Menu
I am learning AWS CloudFormation. Now, I am trying to create a template for VPC and Subnets. I am now creating a VPC.
This is my template:
AWSTemplateFormatVersion: '2010-09-09'
Description: "Template for Networks and IAM Roles"
Resources:
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: '10.0.0.0/16'
EnableDnsHostnames: True
EnableDnsSupport: True
What I don't understand here is that CidrBlock. Now, I specified it as, 10.0.0.0/16. To be honest, how does it work exactly. Is setting it as 10.0.0.0/16 always going to work? What is that for? How does that IP address range work exactly? How does it help? How can I determine which value to set for it? Is there a formula to calculate it? How? I saw an existing VPC in my console. The IP address is different.
Also, how can I calculate to split it to assign to subnets?
I am seeking an understanding of the following template, especially Cidr for subnets.
AWSTemplateFormatVersion: '2010-09-09'
Description: "Template for Networks and IAM Roles"
Parameters:
VpcCidr:
Default: '10.0.0.0/16'
Type: String
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
Resources:
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsHostnames: True
EnableDnsSupport: True
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
CidrBlock: !Select [ 0, !Cidr [ !Ref VpcCidr, 12, 8 ] ]
MapPublicIpOnLaunch: True
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref "AWS::Region"
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref Vpc
CidrBlock: !Select [ 1, !Cidr [ !Ref VpcCidr, 12, 8 ] ]
MapPublicIpOnLaunch: True
AvailabilityZone: !Select
- 0
- Fn::GetAZs: !Ref "AWS::Region"
660
How many addresses does a CIDR block represent? You calculate 2 32-prefix , where prefix is the number after the slash. For example, /29 contains 232-29=23=8 addresses. Here's a quick table that you can reference for the most CIDR blocks.
You assign a single Classless Internet Domain Routing (CIDR) IP address range as the primary CIDR block when you create a VPC and can add up to four (4) secondary CIDR blocks after creation of the VPC.
The allowed block size is between a /28 netmask and /16 netmask. If you create more than one subnet in a VPC, the CIDR blocks of the subnets cannot overlap. For example, if you create a VPC with CIDR block 10.0. 0.0/24 , it supports 256 IP addresses.
There are way too many sub-questions to answer each of them individually here. Instead I can write this.
CIDRs for VPC are selected from three common ranges:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
These ranges are used because they are not-routable over the internet.
10.0.0.0/16 - is the most commonly used CIDR used for VPC. This give you 65535 private IP addresses to work with in your VPC.
You commonly divide it to subnets of size /24, each with 255 private addresses. For example:
If you use the above pattern for VPC and subnets, you don't have to do any calculations or memorize any formals. Of course if you want to have more specific subnets, or subnets of different sizes, you have to learn how to calculate subnets. There are many resources and tools on the internet for that. Examples are:
Update
The template uses intristic function Fn::Cidr.
The construct:
!Cidr [ !Ref VpcCidr, 12, 8 ]
Will create a list of 12 CIDR ranges, of size of /24 (32-8). Each subnet will have 255 addresses. The Select is used to chose individual CIDRs from the list:
!Select [ 0, !Cidr [ !Ref VpcCidr, 12, 8 ] ] # 10.0.0.0/24
!Select [ 1, !Cidr [ !Ref VpcCidr, 12, 8 ] ] # 10.0.1.0/24
!Select [ 2, !Cidr [ !Ref VpcCidr, 12, 8 ] ] # 10.0.2.0/24
!Select [ 11, !Cidr [ !Ref VpcCidr, 12, 8 ] ] # 10.0.11.0/24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
