How to solve the "CIDR Address is not within CIDR Address from VPC" AWS riddle?

Question

I know it's a common question, but all the existing answers don't work in my case.

I'm trying to create a subnet on AWS and the current VPC CIDR is 172.31.0.0/16

Then when I'm entering 10.0.0.0/28 into IPv4 CIDR block it says

CIDR Address is not within CIDR Address from VPC

I also tried 10.0.0.0/16 as suggested and any other number and it doesn't work.

How to solve this riddle?

Why doesn't AWS just offer a default setting there?

Answer 1

If you're creating a subnet within 172.31.0.0/16 then your available IP pool space is between 172.31.0.0 - 172.31.255.255 (excluding reserved addressed).

You cannot have any overlapping ranges with existing subnets and need to include a range between /16 and /28.

Take a look at cidr.xyz, it is great for looking at available CIDR ranges.

Answer 2

If the VPC CIDR is 172.31.0.0/16, then all subnets must be within that CIDR. The subnets should always start 172.31.* since you have /16 mask. I'd highly recommend reading up on VPC sub-netting, there's more to it, including subnet count and addresses available per subnet: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html#VPC_Sizing