CloudWiki
Resource

Subnet

Amazon Web Services
Network
A subnet is a range of IP addresses in your VPC where you can launch into it AWS resources, such as EC2 instances.
Terraform Name
terraform
aws_subnet
Subnet
attributes:
  • assign_ipv6_address_on_creation - (Optional) Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false
  • availability_zone - (Optional) AZ for the subnet.
  • availability_zone_id - (Optional) AZ ID of the subnet. This argument is not supported in all regions or partitions. If necessary, use availability_zone instead.
  • cidr_block - (Optional) The IPv4 CIDR block for the subnet.
  • customer_owned_ipv4_pool - (Optional) The customer owned IPv4 address pool. Typically used with the map_customer_owned_ip_on_launch argument. The outpost_arn argument must be specified when configured.
  • enable_dns64 - (Optional) Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: false.
  • enable_resource_name_dns_aaaa_record_on_launch - (Optional) Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: false.
  • enable_resource_name_dns_a_record_on_launch - (Optional) Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false.
  • ipv6_cidr_block - (Optional) The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.
  • ipv6_native - (Optional) Indicates whether to create an IPv6-only subnet. Default: false.
  • map_customer_owned_ip_on_launch - (Optional) Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The customer_owned_ipv4_pool and outpost_arn arguments must be specified when set to true. Default is false.
  • map_public_ip_on_launch - (Optional) Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false.
  • outpost_arn - (Optional) The Amazon Resource Name (ARN) of the Outpost.
  • private_dns_hostname_type_on_launch - (Optional) The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name.
  • vpc_id - (Required) The VPC ID.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Associating resources with a
Subnet
Resources do not "belong" to a
Subnet
Rather, one or more Security Groups are associated to a resource.
Create
Subnet
via Terraform:
The following HCL creates a subnet in a VPC with a specified IPv4 CIDR block
Syntax:

resource "aws_subnet" "main" {
 vpc_id     = aws_vpc.main.id
 cidr_block = "10.0.1.0/24"

 tags = {
   Name = "Main"
 }
}

Create
Subnet
via CLI:
Parametres:

create-subnet
[--tag-specifications <value>]
[--availability-zone <value>]
[--availability-zone-id <value>]
[--cidr-block <value>]
[--ipv6-cidr-block <value>]
[--outpost-arn <value>]
--vpc-id <value>
[--dry-run | --no-dry-run]
[--ipv6-native | --no-ipv6-native]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws ec2 create-subnet \
   --vpc-id vpc-081ec835f3EXAMPLE \
   --cidr-block 10.0.0.0/24 \
   --tag-specifications ResourceType=subnet,Tags=[{Key=Name,Value=my-ipv4-only-subnet}]

aws cost
Costs
There is no additional charge for using Subnets, as it is a fundamental component of Amazon VPC and included in the overall VPC usage charge. The cost of using an Amazon VPC will depend on the number of subnets, the number of IP addresses, and the amount of data processed.
Direct Cost

--

Indirect Cost
Best Practices for
Subnet

Categorized by Availability, Security & Compliance and Cost

Low
Access allowed from VPN
No items found.
Low
Auto Scaling Group not in use
No items found.
Medium
Connections towards DynamoDB should be via VPC endpoints
No items found.
Medium
Container in CrashLoopBackOff state
No items found.
Low
EC2 with GPU capabilities
No items found.
Medium
EC2 with high privileged policies
No items found.
Medium
ECS cluster delete alarm
No items found.
Critical
ECS task with Admin access (*:*)
Medium
ECS task with high privileged policies
No items found.
Critical
EKS cluster delete alarm
No items found.
Medium
ElastiCache cluster delete alarm
No items found.
Medium
Ensure Container liveness probe is configured
No items found.
Medium
Ensure ECS task definition has memory limit
No items found.
Critical
Ensure EMR cluster master nodes are not publicly accessible
No items found.
More from
Amazon Web Services