Detect, troubleshoot & optimize AWS environments in real-time ->

Amazon Web Service (AWS)


A subnet is a range of IP addresses in your VPC where you can launch into it AWS resources, such as EC2 instances.
There is no additional charge for using Subnets, as it is a fundamental component of Amazon VPC and included in the overall VPC usage charge. The cost of using an Amazon VPC will depend on the number of subnets, the number of IP addresses, and the amount of data processed.
Direct Cost


Indirect Cost
Terraform Name
  • assign_ipv6_address_on_creation - (Optional) Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false
  • availability_zone - (Optional) AZ for the subnet.
  • availability_zone_id - (Optional) AZ ID of the subnet. This argument is not supported in all regions or partitions. If necessary, use availability_zone instead.
  • cidr_block - (Optional) The IPv4 CIDR block for the subnet.
  • customer_owned_ipv4_pool - (Optional) The customer owned IPv4 address pool. Typically used with the map_customer_owned_ip_on_launch argument. The outpost_arn argument must be specified when configured.
  • enable_dns64 - (Optional) Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations. Default: false.
  • enable_resource_name_dns_aaaa_record_on_launch - (Optional) Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. Default: false.
  • enable_resource_name_dns_a_record_on_launch - (Optional) Indicates whether to respond to DNS queries for instance hostnames with DNS A records. Default: false.
  • ipv6_cidr_block - (Optional) The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.
  • ipv6_native - (Optional) Indicates whether to create an IPv6-only subnet. Default: false.
  • map_customer_owned_ip_on_launch - (Optional) Specify true to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The customer_owned_ipv4_pool and outpost_arn arguments must be specified when set to true. Default is false.
  • map_public_ip_on_launch - (Optional) Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false.
  • outpost_arn - (Optional) The Amazon Resource Name (ARN) of the Outpost.
  • private_dns_hostname_type_on_launch - (Optional) The type of hostnames to assign to instances in the subnet at launch. For IPv6-only subnets, an instance DNS name must be based on the instance ID. For dual-stack and IPv4-only subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID. Valid values: ip-name, resource-name.
  • vpc_id - (Required) The VPC ID.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Associating resources with a
Resources do not "belong" to a
Rather, one or more Security Groups are associated to a resource.
via Terraform:
The following HCL creates a subnet in a VPC with a specified IPv4 CIDR block

resource "aws_subnet" "main" {
 vpc_id     =
 cidr_block = ""

 tags = {
   Name = "Main"

via CLI:

[--tag-specifications <value>]
[--availability-zone <value>]
[--availability-zone-id <value>]
[--cidr-block <value>]
[--ipv6-cidr-block <value>]
[--outpost-arn <value>]
--vpc-id <value>
[--dry-run | --no-dry-run]
[--ipv6-native | --no-ipv6-native]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--endpoint-url <value>]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]


aws ec2 create-subnet \
   --vpc-id vpc-081ec835f3EXAMPLE \
   --cidr-block \
   --tag-specifications ResourceType=subnet,Tags=[{Key=Name,Value=my-ipv4-only-subnet}]

Best Practices for

Categorized by Availability, Security & Compliance and Cost

Ensure subnets do not assign public IP by default
No items found.
Explore all the rules our platform covers
Related blog posts
All Resources