1

I'm getting this error while trying to create a VPC with a Subnet in CloudFormation.

Subnet  CREATE_FAILED   Resource handler returned message: "The CIDR '10.0.1.0/22' is invalid. (Service: Ec2, Status Code: 400, Request ID: 97af4b96-80dd-4092-910c-5d11e5b9ca72, Extended Request ID: null)" (RequestToken: bed19eb5-2309-589e-98bf-9dacc656462a, HandlerErrorCode: InvalidRequest)

Here it is my VPC and Subnet setup in yaml:

VPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: 10.0.2.0/24
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 45e7f38e-c4b6-4a19-9d54-b74e36ef53de
  Subnet:
    Type: 'AWS::EC2::Subnet'
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.1.0/22
    Metadata:
      'AWS::CloudFormation::Designer':
        id: 58cd6d64-1f79-4dbe-a981-c9238975f154
André Chrisostomo
  • 13
  • 3

2 Answers2

2

The message is correct. 10.0.1.0 is not a valid base address for a /22 network. The nearest legal values are 10.0.0.0 and 10.0.4.0.

Consider the binary representation of 10.0.1.0 and a /22 netmask:

10.0.1.0 = 00001010 00000000 00000001 00000000
/22      = 11111111 11111111 11111100 00000000

You can see that at the end of the third octet there is a bit set in the address which is clear in the mask. This is illegal.

Tilman Schmidt
  • 4,101
  • 12
  • 27
0

The /22 CIDR block covers 1024 hosts. Therefore the IP address block has to start a 1024 block boundary.

10.0.1.0/22 is an IP address that belong to IP address space 10.0.0.1 - 10.0.3.254. Therefore 10.0.1.0 is not a valid starting address for /22 subnet.

Some example valid blocks for /22 size are:

10.0.0.0/22 10.0.4.0/22 10.0.8.0/22

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63