Issue
I'm using CloudFormation to define a subnet and EC2 instance. I want to allocate a particular private IP address to an EC2 instance and have attempted to do so using the resource definitions such as those below.
When I try to deploy my template the creation of the NetworkInterface resource fails with the message 'Address is in subnet's reserved address range'. I've tried to work this out but am not making progress. How do I define my subnet with a range of private IP addresses which I can apply to my EC2 instances?
Thanks.
Note: The whole template contains other resources and so I've attempted to reduce it to the important components, hence the below is purposely incomplete.
"SharedVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.10.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"InstanceTenancy": "default"
}
},
"SharedVPCPrivateSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "eu-west-1a",
"CidrBlock": "10.10.129.0/24",
"MapPublicIpOnLaunch": false,
"VpcId": {
"Ref": "SharedVPC"
}
}
},
"DbServerEC2Instance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"KeyName": "WindowsEC2",
"InstanceType": "t2.micro",
"AvailabilityZone": "eu-west-1a",
"ImageId": {
"Ref": "DbServerEC2ImageAMI"
},
"IamInstanceProfile": {
"Ref": "EC2InstanceProfile"
},
"NetworkInterfaces": [{
"NetworkInterfaceId": {
"Ref": "DbServerEC2InstanceNetworkInterface"
},
"DeviceIndex" : "0"
}]
}
},
"DbServerEC2InstanceNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "eth0",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.10.129.2",
"Primary": "true"
},
{
"PrivateIpAddress": "10.10.129.3",
"Primary": "false"
}
],
"SourceDestCheck": "true",
"SubnetId": {
"Ref": "SharedVPCPrivateSubnet1"
}
}
}
Solution
AWS reserves the first 4 IP addresses and the last IP of a subnets. These ranges within a subnet are not available.
The AWS documentation states the following:
The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance. For example, in a subnet with CIDR block
10.0.0.0/24
, the following five IP addresses are reserved:
10.0.0.0
: Network address.10.0.0.1
: Reserved by AWS for the VPC router.10.0.0.2
: Reserved by AWS. The IP address of the DNS server is the base of the VPC network range plus two. For VPCs with multiple CIDR blocks, the IP address of the DNS server is located in the primary CIDR. We also reserve the base of each subnet range plus two for all CIDR blocks in the VPC. For more information, see Amazon DNS server.10.0.0.3
: Reserved by AWS for future use.10.0.0.255
: Network broadcast address. We do not support broadcast in a VPC, therefore we reserve this address.
Answered By - Chris Williams Answer Checked By - Robin (WPSolving Admin)