Bring your own public IPv4 CIDR to IPAM using both the Amazon Management Console and the Amazon CLI - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Bring your own public IPv4 CIDR to IPAM using both the Amazon Management Console and the Amazon CLI

Follow these steps to bring an IPv4 or IPv6 CIDR to IPAM using both the Amazon Management Console and the Amazon CLI.

Important

To complete the steps in this tutorial, you first need to complete the following steps using the Amazon EC2 User Guide for Linux Instances for the CIDR range you want to bring to Amazon and IPAM. Once you complete these steps, continue with this tutorial.

Follow these steps to authorize Amazon to advertise your IP address range.

  1. Step 3. Create a ROA object in your RIR. This may require you to create a key pair as described in Step 1. Create a key pair and certificate.

    When you create the ROAs, for IPv4 CIDRs you must set the maximum length of an IP address prefix to /24. For IPv6 CIDRs, if you are adding them to an advertisable pool, the maximum length of an IP address prefix must be /48. This ensures that you have full flexibility to divide your public IP address across Amazon Regions. IPAM enforces the maximum length you set. The maximum length is the smallest prefix length announcement you will allow for this route. For example, if you bring a /20 CIDR block to Amazon, by setting the maximum length to /24, you can divide the larger block any way you like (such as with /21, /22, or /24) and distribute those smaller CIDR blocks to any Region. If you were to set the maximum length to /23,you would not be able to divide and advertise a /24 from the larger block. Also, note that /24 is the smallest IPv4 block and /48 is the smallest IPv6 block you can advertise from a Region to the internet.

  2. Step 2. Update the RDAP record in your RIR.

Follow these steps to create a certificate to enable Amazon can verify that you own the IP address range you are bringing to Amazon.

  1. Step 1. Create a key pair and certificate. This is not the same key pair used in creation of the ROA object but rather a new key pair only for Amazon verification purposes.

  2. Step 3. Create an ROA object in your RIR.

    When you create the ROAs, for IPv4 CIDRs you must set the maximum length of an IP address prefix to /24. For IPv6 CIDRs, if you are adding them to an advertisable pool, the maximum length of an IP address prefix must be /48. This ensures that you have full flexibility to divide your public IP address across Amazon Regions. IPAM enforces the maximum length you set. The maximum length is the smallest prefix length announcement you will allow for this route. For example, if you bring a /20 CIDR block to Amazon, by setting the maximum length to /24, you can divide the larger block any way you like (such as with /21, /22, or /24) and distribute those smaller CIDR blocks to any Region. If you were to set the maximum length to /23,you would not be able to divide and advertise a /24 from the larger block. Also, note that /24 is the smallest IPv4 block and /48 is the smallest IPv6 block you can advertise from a Region to the internet.

Contents