AWS::EC2::Subnet - AWS CloudFormation (original) (raw)

Specifies a subnet for the specified VPC.

For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block.

For more information, see Subnets for your VPC in the Amazon VPC User Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::EC2::Subnet",
  "Properties" : {
      "AssignIpv6AddressOnCreation" : Boolean,
      "AvailabilityZone" : String,
      "AvailabilityZoneId" : String,
      "CidrBlock" : String,
      "EnableDns64" : Boolean,
      "EnableLniAtDeviceIndex" : Integer,
      "Ipv4IpamPoolId" : String,
      "Ipv4NetmaskLength" : Integer,
      "Ipv6CidrBlock" : String,
      "Ipv6IpamPoolId" : String,
      "Ipv6Native" : Boolean,
      "Ipv6NetmaskLength" : Integer,
      "MapPublicIpOnLaunch" : Boolean,
      "OutpostArn" : String,
      "PrivateDnsNameOptionsOnLaunch" : PrivateDnsNameOptionsOnLaunch,
      "Tags" : [ Tag, ... ],
      "VpcId" : String
    }
}

Properties

AssignIpv6AddressOnCreation

Indicates whether a network interface created in this subnet receives an IPv6 address. The default value is false.

If you specify AssignIpv6AddressOnCreation, you must also specify an IPv6 CIDR block.

Required: No

Type: Boolean

Update requires: No interruption

AvailabilityZone

The Availability Zone of the subnet.

If you update this property, you must also update the CidrBlock property.

Required: No

Type: String

Update requires: Replacement

AvailabilityZoneId

The AZ ID of the subnet.

Required: No

Type: String

Update requires: Replacement

CidrBlock

The IPv4 CIDR block assigned to the subnet.

If you update this property, we create a new subnet, and then delete the existing one.

Required: Conditional

Type: String

Update requires: Replacement

EnableDns64

Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.

Note

You must first configure a NAT gateway in a public subnet (separate from the subnet containing the IPv6-only workloads). For example, the subnet containing the NAT gateway should have a 0.0.0.0/0 route pointing to the internet gateway. For more information, see Configure DNS64 and NAT64 in the Amazon Virtual Private Cloud User Guide.

Required: No

Type: Boolean

Update requires: No interruption

EnableLniAtDeviceIndex

Indicates the device position for local network interfaces in this subnet. For example, 1 indicates local network interfaces in this subnet are the secondary network interface (eth1).

Required: No

Type: Integer

Update requires: No interruption

Ipv4IpamPoolId

An IPv4 IPAM pool ID for the subnet.

Required: No

Type: String

Update requires: Replacement

Ipv4NetmaskLength

An IPv4 netmask length for the subnet.

Required: No

Type: Integer

Update requires: Replacement

Ipv6CidrBlock

The IPv6 CIDR block.

If you specify AssignIpv6AddressOnCreation, you must also specify an IPv6 CIDR block.

Required: Conditional

Type: String

Update requires: Some interruptions

Ipv6IpamPoolId

An IPv6 IPAM pool ID for the subnet.

Required: No

Type: String

Update requires: Replacement

Ipv6Native

Indicates whether this is an IPv6 only subnet. For more information, see Subnet basics in the Amazon Virtual Private Cloud User Guide.

Required: No

Type: Boolean

Update requires: Replacement

Ipv6NetmaskLength

An IPv6 netmask length for the subnet.

Required: No

Type: Integer

Update requires: Replacement

MapPublicIpOnLaunch

Indicates whether instances launched in this subnet receive a public IPv4 address. The default value is false.

AWS charges for all public IPv4 addresses, including public IPv4 addresses associated with running instances and Elastic IP addresses. For more information, see the Public IPv4 Address tab on the VPC pricing page.

Required: No

Type: Boolean

Update requires: No interruption

OutpostArn

The Amazon Resource Name (ARN) of the Outpost.

Required: No

Type: String

Update requires: Replacement

PrivateDnsNameOptionsOnLaunch

The hostname type for EC2 instances launched into this subnet and how DNS A and AAAA record queries to the instances should be handled. For more information, see Amazon EC2 instance hostname types in the Amazon Elastic Compute Cloud User Guide.

Available options:

Required: No

Type: PrivateDnsNameOptionsOnLaunch

Update requires: No interruption

Tags

Any tags assigned to the subnet.

Required: No

Type: Array of Tag

Update requires: No interruption

VpcId

The ID of the VPC the subnet is in.

If you update this property, you must also update the CidrBlock property.

Required: Yes

Type: String

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the subnet.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

AvailabilityZone

The Availability Zone of this subnet. For example, us-east-1a.

AvailabilityZoneId

The Availability Zone ID of this subnet. For example, use1-az1.

CidrBlock

The IPv4 CIDR blocks that are associated with the subnet.

Ipv6CidrBlocks

The IPv6 CIDR blocks that are associated with the subnet.

NetworkAclAssociationId

The ID of the network ACL that is associated with the subnet's VPC, such asacl-5fb85d36.

OutpostArn

The Amazon Resource Name (ARN) of the Outpost.

SubnetId

The ID of the subnet.

VpcId

The ID of the subnet's VPC, such as vpc-11ad4878.

Examples

Subnet with an IPv4 CIDR

The following example creates a subnet with an IPv4 CIDR in a VPC with an IPv4 CIDR of 10.0.0.0/16. The VPC is declared elsewhere in the same template.

JSON

"mySubnet" : {
   "Type" : "AWS::EC2::Subnet",
   "Properties" : {
      "VpcId" : { "Ref" : "myVPC" },
      "CidrBlock" : "10.0.0.0/24",
      "AvailabilityZone" : "us-east-1a",
      "Tags" : [ { "Key" : "stack", "Value" : "production" } ]
   }
}

YAML

  mySubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref myVPC
      CidrBlock: 10.0.0.0/24
      AvailabilityZone: "us-east-1a"
      Tags:
      - Key: stack
        Value: production

Subnet with an IPv6 CIDR

The following example creates a subnet with an IPv6 CIDR in a VPC with an IPv6 CIDR provided by Amazon. The VPC is declared elsewhere in the same template. The example uses the Fn:Cidr intrinsic function to select an IPv6 range with a /64 netmask for the subnet.

JSON

"mySubnet": {
   "Type": "AWS::EC2::Subnet",
   "Properties": {
      "VpcId": { "Ref": "myVPC" },
      "Ipv6Native": "true",
      "Ipv6CidrBlock": { 
         "Fn::Select": 
            [ 0, { "Fn::Cidr": [{"Fn::Select": [0, {"Fn::GetAtt": ["myVpc", "Ipv6CidrBlocks"]}]}, 1, 64 ]}]
      },
      "AssignIpv6AddressOnCreation": "true"
   }
}

YAML

  mySubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref myVPC
      Ipv6Native: true
      Ipv6CidrBlock: !Select [ 0, !Cidr [ !Select [ 0, !GetAtt myVpc.Ipv6CidrBlocks], 1, 64 ]]
      AssignIpv6AddressOnCreation: true

See also