By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Update subnets in existing VPC using cloudformation

0

I have an existing VPC is with 2 public and 2 private subnets. Private subnets had reached 100% IP uitilization. So I added couple of extra subnets in my cloudfomation file, with all other requirements like NAT, routes etc. Here is what my CIDR looks like for VPC:
VpcBlock: Type: String Default: 10.0.0.0/16 Description: The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR range. AllowedPattern: (\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

PublicSubnet01Block:
  Type: String
  Default: 10.0.10.0/24
  Description: CidrBlock for public subnet 01 within the VPC.
  AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
  ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

PublicSubnet02Block:
  Type: String
  Default: 10.0.11.0/24
  Description: CidrBlock for public subnet 02 within the VPC.
  AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
  ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

PublicSubnet03Block:
  Type: String
  Default: 10.0.12.0/24
  Description: CidrBlock for public subnet 03 within the VPC.
  AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
  ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

PublicSubnet04Block:
  Type: String
  Default: 10.0.13.0/24
  Description: CidrBlock for public subnet 04 within the VPC.
  AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
  ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

PrivateSubnet01Block:
  Type: String
  Default: 10.0.20.0/24
  Description: CidrBlock for private subnet 01 within the VPC

PrivateSubnet02Block:
  Type: String
  Default: 10.0.21.0/24
  Description: CidrBlock for private subnet 02 within the VPC

PrivateSubnet03Block:
  Type: String
  Default: 10.0.22.0/24
  Description: CidrBlock for private subnet 03 within the VPC

PrivateSubnet04Block:
  Type: String
  Default: 10.0.23.0/24
  Description: CidrBlock for private subnet 04 within the VPC

When I apply this cloudformation, it gives me error for PublicSubnet02 "Resource handler returned message: "The CIDR '10.0.11.0/24' conflicts with another subnet "

I would like to know if I can update VPC subnets using cloudformation script ? If yes, then any help to correct procedure would be really appriciated.

Topics
Networking & Content DeliveryManagement & Governance
Tags
Amazon VPCAWS CloudFormation
Language
English
Vishal
asked 9 months ago574 views
4 Answers
0

It could be lot easier to answer this question, if you'd have mentioned CIDR ranges for already existing subnets. Most likely this error is coming because of CIDR conflicts with existing subnet CIDR ranges and there would be some overlap, which is why you are seeing this message.

Make sure that the subnets you are creating, have CIDR ranges without any overlap with existing subnets.

Hope you find this helpful.

Comment here if you have additional question, happy to help.

profile pictureAWS
EXPERT
secondabhi_aws
answered 9 months ago
profile picture
EXPERT
Gary Mclean
reviewed 9 months ago
  • Vishal
    9 months ago

    My Existing CIDR Ranges are:

    VpcBlock: Type: String Default: 10.0.0.0/16 Description: The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR range. AllowedPattern: (\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

    PublicSubnet01Block:
  Type: String
  Default: 10.0.10.0/24
  Description: CidrBlock for public subnet 01 within the VPC.
  AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
  ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

PublicSubnet02Block:
  Type: String
  Default: 10.0.11.0/24
  Description: CidrBlock for public subnet 02 within the VPC.
  AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
  ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.

PrivateSubnet01Block:
  Type: String
  Default: 10.0.20.0/24
  Description: CidrBlock for private subnet 01 within the VPC

PrivateSubnet02Block:
  Type: String
  Default: 10.0.21.0/24
  Description: CidrBlock for private subnet 02 within the VPC

    New CIDR Range I am trying to update is already shared in question. Thanks

  • secondabhi_aws EXPERT
    9 months ago

    As I mentioned in my answer, please mention CIDR ranges of existing subnets in this VPC. Go to VPC console and click Subnet at left pane. Then at the right side, you'll see IPV4 CIDR for each subnet. Please provide those CIDR by commenting here. If you are saying that subnet which already existed are included in this clodformation template, if so then it'd definitely give you this message as this cloudformation template would try to create new subnets with same CIDR ranges. All you need to do is:

    1. Remove existing subnets from cloudfromation, deploy your template
    2. Include those existing subnets in the template but this time, you'd not update the stack with updated template rather choose the import option
    3. Go to cloudfromation console, open recently deployed template in step-1 -> Go to Stack Actions at top right -> From drop down Select "Import resources into stack" -> Click Next -> Now use the updated template(step-2).

    This would import existing resources into your stack. Refer this AWS Documentation more in detail about how to import existing resources into your stack.

    Tip: When you'll update the template in step-2, make sure for the existing subnet, don't forget to add "DeletionPolicy": "Retain" in those resources.

  • secondabhi_aws EXPERT
    9 months ago

    Hi Vishal,

    I just added a comment above, please refer. Somewhere I feel that you have included existing subnets also into your resources, which is why you are getting this error. Comment here if the above explanation helps. I can indeed assist you further. Also, please mention the existing subnets CIDRs once, if possible.

  • secondabhi_aws EXPERT
    8 months ago

    Do you have additional questions happy to help.

0

Does a subnet with the same address range as PublicSubnet02 already exist, and was created outside of this CloudFormation stack? If so then don't try to create it again here, but import it https://aws.amazon.com/blogs/aws/new-import-existing-resources-into-a-cloudformation-stack/

profile picture
EXPERT
Steve_M
answered 9 months ago
  • Vishal
    9 months ago

    No, I don't haven't any resource created outside this cloudformation script.

  • Steve_M EXPERT
    9 months ago

    Which subnets already exist in this VPC? Can you post the output of aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-abcd1234"

0

Hi

You have shared the Parameter part of the Template and not the actual creation of the Subnets in the Template. Have you changed how you create the Subnets in the Template? Do you override the default values? Are you changing CIDR on any existing Subnets in the updated Template?

profile picture
EXPERT
JimmyDqv
answered 9 months ago
0

Did you try to change/reuse the logical IDs of the subnets? If so, this could potentially cause your problem because CloudFormation will not be able to recognize that difference between new and old. That is, if you had a resource in your stack named Subnet01 with a given CIDR, and then you try to apply that CIDR to Subnet02, CloudFormation doesn't know that you "moved" the Subnet. Instead, it will recognize this as an "additional" Subnet with identical configuration. This will create a CIDR conflict when AWS begins to create your new Subnet without first deleting the old.

BrianV
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content