.0.0/16", 
            "IsDefault": false
        }
    ]
}

Modify the IP address range of a subnet

Because you cannot modify the IP address of a subnet, delete the subnet, and then create a new subnet with the appropriate IP address range.

Important: Before you delete a subnet, be sure to create Amazon Machine Images or snapshots of existing resources as necessary, and then delete all the underlying resources in the subnet.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2015-05-29

Updated: 2018-04-10