AWS VPC Subnet Calculator

Plan AWS VPC public and private subnet CIDR allocations across Availability Zones and export the result as CSV.

Step 1

VPC settings

Start with the VPC range and Region. The AZ count uses AWS published availability as a planning default.

Availability Zones

Step 2

Configure subnet groups

Public groups are allocated before private groups. Each group expands across the selected AZs.

Public subnets

Public subnet groups are allocated first for load balancers, NAT gateways, and ingress paths.

NameCIDR maskPer AZ

Private subnets

Private subnet groups are allocated after public ranges for application, data, and internal tiers.

NameCIDR maskPer AZ

Plan VPC subnet CIDR ranges before you deploy

Use this calculator to split an AWS VPC IPv4 CIDR block into public and private subnet ranges across Availability Zones. It validates AWS VPC sizing rules, accounts for reserved subnet IPs, and exports the allocation plan as CSV.

How to use the AWS VPC subnet calculator

  1. Enter the VPC CIDR block, such as 10.0.0.0/16.
  2. Select the AWS Region and toggle the Availability Zones to include in the plan.
  3. Configure public and private subnet groups with a name, CIDR mask, and subnet count per AZ.
  4. Review the calculated allocation table and remaining VPC capacity.
  5. Download the CSV when you want to document or review the subnet plan.

Subnet planning notes

AWS reserves five IP addresses in every subnet, so a /24 has 251 usable IPv4 addresses instead of 256. The calculator also warns about 172.17.0.0/16 because AWS documents service conflicts with that range. If you want to estimate gateway, endpoint, NAT, and data transfer costs for this network design, use the Amazon VPC pricing calculator.

Building a compliant network foundation? Pair this with an AWS Landing Zone or AWS Security Review to turn the plan into secure VPC infrastructure, routing, guardrails, logging, and account-level controls.

Frequently asked questions

What subnet size should I choose?

Start from expected workload capacity and growth. Public subnets often use smaller ranges for load balancers and NAT gateways, while private application and data subnets usually need more address space.

Why does AWS reserve five IP addresses per subnet?

AWS reserves the first four addresses and the last address in every subnet for network, router, DNS, future use, and broadcast-style reservation behavior.

Can my AWS account have fewer Availability Zones than this tool shows?

Yes. AWS publishes Region-level AZ availability, but individual accounts can have constrained access to some AZs. Treat the Region AZ count as a planning default and confirm your actual account before deployment.

Does the calculator prevent overlapping subnet CIDRs?

Yes. It allocates ranges sequentially inside the VPC block, aligns each subnet to its CIDR boundary, and stops with an error when the requested plan no longer fits.

Related tools

AWS IAM Policy Validator

Validate and test AWS IAM JSON policy documents with inline errors, warnings, and Access Analyzer-inspired security checks.

IAM Policy Converter

Convert AWS IAM JSON policy documents into Terraform, CloudFormation, CDK TypeScript, or CDK Python snippets.

Amazon VPC Endpoint policy generator

Generate VPC endpoint policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

Next step

Want AWS engineering that feels this practical?

I build these tools to make AWS easier to manage. If this level of quality is what you want in your own cloud platform, Towards The Cloud can help with landing zones, infrastructure as code, security reviews, migrations, and cost optimization.

Explore AWS services
← Back to tools