When trying to create a new subnet with CIDR block 10.0.1.0/24 in your VPC (10.0.0.0/24), AWS throws this error because:
10.0.1.0/24 is outside your VPC's allocated address space (10.0.0.0/24)
A /24 CIDR gives you 256 IP addresses (10.0.0.0 - 10.0.0.255). Your attempt to create 10.0.1.0/24 would require:
- 10.0.1.0 - 10.0.1.255 (another 256 addresses)
- This lies outside your current VPC's range
Option 1: Expand Your VPC CIDR
Modify your VPC to use a larger CIDR block that can accommodate both subnets:
Original: 10.0.0.0/24 (256 addresses)
New: 10.0.0.0/16 (65,536 addresses)
Using AWS CLI:
aws ec2 modify-vpc-cidr-block \
--vpc-id vpc-12345678 \
--cidr-block 10.0.0.0/16
Option 2: Create Secondary CIDR Block
Add a new CIDR range to your existing VPC (AWS allows up to 5 CIDR blocks per VPC):
aws ec2 associate-vpc-cidr-block \
--vpc-id vpc-12345678 \
--cidr-block 10.0.1.0/24
Option 3: Create New VPC with Proper Sizing
For production environments, consider creating a new VPC with proper CIDR planning:
aws ec2 create-vpc \
--cidr-block 10.0.0.0/16 \
--tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=Production-RDS-VPC}]'
- Start with /16 for medium deployments (65k IPs)
- Use contiguous /24 blocks for subnets
- Leave room for future expansion
- Avoid overlapping ranges with peered VPCs
When creating subnets for RDS:
# Create DB subnet group
aws rds create-db-subnet-group \
--db-subnet-group-name my-rds-group \
--db-subnet-group-description "RDS Subnets" \
--subnet-ids subnet-12345678 subnet-87654321
Remember to:
- Place RDS in private subnets
- Ensure proper route table configuration
- Consider multi-AZ deployments
When working with AWS VPCs, a common error beginners encounter is:
10.0.1.0/24 CIDR is not within the CIDR ranges of VPCThis occurs when you attempt to create a subnet whose IP range isn't contained within the parent VPC's CIDR block. In your case, your VPC uses 10.0.0.0/24 which only includes IPs from 10.0.0.0 to 10.0.0.255.
A /24 CIDR provides exactly 256 IP addresses. Your VPC's current allocation:
VPC CIDR: 10.0.0.0/24 Usable range: 10.0.0.1 - 10.0.0.254 (network: 10.0.0.0, broadcast: 10.0.0.255)
When you try to create 10.0.1.0/24, this represents an entirely different block of 256 addresses that doesn't overlap with your VPC's range.
Option 1: Expand your VPC CIDR
# Using AWS CLI aws ec2 associate-vpc-cidr-block \ --vpc-id vpc-12345678 \ --cidr-block 10.0.0.0/23 # This gives you 10.0.0.0 - 10.0.1.255 (512 addresses) # Now you can create both subnets: # - 10.0.0.0/24 (original) # - 10.0.1.0/24 (new)
Option 2: Create a new VPC with larger CIDR
aws ec2 create-vpc --cidr-block 10.0.0.0/16 # Now you can create multiple /24 subnets: # 10.0.1.0/24, 10.0.2.0/24, etc.
When planning your VPC architecture:
- Start with a larger CIDR (like /16) even if you don't need all addresses immediately
- Leave room for future expansion between subnets
- Use consistent subnet sizes for easier management (typically /24 or /26)
For RDS deployments, you'll typically need subnets in at least two AZs:
# Example: Creating RDS subnets in us-east-1 aws ec2 create-subnet --vpc-id vpc-12345678 \ --cidr-block 10.0.1.0/24 --availability-zone us-east-1a aws ec2 create-subnet --vpc-id vpc-12345678 \ --cidr-block 10.0.2.0/24 --availability-zone us-east-1b # Then create DB subnet group aws rds create-db-subnet-group \ --db-subnet-group-name my-rds-group \ --db-subnet-group-description "RDS Subnet Group" \ --subnet-ids subnet-12345678 subnet-87654321