Provisions an IPv4 or IPv6 address range for use with your AWS resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr .
AWS verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide .
Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision
to provisioned
. To monitor the status of an address range, use DescribeByoipCidrs . To allocate an Elastic IP address from your IPv4 address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
provision-byoip-cidr
--cidr <value>
[--cidr-authorization-context <value>]
[--publicly-advertisable | --no-publicly-advertisable]
[--description <value>]
[--dry-run | --no-dry-run]
[--pool-tag-specifications <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--cidr
(string)
The public IPv4 or IPv6 address range, in CIDR notation. The most specific IPv4 prefix that you can specify is /24. The most specific IPv6 prefix you can specify is /56. The address range cannot overlap with another address range that you’ve brought to this or another Region.
--cidr-authorization-context
(structure)
A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP.
Message -> (string)
The plain-text authorization message for the prefix and account.
Signature -> (string)
The signed authorization message for the prefix and account.
Shorthand Syntax:
Message=string,Signature=string
JSON Syntax:
{
"Message": "string",
"Signature": "string"
}
--publicly-advertisable
| --no-publicly-advertisable
(boolean)
(IPv6 only) Indicate whether the address range will be publicly advertised to the internet.
Default: true
--description
(string)
A description for the address range and the address pool.
--dry-run
| --no-dry-run
(boolean)
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is
DryRunOperation
. Otherwise, it isUnauthorizedOperation
.
--pool-tag-specifications
(list)
The tags to apply to the address pool.
(structure)
The tags to apply to a resource when the resource is being created.
ResourceType -> (string)
The type of resource to tag. Currently, the resource types that support tagging on creation are:
capacity-reservation
|carrier-gateway
|client-vpn-endpoint
|customer-gateway
|dedicated-host
|dhcp-options
|egress-only-internet-gateway
|elastic-ip
|elastic-gpu
|export-image-task
|export-instance-task
|fleet
|fpga-image
|host-reservation
|image
|import-image-task
|import-snapshot-task
|instance
|internet-gateway
|ipv4pool-ec2
|ipv6pool-ec2
|key-pair
|launch-template
|local-gateway-route-table-vpc-association
|placement-group
|prefix-list
|natgateway
|network-acl
|network-interface
|reserved-instances
|route-table
|security-group
|snapshot
|spot-fleet-request
|spot-instances-request
|snapshot
|subnet
|traffic-mirror-filter
|traffic-mirror-session
|traffic-mirror-target
|transit-gateway
|transit-gateway-attachment
|transit-gateway-multicast-domain
|transit-gateway-route-table
|volume
|vpc
|vpc-peering-connection
|vpc-endpoint
(for interface and gateway endpoints) |vpc-endpoint-service
(for AWS PrivateLink) |vpc-flow-log
|vpn-connection
|vpn-gateway
.To tag a resource after it has been created, see CreateTags .
Tags -> (list)
The tags to apply to the resource.
(structure)
Describes a tag.
Key -> (string)
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with
aws:
.Value -> (string)
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.
Shorthand Syntax:
ResourceType=string,Tags=[{Key=string,Value=string},{Key=string,Value=string}] ...
JSON Syntax:
[
{
"ResourceType": "client-vpn-endpoint"|"customer-gateway"|"dedicated-host"|"dhcp-options"|"egress-only-internet-gateway"|"elastic-ip"|"elastic-gpu"|"export-image-task"|"export-instance-task"|"fleet"|"fpga-image"|"host-reservation"|"image"|"import-image-task"|"import-snapshot-task"|"instance"|"internet-gateway"|"key-pair"|"launch-template"|"local-gateway-route-table-vpc-association"|"natgateway"|"network-acl"|"network-interface"|"network-insights-analysis"|"network-insights-path"|"placement-group"|"reserved-instances"|"route-table"|"security-group"|"snapshot"|"spot-fleet-request"|"spot-instances-request"|"subnet"|"traffic-mirror-filter"|"traffic-mirror-session"|"traffic-mirror-target"|"transit-gateway"|"transit-gateway-attachment"|"transit-gateway-connect-peer"|"transit-gateway-multicast-domain"|"transit-gateway-route-table"|"volume"|"vpc"|"vpc-peering-connection"|"vpn-connection"|"vpn-gateway"|"vpc-flow-log",
"Tags": [
{
"Key": "string",
"Value": "string"
}
...
]
}
...
]
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To provision an address range
The following provision-byoip-cidr
example provisions a public IP address range for use with AWS.
aws ec2 provision-byoip-cidr \
--cidr 203.0.113.25/24 \
--cidr-authorization-context Message="$text_message",Signature="$signed_message"
Output:
{
"ByoipCidr": {
"Cidr": "203.0.113.25/24",
"State": "pending-provision"
}
}
For more information about creating the messages strings for the authorization context, see Bring Your Own IP Addresses in the Amazon EC2 User Guide.
ByoipCidr -> (structure)
Information about the address range.
Cidr -> (string)
The address range, in CIDR notation.
Description -> (string)
The description of the address range.
StatusMessage -> (string)
Upon success, contains the ID of the address pool. Otherwise, contains an error message.
State -> (string)
The state of the address pool.