Bird
Raised Fist0
AWScloud~5 mins

CIDR blocks and IP addressing in AWS - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
When you create networks in the cloud, you need to decide which IP addresses devices will use. CIDR blocks help you define a range of IP addresses in a simple way. This lets your cloud resources talk to each other without conflicts.
When setting up a new virtual private cloud (VPC) in AWS to isolate your resources.
When you want to divide your network into smaller parts called subnets for better organization.
When you need to control which IP addresses can access your servers.
When connecting multiple networks and avoiding overlapping IP addresses.
When planning how many devices or servers you want to fit in your network.
Config File - vpc.yaml
vpc.yaml
Resources:
  MyVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: my-vpc
  MySubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MyVPC
      CidrBlock: 10.0.1.0/24
      AvailabilityZone: us-east-1a
      Tags:
        - Key: Name
          Value: my-subnet

This file creates a VPC with a CIDR block of 10.0.0.0/16, which means it can hold many IP addresses.

It also creates a subnet inside that VPC with a smaller CIDR block 10.0.1.0/24, which is a smaller range inside the VPC.

This setup helps organize your network and control IP address allocation.

Commands
This command creates a new VPC with the IP address range 10.0.0.0 to 10.0.255.255, allowing many devices inside.
Terminal
aws ec2 create-vpc --cidr-block 10.0.0.0/16
Expected OutputExpected
{ "Vpc": { "VpcId": "vpc-0abcd1234efgh5678", "State": "pending", "CidrBlock": "10.0.0.0/16", "IsDefault": false } }
--cidr-block - Defines the IP address range for the VPC using CIDR notation
This command creates a subnet inside the VPC with a smaller IP range, allowing better organization and control.
Terminal
aws ec2 create-subnet --vpc-id vpc-0abcd1234efgh5678 --cidr-block 10.0.1.0/24 --availability-zone us-east-1a
Expected OutputExpected
{ "Subnet": { "SubnetId": "subnet-0123abcd4567efgh8", "VpcId": "vpc-0abcd1234efgh5678", "CidrBlock": "10.0.1.0/24", "AvailabilityZone": "us-east-1a", "State": "pending" } }
--vpc-id - Specifies which VPC the subnet belongs to
--cidr-block - Defines the IP address range for the subnet
--availability-zone - Sets the physical location for the subnet
This command checks the details of the VPC to confirm the CIDR block and status.
Terminal
aws ec2 describe-vpcs --vpc-ids vpc-0abcd1234efgh5678
Expected OutputExpected
{ "Vpcs": [ { "VpcId": "vpc-0abcd1234efgh5678", "State": "available", "CidrBlock": "10.0.0.0/16", "IsDefault": false } ] }
--vpc-ids - Filters the output to show only the specified VPC
This command checks the details of the subnet to confirm its CIDR block and availability zone.
Terminal
aws ec2 describe-subnets --subnet-ids subnet-0123abcd4567efgh8
Expected OutputExpected
{ "Subnets": [ { "SubnetId": "subnet-0123abcd4567efgh8", "VpcId": "vpc-0abcd1234efgh5678", "CidrBlock": "10.0.1.0/24", "AvailabilityZone": "us-east-1a", "State": "available" } ] }
--subnet-ids - Filters the output to show only the specified subnet
Key Concept

If you remember nothing else from this pattern, remember: CIDR blocks define the size and range of IP addresses your cloud network can use.

Common Mistakes
Using overlapping CIDR blocks for multiple VPCs or subnets
Overlapping IP ranges cause network conflicts and communication failures between resources.
Plan and assign unique, non-overlapping CIDR blocks for each VPC and subnet.
Choosing too small a CIDR block that cannot hold enough IP addresses
You will run out of IP addresses and cannot add more resources to the network.
Estimate the number of devices and choose a CIDR block large enough to fit them.
Not specifying the correct VPC ID when creating subnets
The subnet will not be created in the intended VPC, causing confusion and errors.
Always double-check and use the correct VPC ID when creating subnets.
Summary
Create a VPC with a CIDR block to define the IP address range for your cloud network.
Create subnets inside the VPC with smaller CIDR blocks to organize and separate resources.
Use AWS CLI commands to create and verify your VPC and subnets with their CIDR blocks.

Practice

(1/5)
1. What does a CIDR block like 192.168.1.0/24 represent in AWS networking?
easy
A. A single IP address 192.168.1.24
B. An invalid IP address range
C. A subnet mask of 255.255.0.0
D. A range of IP addresses from 192.168.1.0 to 192.168.1.255

Solution

  1. Step 1: Understand CIDR notation

    The number after the slash (/24) shows how many bits are fixed for the network part. Here, 24 bits fixed means the first 3 parts (192.168.1) are fixed.

  2. Step 2: Calculate the IP range

    With 24 bits fixed, the last 8 bits can vary from 0 to 255, so the range is 192.168.1.0 to 192.168.1.255.

  3. Final Answer:

    A range of IP addresses from 192.168.1.0 to 192.168.1.255 -> Option D

  4. Quick Check:

    CIDR /24 means 256 addresses [OK]
Hint: Count bits after slash to find IP range size [OK]
Common Mistakes:
  • Confusing CIDR with a single IP
  • Misreading the subnet mask bits
  • Assuming /24 means only 24 addresses
2. Which of the following is the correct CIDR notation for a subnet with 512 IP addresses?
easy
A. /23
B. /25
C. /22
D. /24

Solution

  1. Step 1: Calculate bits needed for 512 addresses

    512 addresses require 9 bits (2^9 = 512) for host part.

  2. Step 2: Determine CIDR prefix

    IPv4 has 32 bits total, so prefix = 32 - 9 = 23. So CIDR is /23.

  3. Final Answer:

    /23 -> Option A

  4. Quick Check:

    512 IPs = 2^(32-23) = 512 [OK]
Hint: Use 32 minus log2(IP count) for CIDR [OK]
Common Mistakes:
  • Choosing /24 which gives only 256 addresses
  • Confusing /22 with 1024 addresses
  • Miscounting bits for hosts
3. Given the CIDR block 10.0.0.0/26, how many usable IP addresses are available for hosts?
medium
A. 64
B. 62
C. 32
D. 30

Solution

  1. Step 1: Calculate total IPs in /26 block

    /26 means 32 - 26 = 6 bits for hosts, so total IPs = 2^6 = 64.

  2. Step 2: Subtract network and broadcast addresses

    Two addresses are reserved (network and broadcast), so usable IPs = 64 - 2 = 62.

  3. Final Answer:

    62 -> Option B

  4. Quick Check:

    Usable IPs = total - 2 [OK]
Hint: Usable IPs = 2^(32 - prefix) - 2 [OK]
Common Mistakes:
  • Counting all IPs as usable
  • Forgetting to subtract network and broadcast
  • Mixing up prefix length and host bits
4. You have a VPC with CIDR block 172.16.0.0/16. You want to create two subnets without overlapping IPs. Which pair of CIDR blocks is valid?
medium
A. 172.16.0.0/17 and 172.16.128.0/17
B. 172.16.0.0/18 and 172.16.64.0/17
C. 172.16.0.0/16 and 172.16.0.0/17
D. 172.16.0.0/15 and 172.16.128.0/17

Solution

  1. Step 1: Understand the VPC range

    172.16.0.0/16 covers IPs from 172.16.0.0 to 172.16.255.255.

  2. Step 2: Check subnet ranges for overlap

    /17 splits the /16 into two halves: 172.16.0.0 to 172.16.127.255 and 172.16.128.0 to 172.16.255.255. These do not overlap.

  3. Final Answer:

    172.16.0.0/17 and 172.16.128.0/17 -> Option A

  4. Quick Check:

    Non-overlapping halves split /16 into two /17s [OK]
Hint: Split CIDR by increasing prefix to avoid overlap [OK]
Common Mistakes:
  • Choosing overlapping CIDRs
  • Using larger CIDR than VPC block
  • Ignoring subnet mask sizes
5. You need to design a VPC with exactly 3 subnets: one public with 100 IPs, one private with 50 IPs, and one isolated with 25 IPs. Which CIDR block allocation fits best inside 10.0.0.0/24 without overlap?
hard
A. 10.0.0.0/24, 10.0.1.0/25, 10.0.2.0/26
B. 10.0.0.0/26, 10.0.0.64/26, 10.0.0.128/26
C. 10.0.0.0/25, 10.0.0.128/26, 10.0.0.192/27
D. 10.0.0.0/26, 10.0.0.64/27, 10.0.0.96/28

Solution

  1. Step 1: Calculate needed CIDR for each subnet

    100 IPs need at least /25 (128 IPs), 50 IPs need /26 (64 IPs), 25 IPs need /27 (32 IPs).

  2. Step 2: Assign CIDRs inside 10.0.0.0/24 without overlap

    10.0.0.0/25 covers 0-127, 10.0.0.128/26 covers 128-191, 10.0.0.192/27 covers 192-223. These fit perfectly without overlap.

  3. Final Answer:

    10.0.0.0/25, 10.0.0.128/26, 10.0.0.192/27 -> Option C

  4. Quick Check:

    Subnet sizes fit and sum within /24 [OK]
Hint: Match subnet size to nearest CIDR block, assign sequentially [OK]
Common Mistakes:
  • Using CIDRs too small for IP needs
  • Overlapping subnet ranges
  • Assigning subnets outside VPC CIDR