I tried to add and remove secondary CIDR in an existing Amazon VPC



i want to create a public subnet but all available ip address are already consumed by my private subnet therefore i added new Amazon VPC CIDR
This is how

Must read the applicable restrictions before associating new CIDR


Hands On:

Using cli:

for adding:

aws ec2 associate-vpc-cidr-block \
    --vpc-id vpc-1EXAMPLE \

for removing:

To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs . You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.

You cannot disassociate the CIDR block with which you originally created the VPC (the primary CIDR block).

aws ec2 disassociate-vpc-cidr-block
--association-id vpc-cidr-assoc-eca54085

Using management Console :

  • Open the Amazon VPC from management console
  • In the navigation pane, choose Your VPCs.
  • Select the VPC, and then choose ActionsEdit CIDRs.

  • Choose Add new IPv4 CIDR

  • For complete information about what your CIDR options are, see Create a VPC.
  • Choose Close.

After you've added the CIDR blocks that you need, you can create subnets.

for removing:

  1. Open the Amazon VPC console at
  2. In the navigation pane, choose Your VPCs.
  3. Select the VPC, and choose ActionsEdit CIDRs.
  4. Under VPC IPv4 CIDRs, click on remove for removing the associated cidr.

  • Choose Close.

official resources:


Other Usefull Resources: