VPC CIDR Subnet Planner - Multi-AZ Subnet Designer with CloudFormation/Terraform Output

First Published:
Last Updated:

Design a multi-AZ AWS VPC: enter a VPC CIDR, choose the number of Availability Zones and the subnet roles you need, and this tool allocates aligned CIDR blocks for every AZ × subnet-type cell and exports CloudFormation YAML and Terraform HCL you can paste directly into infrastructure-as-code.

All processing is performed entirely in your browser using client-side JavaScript. No CIDR, subnet design, or generated template is transmitted to any server. Your network topology never leaves your device.

  • This tool is provided "AS IS" without any warranties of any kind.
  • The author accepts no responsibility for misconfigured networks, IP address conflicts, or deployment failures resulting from generated templates.
  • Generated CloudFormation / Terraform snippets are a starting point only. Always review for your own security groups, NACLs, route tables, NAT gateways, and tagging conventions before deploying.
  • AWS reserves 5 IP addresses in every subnet (network, VPC router, DNS, future use, broadcast).
  • By using this tool, you accept full responsibility for any outcomes.

This tool uses client-side JavaScript for all processing. No data is transmitted to servers, no files are uploaded online, all processing happens locally in your browser. Once loaded, this tool continues to work even without an internet connection. For more details, please refer to our Web Tools Disclaimer.

VPC
Availability Zones
Subnet Types
Presets:

Features

  • Multi-AZ Allocation: Automatically splits a VPC CIDR (/16 to /28) across 2, 3, or 4 Availability Zones and any number of subnet types.
  • Role-Aware Tiers: Supports Public, Private, and Protected (DB) subnet roles. Public subnets get MapPublicIpOnLaunch: true in generated templates.
  • Largest-First Packing: Allocates the biggest blocks first and aligns every subnet to its prefix boundary — no overlaps, no wasted space from misalignment.
  • AWS Reserved IP Accounting: Reports usable IPs as 2(32-prefix) - 5, matching the 5 addresses AWS reserves in every subnet.
  • Unallocated Space Report: Lists the remaining capacity inside the VPC as the minimum set of aligned CIDR blocks — ready for future subnets.
  • CloudFormation YAML Export: Generates a ready-to-paste AWS::EC2::VPC + AWS::EC2::Subnet Resources section using !GetAZs so the template is region-agnostic.
  • Terraform HCL Export: Generates aws_vpc + aws_subnet resources keyed off data.aws_availability_zones.available.
  • Presets: Small / Medium / Large starter topologies inspired by common AWS three-tier designs.
  • Live Auto-Plan: Debounced recalculation as you edit inputs — no round trip, no AWS credentials.
  • 100% Client-Side: Works offline. Your network design never leaves the browser.

How to Use

  1. Enter the VPC network address (e.g. 10.0.0.0) and choose the VPC prefix length (/16 to /28).
  2. Select the number of Availability Zones (2, 3, or 4).
  3. Define each subnet type: a name (e.g. Public), a role (Public / Private / Protected), and a prefix length (/17 to /28). Add or remove rows as needed.
  4. Click Plan Subnets, or let the debounced auto-plan recalculate after 300 ms of edit inactivity.
  5. Review the Subnet Plan table (AZ × subnet type) and the Unallocated Space summary.
  6. Switch to the CloudFormation or Terraform tab and use Copy CloudFormation / Copy Terraform to paste the snippet into your IaC repository.
  7. Use the Small / Medium / Large preset buttons for quick starting topologies.

Important Notes

  • AWS reserves 5 IP addresses in each subnet: the network address, the VPC router, the DNS resolver, a future-use address, and the broadcast-equivalent address. "Usable IPs" in this tool already subtracts these five.
  • Subnet prefix lengths are limited to /17 through /28 — the range accepted by Amazon VPC for IPv4 subnets.
  • Prefixes /29+ are blocked and /28 is flagged only as a warning: very small subnets (e.g. /28 = 11 usable IPs) quickly run out of addresses in production.
  • Block sizes are packed from largest to smallest and aligned to their prefix boundary. If the requested topology does not fit in the VPC, the tool reports exactly which subnet overflows.
  • Generated CloudFormation uses !GetAZs { Ref: "AWS::Region" } so the template works across regions without edits.
  • Generated Terraform uses data.aws_availability_zones.available which enumerates AZs in a deterministic order for the caller's region.
  • The tool does not yet cover IPv6 CIDRs, Transit Gateway attachments, or VPC peering. Combine with the IP Subnet Calculator Tool for single-CIDR breakdowns and the IP Range to CIDR Converter Tool for range-to-CIDR conversions.

References:
Tech Blog with curated related content
Web Tools Collection

Written by Hidekazu Konishi