AWS - VPC Reserved IP Addresses

Posted August 21, 2018 by Matthew McGeehan

In an AWS VPC, the first four IP addresses and the last IP address in each subnet are reserved. These IP addresses can't be assigned directly to a resource. This is something that you need to keep in mind when creating a VPC. If you end up creating a CIDR block that's too small you are out of luck. The size of existing CIDR blocks can't be increased or decreased. When scoping a network in AWS the available subnet size ranges from /16 to a /28. Keep in mind that if you end up using a /28 there are only 11 usable IP addresses.

Example: 172.16.0.0/28

• .0 - Network address
• .1 - AWS VPC router
• .2 - AWS DNS server, this is based off of the VPC network range plus two.
• .3 - Reserved for future use.
• .15 - Reserved for future use.

Other Restrictions:

Be wary of overlapping CIDR blocks. There are a ton of restrictions about overlapping IP space in a VPC. Below are some things to keep in mind if you come from a traditional networking background.

1. A new subnet cannot overlap with one that currently exists in the VPC.
2. A similar check is performed against the VPC routing table. If the route table includes a route pointing to the VGW for 10.10.10.0/24 that specific subnet or a larger (example 10.0.0.0/16) cannot be associated with the VPC.