I want to limit the number of instances that can run in a subnet to the smallest number of instances possible. This in combination with an IAM role will allow me to limit how many instances a user can create on my AWS account (see https://forums.aws.amazon.com/thread.jspa?threadID=174503 requirement #4 which reflects my motivations).
What is the smallest subnet one can create on AWS in the VPC and what would the IPv4 CIDR be?
16 IPs is the smallest range for a VPC Subnet -- /28 netmask.
For example, you could create a VPC with the CIDR range 10.0.0.0/26 which would support up to 64 IPs in the range of 10.0.0.0 - 10.0.0.63.
Then you could create 4 subnets, each with 16 available IPs using the following VPC CIDR ranges:
10.0.0.0/28 (10.0.0.0 - 10.0.0.15)
10.0.0.16/28 (10.0.0.16 - 10.0.0.31)
10.0.0.32/28 (10.0.0.32 - 10.0.0.47)
10.0.0.48/28 (10.0.0.48 - 10.0.0.63)
NOTE: See important comment below by @sqlbot. Not all 16 in range can be used for instances.
20191214: AWS provides /29 CIDR and allow /31 per https://aws.amazon.com/directconnect/faqs/
quoted below:
Q: In the case of public virtual interface, I will need /29 public IPv4 addresses. Will AWS provide me with /29 public IPv4 Classless Inter-Domain Routing (CIDR)?
Yes, upon request, AWS will provide you with /29 public IPv4 CIDR block addresses.
Q: Do I have to use /29 or can I use two /31 for my logical redundancy sessions?
For simplified routing, it's recommended to use the default /29 addresses for a single virtual interface. If there is a requirement for your network to have multiple /31 addresses you can create two separate /31 addresses for a single VIF. BGP peering on these two /31 addresses will terminate on multiple AWS devices for high availability.
The smallest allowed CIDR block in AWS is /31
However, as the original question is about VPC Subnet, which is a different story, as AWS have some reserved IP for each subnet.
Per AWS VPC faq doc here: https://aws.amazon.com/vpc/faqs/
Q. Is there a limit on how large or small a subnet can be?
The minimum size of a subnet is a /28 (or 14 IP addresses.) for IPv4. Subnets cannot be larger than the VPC in which they are created.
For IPv6, the subnet size is fixed to be a /64. Only one IPv6 CIDR block can be allocated to a subnet.
Q. Can I use all the IP addresses that I assign to a subnet?
No. Amazon reserves the first four (4) IP addresses and the last one (1) IP address of every subnet for IP networking purposes.
So, the answer is /28 for IPv4.
