AWS Default VPC: 172.31.0.0/16
Analyze the 172.31.0.0/16 CIDR block used by AWS default VPCs. Covers the subnet layout, AZ allocation, and considerations for production workloads.
Detailed Explanation
AWS Default VPC: 172.31.0.0/16
Every AWS region comes with a default VPC using the 172.31.0.0/16 CIDR block. This provides 65,536 IP addresses and is automatically subdivided into /20 subnets across Availability Zones.
Range Details
| Property | Value |
|---|---|
| Network Address | 172.31.0.0 |
| Broadcast Address | 172.31.255.255 |
| Subnet Mask | 255.255.0.0 |
| Wildcard Mask | 0.0.255.255 |
| Total Addresses | 65,536 |
| Usable Hosts | 65,534 |
Default Subnet Layout
AWS creates one /20 subnet per Availability Zone in the default VPC:
172.31.0.0/20 -> AZ-a (4,096 addresses, 4,091 usable*)
172.31.16.0/20 -> AZ-b (4,096 addresses, 4,091 usable*)
172.31.32.0/20 -> AZ-c (4,096 addresses, 4,091 usable*)
*AWS reserves 5 IPs per subnet: network address, VPC router (.1), DNS server (.2), future use (.3), and broadcast address.
The 172.16.0.0/12 Private Block
The default VPC uses a slice of the broader 172.16.0.0/12 RFC 1918 private range (172.16.0.0 - 172.31.255.255). This entire /12 block contains 1,048,576 addresses and is often used when the 10.x space is already allocated.
Production Considerations
For production workloads, AWS recommends creating custom VPCs instead of using the default VPC. Custom VPCs let you choose a CIDR block that avoids conflicts with your on-premises network and other VPCs. The default VPC's 172.31.0.0/16 can be problematic if multiple AWS accounts each use the default, as peering requires non-overlapping CIDRs.
Use Case
Auditing AWS default VPC configurations, planning VPC peering across multiple AWS accounts, or migrating workloads from the default VPC to a custom VPC with carefully planned CIDR allocation.