Troubleshooting Error creating EC2 Subnet InvalidSubnet Range The CIDR is Invalid
In this blog post we will take a look on how to fix the issue of Error: Creating EC2 Subnet: InvalidSubnet.Range: The CIDR '100.1.1.0/24' is Invalid
Table of Content
- Introduction
- Understanding the Error
- Prerequisites for Troubleshooting
- Troubleshooting the Error
- Best Practices for Subnet Configuration
- Conclusion
- FAQs
1. Introduction to error
While working on AWS with VPC and Subnet, it is very often that you might run into the issues where you stuck with the error - Error: Creating EC2 Subnet: InvalidSubnet.Range: The CIDR '100.1.1.0/24' is Invalid.
There could be many reason behind this issue and in this blog post I will walk you through the various troubleshooting methods which you can take to prevent it from happening.
2. Understanding the Error
2.1 InvalidSubnet.Range Error
The InvalidSubnet.Range error occurs when you try to create a subnet using an invalid CIDR block. This error prevents the subnet from being created and can cause issues in your VPC configuration.
Here is my terraform code stack which caused this issues -
1# Following code will create VPC
2# VPC CIDR - 10.0.0.0/16
3# Error Root Cause - My subnet range is different .i.e. 100.0.3.0/24
4
5resource "aws_vpc" "vpc-jhooq-eu-central-1" {
6 cidr_block = "10.0.0.0/16"
7 tags = {
8 Name = "vpc-jhooq-eu-central-1"
9 }
10}
Here is my Subnet range which I have defined inside my terraform.tfvars
1# Following subnet CIDR are - 100.0.1.0/24, 100.0.2.0/24, 100.0.3.0/24, 100.0.4.0/24
2# VPC range and subnet range are different
3
4variable "cidr_public_subnet" {
5 type = list(string)
6 description = "Public Subnet CIDR values"
7 default = ["100.0.1.0/24","100.0.2.0/24"]
8}
9variable "cidr_private_subnet" {
10 type = list(string)
11 description = "Private Subnet CIDR values"
12 default = ["100.0.3.0/24","100.0.4.0/24"]
13}
2.2 CIDR Notation
CIDR (Classless Inter-Domain Routing) notation is a compact representation of an IP address and its associated network mask.
It is written as the IP address, followed by a slash (/), and the number of bits in the network mask.
The CIDR block '100.1.1.0/24' mentioned in the error message represents a range of IP addresses from 100.1.1.0 to 100.1.1.255.
And the VPC range (10.0.0.0/16) is very much different from the range.
3. Prerequisites for Troubleshooting
Before we start troubleshooting, make sure you have the following:
3.1 AWS Account
Ensure you have an active AWS account with the necessary permissions to create and manage VPCs and subnets.
3.2 AWS CLI
Install and configure the AWS Command Line Interface (CLI) on your machine to interact with AWS services through the command line.
4. Troubleshooting the Error
4.1 Identifying the Incorrect CIDR Block
The primary cause of the InvalidSubnet.Range error is using an incorrect CIDR block.
The CIDR block '100.1.1.0/24' belongs to the public IP address range and should not be used for private subnets.
Proposed Solution - Use the Internal IP address CIDR range .i.e. - 10.0.1.0/16
4.2 Correcting the CIDR Block
You should choose the valid CIDR range, here are few example of CIDR range which you can choose -
- 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
- 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
- 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
4.3 Re-creating the EC2 Subnet
If previous suggestion does not work then you can re-create the EC2 subnet. Use the following AWS CLI to re-create the ec2 subnet
1aws ec2 create-subnet --vpc-id <your_vpc_id> --cidr-block 10.0.1.0/24
Replace <your_vpc_id> with your actual VPC ID and update the CIDR block to match the one you have chosen.
5. Best Practices for Subnet Configuration
To avoid errors like the InvalidSubnet.Range error, follow these best practices for subnet configuration:
5.1 Planning IP Addressing
- Plan your IP addressing scheme carefully to ensure that there are no overlaps between subnets and that you have enough IP addresses for your resources.
- Consider the growth of your infrastructure and allocate sufficient address space to accommodate future needs.
5.2 Private vs. Public Subnets
- Create separate private and public subnets within your VPC.
- Private subnets should use private IP address ranges, while public subnets can use public IP address ranges if necessary.
- Ensure that the CIDR blocks for private and public subnets do not overlap.
5.3 Subnet Size
- Select the appropriate subnet size based on the number of resources you plan to deploy in the subnet.
- A larger CIDR block provides more IP addresses but can result in wasted address space.
- Conversely, a smaller CIDR block may not provide enough IP addresses for your resources, leading to address exhaustion.
Conclusion
The InvalidSubnet.Range error occurs when you attempt to create a subnet with an invalid CIDR block. By identifying the incorrect CIDR block, selecting a valid one from the private IP address ranges, and re-creating the subnet, you can resolve this error.
Following best practices for subnet configuration, such as planning IP addressing, separating private and public subnets, and choosing the appropriate subnet size, can help prevent this error and ensure a smoothly functioning VPC.
7. FAQs
7.1 What is CIDR notation?
CIDR notation is a compact representation of an IP address and its associated network mask, written as the IP address followed by a slash (/) and the number of bits in the network mask.
7.2 What are the private IP address ranges?
The private IP address ranges, as specified by RFC 1918, are:
- 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
- 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
- 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
7.3 How do I create a subnet using the AWS CLI?
To create a subnet using the AWS CLI, use the following command:
1aws ec2 create-subnet --vpc-id <your_vpc_id> --cidr-block <your_cidr_block>
Replace <your_vpc_id> with your actual VPC ID and <your_cidr_block> with the CIDR block you have chosen.
7.4 What is the difference between a private subnet and a public subnet?
A private subnet is a subnet that uses private IP address ranges and does not have direct access to the internet. A public subnet, on the other hand, can use public IP address ranges
Posts in this Series
- Securing Sensitive Data in Terraform
- Boost Your AWS Security with Terraform : A Step-by-Step Guide
- How to Load Input Data from a File in Terraform?
- Can Terraform be used to provision on-premises infrastructure?
- Fixing the Terraform Error creating IAM Role. MalformedPolicyDocument Has prohibited field Resource
- In terraform how to handle null value with default value?
- Terraform use module output variables as inputs for another module?
- How to Reference a Resource Created by a Terraform Module?
- Understanding Terraform Escape Sequences
- How to fix private-dns-enabled cannot be set because there is already a conflicting DNS domain?
- Use Terraform to manage AWS IAM Policies, Roles and Users
- How to split Your Terraform main.tf File into Multiple Files
- How to use Terraform variable within variable
- Mastering the Terraform Lookup Function for Dynamic Keys
- Copy files to EC2 and S3 bucket using Terraform
- Troubleshooting Error creating EC2 Subnet InvalidSubnet Range The CIDR is Invalid
- Troubleshooting InvalidParameter Security group and subnet belong to different networks
- Managing strings in Terraform: A comprehensive guide
- How to use terraform depends_on meta argument?
- What is user_data in Terraform?
- Why you should not store terraform state file(.tfstate) inside Git Repository?
- How to import existing resource using terraform import comand?
- Terraform - A detailed guide on setting up ALB(Application Load Balancer) and SSL?
- Testing Infrastructure as Code with Terraform?
- How to remove a resource from Terraform state?
- What is Terraform null Resource?
- In terraform how to skip creation of resource if the resource already exist?
- How to setup Virtual machine on Google Cloud Platform
- How to use Terraform locals?
- Terraform Guide - Docker Containers & AWS ECR(elastic container registry)?
- How to generate SSH key in Terraform using tls_private_key?
- How to fix-Terraform Error acquiring the state lock ConditionalCheckFiledException?
- Terraform Template - A complete guide?
- How to use Terragrunt?
- Terraform and AWS Multi account Setup?
- Terraform and AWS credentials handling?
- How to fix-error configuring S3 Backend no valid credential sources for S3 Backend found?
- Terraform state locking using DynamoDB (aws_dynamodb_table)?
- Managing Terraform states?
- Securing AWS secrets using HashiCorp Vault with Terraform?
- How to use Workspaces in Terraform?
- How to run specific terraform resource, module, target?
- How Terraform modules works?
- Secure AWS EC2s & GCP VMs with Terraform SSH Keys!
- What is terraform provisioner?
- Is terraform destroy needed before terraform apply?
- How to fix terraform error Your query returned no results. Please change your search criteria and try again?
- How to use Terraform Data sources?
- How to use Terraform resource meta arguments?
- How to use Terraform Dynamic blocks?
- Terraform - How to nuke AWS resources and save additional AWS infrastructure cost?
- Understanding terraform count, for_each and for loop?
- How to use Terraform output values?
- How to fix error configuring Terraform AWS Provider error validating provider credentials error calling sts GetCallerIdentity SignatureDoesNotMatch?
- How to fix Invalid function argument on line in provider credentials file google Invalid value for path parameter no file exists
- How to fix error value for undeclared variable a variable named was assigned on the command line?
- What is variable.tf and terraform.tfvars?
- How to use Terraform Variables - Locals,Input,Output
- Terraform create EC2 Instance on AWS
- How to fix Error creating service account googleapi Error 403 Identity and Access Management (IAM) API has not been used in project before or it is disabled
- Install terraform on Ubuntu 20.04, CentOS 8, MacOS, Windows 10, Fedora 33, Red hat 8 and Solaris 11