Voiced by Amazon Polly |
Introduction
IPv4 addresses are a scarce and valuable resource in today’s internet landscape. Many organizations already own public IPv4 address blocks allocated by a Regional Internet Registry (RIR) such as APNIC, ARIN, RIPE, or AFRINIC.
AWS allows you to bring your own IP addresses (BYOIP) and use them with AWS resources like Elastic IPs, Amazon CloudFront, Amazon Global Accelerator, and Amazon EC2, giving you control over your IP reputation, easing migration from on-premises to cloud, and avoiding costly DNS changes.
In this blog, we will walk you through migrating your IPv4 addresses to AWS.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Why Bring Your Own IPv4 to AWS?
- Preserve IP Reputation – Avoid deliverability and blacklist issues.
- Minimize Downtime – Customers and partners can continue using the same IPs.
- Simplify Migration – No need to update firewall rules or allowlists.
- Maintain Brand Trust – Consistent IP addressing for services and applications.
Prerequisites
Before you begin:
- You own the IPv4 range (registered in your RIR WHOIS record).
- IPv4 block size is /24 or larger (minimum requirement for AWS BYOIP).
- AWS CLI installed and configured with admin-level IAM permissions.
- Planned AWS Region for deploying your IPs.
- Access your RIR portal to create a Route Origin Authorization (ROA).
Step-by-Step BYOIP Process
Step 1: Create Route Origin Authorization (ROA)
Before AWS can advertise your IP range, your RIR must authorize AWS ASN (usually AS16509) to announce it.
Log in to your RIR portal (APNIC, ARIN, RIPE, AFRINIC).
Create a ROA record:
- Prefix: Your IPv4 block (e.g., 203.0.113.0/24)
- Max Length: Same as your prefix size (e.g., /24)
- Origin ASN: 16509 (AWS public ASN)
Save and publish the ROA.
Wait for RPKI propagation (can take 1–24 hours).
Step 2: Verify IP Ownership
Confirm WHOIS details for your IP block:
Bash
1 |
whois 203.0.113.0 |
Make sure:
- Your organization is listed as the owner.
- The block matches the prefix size AWS requires.
- No conflicting advertisements exist.
Step 3: Provision BYOIP in AWS
Once ROA is active, provision your CIDR in AWS:
Bash
1 2 3 |
aws ec2 provision-byoip-cidr \ --cidr 203.0.113.0/24 \ --publicly-advertisable |
Check provisioning status:
Bash
1 |
aws ec2 describe-byoip-cidrs --cidrs 203.0.113.0/24 |
The status will move from pending-provision → provisioned.
Step 4: Advertise Your Range
After AWS finishes provisioning:
Bash
1 |
aws ec2 advertise-byoip-cidr --cidr 203.0.113.0/24 |
Verify:
Bash
1 |
aws ec2 describe-byoip-cidrs --cidrs 203.0.113.0/24 |
Status should now be advertised.
Step 5: Allocate Elastic IPs from Your BYOIP Pool
Find your BYOIP pool ID:
Bash
1 2 3 |
aws ec2 describe-byoip-cidrs \ --query "ByoipCidrs[*].ByoipCidrId" \ --output text |
Allocate an EIP:
Bash
1 2 3 |
aws ec2 allocate-address \ --domain vpc \ --address-pool byoip-pool-1234567890abcdef |
Associate it with an EC2 instance:
Bash
1 2 3 |
aws ec2 associate-address \ --instance-id i-0123456789abcdef0 \ --allocation-id eipalloc-0123456789abcdef0 |
Step 6: Withdraw & Deprovision (If Needed)
Withdraw advertisement:
Bash
1 |
aws ec2 withdraw-byoip-cidr --cidr 203.0.113.0/24 |
Deprovision:
Bash
1 |
aws ec2 deprovision-byoip-cidr --cidr 203.0.113.0/24 |
Best Practices
- Always create ROA first, AWS will reject provisioning if ROA is missing.
- Use Amazon Global Accelerator for multi-region workloads.
- Monitor using Amazon CloudWatch and Amazon VPC Flow Logs.
- Keep RIR contact details and ROA up to date.
- Test IP reachability before production cutover.
Conclusion
By bringing your IPv4 address range to AWS, you maintain control over your IP identity, preserve your reputation, and simplify cloud migration.
The key is to set up ROA first, then follow AWS provisioning and advertisement steps.
With the above commands, you can perform a smooth, predictable BYOIP migration and fully leverage AWS’s global network.
Drop a query if you have any questions regarding IPv4 address and we will get back to you quickly.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.
FAQs
1. What is the minimum IPv4 block size I can bring to AWS?
ANS: – AWS requires a minimum of a /24 IPv4 block (256 IP addresses) to use the Bring Your Own IP (BYOIP) feature. Smaller blocks, like /25 or /26, are not allowed due to routing and allocation policies.
2. Which AWS services support BYOIP?
ANS: – BYOIP works with Elastic IPs, Amazon EC2, Amazon Global Accelerator, Amazon CloudFront, and other networking services like Transit Gateway. Support may vary depending on the Region and service use case.
3. How long does the BYOIP process take?
ANS: – The process includes ROA (Route Origin Authorization) propagation, which may take up to 24 hours globally via BGP and RPKI systems. Once that’s done, AWS provisioning usually takes 15–60 minutes.

WRITTEN BY Rajveer Singh Chouhan
Rajveer works as a Cloud Engineer at CloudThat, specializing in designing, deploying, and managing scalable cloud infrastructure on AWS. He is skilled in various AWS services as well as automation tools like Terraform and CI/CD pipelines. With a strong understanding of cloud architecture best practices, Rajveer focuses on building secure, cost-effective, and highly available solutions. In his free time, he keeps up with the latest advancements in cloud technologies and enjoys exploring infrastructure automation and DevOps tools.
Comments