How many IP addresses does AWS reserve per subnet?

AWS reserves 5 IP addresses in every subnet: the network address (.0), the VPC router (.1), the DNS server (.2), an address reserved for future use (.3), and the broadcast address (.255). For example, a /24 subnet has 256 total IPs but only 251 usable.

What is the smallest subnet size allowed in AWS VPC?

The smallest subnet you can create in AWS VPC is /28, which provides 16 total IP addresses and 11 usable host addresses after AWS reserves 5. VPC CIDR blocks must be between /16 and /28.

How many secondary CIDR blocks can I add to an AWS VPC?

You can add up to 5 secondary CIDR blocks to an AWS VPC, in addition to the primary CIDR. Secondary CIDRs can be from the same or different RFC 1918 ranges, as long as they do not overlap with the primary CIDR or any existing subnets.

AWS VPC Subnet Calculator

Last reviewed: May 2026

Planning AWS VPC subnets requires accounting for 5 reserved IP addresses per subnet. Use the interactive planner below to generate a subnet layout for your VPC, then export it as Terraform HCL.

Interactive VPC Subnet Planner

VPC CIDR Block

Availability Zones

AWS Region

Select tiers and subnet size per tier:

Public

Private

Data

Subnet Name	CIDR	Availability Zone	Tier	AWS Usable IPs

Calculate any CIDR in SubnetSolver →

AWS IP Reservation Rule

AWS reserves 5 IP addresses in every subnet, regardless of size. These are:

.0 — Network address
.1 — VPC router
.2 — DNS server (VPC base + 2)
.3 — Reserved for future use
.255 — Broadcast address (not used by AWS, but reserved)

Usable Hosts by Prefix Length

CIDR	Total IPs	AWS Reserved	Usable Hosts	Common Use
/16	65,536	5	65,531	Full VPC CIDR block
/20	4,096	5	4,091	EKS node group subnets
/24	256	5	251	Standard public/private subnet
/26	64	5	59	Small workload subnet
/27	32	5	27	Minimal subnet
/28	16	5	11	Smallest AWS subnet allowed

Common 3-Tier VPC Pattern

A standard 3-tier VPC splits traffic across public, private, and data layers. A typical 10.0.0.0/16 VPC might be carved up as follows:

Subnet	CIDR	Purpose	Usable IPs
public-1a	10.0.0.0/24	Load balancers, NAT gateways	251
public-1b	10.0.1.0/24	Load balancers, NAT gateways (AZ-b)	251
private-1a	10.0.10.0/24	EC2, EKS worker nodes	251
private-1b	10.0.11.0/24	EC2, EKS worker nodes (AZ-b)	251
data-1a	10.0.20.0/24	RDS, ElastiCache	251
data-1b	10.0.21.0/24	RDS, ElastiCache (AZ-b)	251

VPC CIDR Constraints

VPC CIDR block must be between /16 and /28
Subnet CIDR must be a subset of the VPC CIDR
Subnets within a VPC cannot overlap
You can add up to 5 secondary CIDR blocks to a VPC
EKS requires larger subnets — /20 or /24 recommended for node groups with VPC CNI

Open SubnetSolver to plan your VPC →