Troubleshooting Error creating EC2 Subnet InvalidSubnet Range The CIDR is Invalid

In this blog post we will take a look on how to fix the issue of Error: Creating EC2 Subnet: InvalidSubnet.Range: The CIDR '100.1.1.0/24' is Invalid

Error: creating EC2 Subnet: InvalidSubnet.Range: The CIDR '100.1.1.0/24' is invalid

Table of Content

  1. Introduction
  2. Understanding the Error
  3. Prerequisites for Troubleshooting
  4. Troubleshooting the Error
  5. Best Practices for Subnet Configuration
  6. Conclusion
  7. FAQs

1. Introduction to error

While working on AWS with VPC and Subnet, it is very often that you might run into the issues where you stuck with the error - Error: Creating EC2 Subnet: InvalidSubnet.Range: The CIDR '100.1.1.0/24' is Invalid.

There could be many reason behind this issue and in this blog post I will walk you through the various troubleshooting methods which you can take to prevent it from happening.

2. Understanding the Error

2.1 InvalidSubnet.Range Error

The InvalidSubnet.Range error occurs when you try to create a subnet using an invalid CIDR block. This error prevents the subnet from being created and can cause issues in your VPC configuration.

Here is my terraform code stack which caused this issues -

 1# Following code will create VPC 
 2# VPC CIDR - 10.0.0.0/16 
 3# Error Root Cause - My subnet range is different .i.e.  100.0.3.0/24
 4
 5resource "aws_vpc" "vpc-jhooq-eu-central-1" {
 6  cidr_block = "10.0.0.0/16"
 7  tags = {
 8    Name = "vpc-jhooq-eu-central-1"
 9  }
10}

Here is my Subnet range which I have defined inside my terraform.tfvars

 1# Following subnet CIDR are - 100.0.1.0/24, 100.0.2.0/24, 100.0.3.0/24, 100.0.4.0/24
 2# VPC range and subnet range are different
 3
 4variable "cidr_public_subnet" {
 5  type        = list(string)
 6  description = "Public Subnet CIDR values"
 7  default     = ["100.0.1.0/24","100.0.2.0/24"]
 8}
 9variable "cidr_private_subnet" {
10  type        = list(string)
11  description = "Private Subnet CIDR values"
12  default     = ["100.0.3.0/24","100.0.4.0/24"]
13}

2.2 CIDR Notation

CIDR (Classless Inter-Domain Routing) notation is a compact representation of an IP address and its associated network mask.

It is written as the IP address, followed by a slash (/), and the number of bits in the network mask.

The CIDR block '100.1.1.0/24' mentioned in the error message represents a range of IP addresses from 100.1.1.0 to 100.1.1.255.

And the VPC range (10.0.0.0/16) is very much different from the range.


3. Prerequisites for Troubleshooting

Before we start troubleshooting, make sure you have the following:

3.1 AWS Account

Ensure you have an active AWS account with the necessary permissions to create and manage VPCs and subnets.

3.2 AWS CLI

Install and configure the AWS Command Line Interface (CLI) on your machine to interact with AWS services through the command line.


4. Troubleshooting the Error

4.1 Identifying the Incorrect CIDR Block

The primary cause of the InvalidSubnet.Range error is using an incorrect CIDR block.

The CIDR block '100.1.1.0/24' belongs to the public IP address range and should not be used for private subnets.

Proposed Solution - Use the Internal IP address CIDR range .i.e. - 10.0.1.0/16

4.2 Correcting the CIDR Block

You should choose the valid CIDR range, here are few example of CIDR range which you can choose -

  • 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
  • 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
  • 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)

4.3 Re-creating the EC2 Subnet

If previous suggestion does not work then you can re-create the EC2 subnet. Use the following AWS CLI to re-create the ec2 subnet

1aws ec2 create-subnet --vpc-id <your_vpc_id> --cidr-block 10.0.1.0/24

Replace <your_vpc_id> with your actual VPC ID and update the CIDR block to match the one you have chosen.


5. Best Practices for Subnet Configuration

To avoid errors like the InvalidSubnet.Range error, follow these best practices for subnet configuration:

5.1 Planning IP Addressing

  1. Plan your IP addressing scheme carefully to ensure that there are no overlaps between subnets and that you have enough IP addresses for your resources.
  2. Consider the growth of your infrastructure and allocate sufficient address space to accommodate future needs.

5.2 Private vs. Public Subnets

  1. Create separate private and public subnets within your VPC.
  2. Private subnets should use private IP address ranges, while public subnets can use public IP address ranges if necessary.
  3. Ensure that the CIDR blocks for private and public subnets do not overlap.

5.3 Subnet Size

  1. Select the appropriate subnet size based on the number of resources you plan to deploy in the subnet.
  2. A larger CIDR block provides more IP addresses but can result in wasted address space.
  3. Conversely, a smaller CIDR block may not provide enough IP addresses for your resources, leading to address exhaustion.

Conclusion

The InvalidSubnet.Range error occurs when you attempt to create a subnet with an invalid CIDR block. By identifying the incorrect CIDR block, selecting a valid one from the private IP address ranges, and re-creating the subnet, you can resolve this error.

Following best practices for subnet configuration, such as planning IP addressing, separating private and public subnets, and choosing the appropriate subnet size, can help prevent this error and ensure a smoothly functioning VPC.

7. FAQs

7.1 What is CIDR notation?

CIDR notation is a compact representation of an IP address and its associated network mask, written as the IP address followed by a slash (/) and the number of bits in the network mask.

7.2 What are the private IP address ranges?

The private IP address ranges, as specified by RFC 1918, are:

  • 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
  • 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
  • 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)

7.3 How do I create a subnet using the AWS CLI?

To create a subnet using the AWS CLI, use the following command:

1aws ec2 create-subnet --vpc-id <your_vpc_id> --cidr-block <your_cidr_block> 

Replace <your_vpc_id> with your actual VPC ID and <your_cidr_block> with the CIDR block you have chosen.

7.4 What is the difference between a private subnet and a public subnet?

A private subnet is a subnet that uses private IP address ranges and does not have direct access to the internet. A public subnet, on the other hand, can use public IP address ranges

Posts in this series