AWS Consulting Sydney

AWS VPC now allows addition of secondary CIDR blocks

AWS recently announced that we can now expand the IP range of a VPC after the VPC has been created. Great news!

We no longer need our previous blog about how to rebuild VPC to enlarge the CIDR block.

Let’s have a try with this new feature:

In AWS VPC console, select the VPC you want to change:

Next, find “Edit CIDRs” in the “Actions” list:









Add in the new CIDR you want. Each CIDR must be:

  1. Not overlapping with existing CIDRs in this VPC
  2. Smaller than /16 (i.e. /16~/28)
  3. Within the same large block (/8) of the initial CIDR
  4. Following normal AWS VPC CIDR rules


After clicking “Save,” the default route of VPC route tables will be updated automatically:



Now, our VPC has more accessible IPs without having to re-create the VPC:


Alternatively, you can do the same via CLI with below command:

(make sure you’ve updated your awscli tool to the latest version. Option “—cidr-block” is a new feature in “associate-vpc-cidr-block”)

aws ec2 associate-vpc-cidr-block –cidr-block –vpc-id vpc-1xxxxxxxx

Please bear in mind, you many need to modify your NACLs and Security Groups if they are not default.

AWS official news about this feature can be found here:



All data and information provided on this site is for informational purposes only. The Cloudten Blog makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site & will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.