I'm trying to set up the AWS cloud for some VMs as an alternative for existing setups in Azure. AWS however has some limitations on the subnet that Azure does not have. With Azure I have it set up using the following IPs in the picture below, but AWS gives me the following errors when trying to create the VPC with the subnets I need.
Would anyone have suggestions on how to use these IP ranges for a subnet on AWS? Perhaps something with AWS Cli? Any feedback is appreciated!
Your subnets are not part of your VPC they way you set it up. That's way it errors out. Its surprising that azure would allow to do it.
It should be, for example:
VPC: 10.0.0.0/20
subnet 1: 10.0.0.0/24
subnet 2: 10.0.16.0/24
subnet 3: 10.0.32.0/24
The subnets in AWS must be a subset in VPC Range
This means that your subnet must be within the IP Range in the VPC
In your example, you are trying to create a VPC with 10.0.0.0/20
This means that the total range of your subnet is 10.0.0.0 until 10.0.15.255
So, the first 16 bits (10.0) part of your CIDR cannot change while creating a subnet
That's why the subnets you are trying to create does not work, because it not within the range of the VPC
Related
We have an EKS cluster running in a VPC and we are thinking of extending this VPC or creating another VPC with a different subnet IP range. EKS nodes (EC2 instances) are running with multiple ENIs, that is, with multiple private IPs.
We wonder if it is possible to make these EC2 instances which serve as EKS nodes automatically get an IP from this new subnet within current VPC or on the other VPC when they are getting instantiated. If the subnet is on another VPC, should we have a VPC peering connection between two VPCs? Can it be doable by Cloud Formation templates on EKS? What is the best practice here? Thanks.
The option to extend VPC in EKS is via adding secondary CIDR block and configure CNI plugin to use the subnets created in the secondary CIDR block. CNI is ultimately responsible to assign the ip addresses available through the subnet cidr to the pods.
To use the correct CIDR range for VPC extension and to configure the CNI please use the below article :
https://aws.amazon.com/premiumsupport/knowledge-center/eks-multiple-cidr-ranges/
I have accidently added a secondary CIDR to a VPC which was already being used by another VPC in another AWS account our company's private network . My question here is if the cidr was already being used , how was I allowed to add again to another VPC ? Also doesn't AWS provide a mechanism to check if the cidr range that we are trying to add is available or being used ?
You can have multiple VPCs with the same CIDR range. This is the benefit of the Cloud! It's great when you want non-production networks to exactly match Production networks. It's a feature, not a failure.
Having multiple VPCs with overlapping ranges will only be an inconvenience if you wish to connect those VPCs together, or you wish to be able to route to both VPCs from the same VPN or Direct Connect connection.
I have two GKE clusters with the same CIDR subnet addresses (the clusters are in different gcloud project). I need to connect the VPC with VPC peering but I get an error because the CIDR subnet and I need to change one. I have a lot of pods, secrets, deployemts...etc. Are any way to change the subnet without creating a new cluster and migrating the pods?
Thanks!
I am afraid you cannot, A subnet CIDR range in one peered VPC network cannot overlap with a static route in another peered network. This rule covers both subnet routes and static routes.
According to AWS documentation - https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints.html
it has a private IP address from the IP address range of the subnet.
So if for example, there are 2 subnets for example(private1, private2) and RDS is hosted in private 2. Does it mean a VPC end point need to be created for each subnet or it depends on where your for example Lamda is. For example, if Lamda's are hosted in a private1 subnet then you need only it on the private 1 subnet? However, for example if you access Query Editor for example from Console, as RDS is in private 2 subnet, do you need another VPC End Point in private 2.
Goal of this is to internalize traffic to AWS VPC.
Reading further VPC endpoints can span across multiple availability zones in the same VPC. Hence, reading this, it should not matter which subnets you deploy as long as it is in the same VPC.
I have a custom VPC which has 6 public subnets in 6 AZs.
When I tried to create Aurora Serverless, I do see my VPC in the VPC dropdown but there is only 1 item 'Create new DB subnet group'.
I'm expecting my VPC has available subnet groups already.
I have researched a lot already, even compare another VPC (which is working) with my VPC, I don't see anything differences from VPC to Subnet to RouteTable to Security Group ...
Please advice.
You need to bundle the subnets you want to use on your instance on a db subnet group, you can't add the subnets directly.
It is very easy, as seeing here.