Amazon Web Service (AWS)


A subnet is a range of IP addresses in your VPC where you can launch into it AWS resources, such as EC2 instances.
  • assign_ipv6_address_on_creation - (Optional) Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false
  • availability_zone - (Optional) AZ for the subnet.
  • availability_zone_id - (Optional) AZ ID of the subnet. This argument is not supported in all regions or partitions. If necessary, use availability_zone instead.
  • cidr_block - (Optional) The IPv4 CIDR block for the subnet.
  • customer_owned_ipv4_pool - (Optional) The customer owned IPv4 address pool. Typically used with the map_customer_owned_ip_on_launch argument. The outpost_arn argument must be specified when configured.
  • enable_dns64 - (Optional) Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: false.
  • enable_resource_name_dns_aaaa_record_on_launch - (Optional) Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: false.
  • enable_resource_name_dns_a_record_on_launch - (Optional) Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false.
  • ipv6_cidr_block - (Optional) The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.
  • ipv6_native - (Optional) Indicates whether to create an IPv6-only subnet. Default: false.
  • map_customer_owned_ip_on_launch - (Optional) Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The customer_owned_ipv4_pool and outpost_arn arguments must be specified when set to true. Default is false.
  • map_public_ip_on_launch - (Optional) Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false.
  • outpost_arn - (Optional) The Amazon Resource Name (ARN) of the Outpost.
  • private_dns_hostname_type_on_launch - (Optional) The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name.
  • vpc_id - (Required) The VPC ID.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Associating resources with a
Resources do not "belong" to a
Rather, one or more Security Groups are associated to a resource.
via Terraform:
The following HCL creates a subnet in a VPC with a specified IPv4 CIDR block

resource "aws_subnet" "main" {
 vpc_id     =
 cidr_block = ""

 tags = {
   Name = "Main"

via CLI:

[--tag-specifications <value>]
[--availability-zone <value>]
[--availability-zone-id <value>]
[--cidr-block <value>]
[--ipv6-cidr-block <value>]
[--outpost-arn <value>]
--vpc-id <value>
[--dry-run | --no-dry-run]
[--ipv6-native | --no-ipv6-native]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--endpoint-url <value>]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]


aws ec2 create-subnet \
   --vpc-id vpc-081ec835f3EXAMPLE \
   --cidr-block \
   --tag-specifications ResourceType=subnet,Tags=[{Key=Name,Value=my-ipv4-only-subnet}]

Best Practices for

Categorized by Availability, Security & Compliance and Cost

Ensure subnets do not assign public IP by default
No items found.
Explore all the rules our platform covers
All Resources