CIDR Address is not within CIDR Address from VPC

A CIDR range ending in /16 means the last two numbers can change.

In your case, the range would be: 172.31.x.x

Thus, 171.31.0.0 is not in that CIDR range.

By the way, you probably don't want to create a VPC with a /16 range. It contains over 65,000 IP addresses and would make it difficult to peer with other VPC you might create in future. You could probably use a smaller (eg /22) CIDR range.

An IPv4 address consists of 32 bits.

1) /32 in CIDR x.x.x.x/32 means use all 32 bits to form a range of addresses. In this case just one IP address is possible.

2) /24 in CIDR x.x.x.0/24 means fix the first 24 bits and use last 8 bits to form a range of addresses. In this case, there can be 2^8 IP addresses i.e. from x.x.x.0 to x.x.x.255.

3) /16 in CIDR x.x.0.0/16 means fix the first 16 bits and use the last 16 bits to form a range of addresses. In this case, there can be 2^16 IP addresses i.e. from x.x.0.0 to x.x.255.255.

4) /8 in CIDR x.0.0.0/8 means fix the first 8 bits and use the last 24 bits to form a range of addresses. In this case, there can be 2^24 IP addresses i.e. from x.0.0.0 to x.255.255.255.

5) /0 in CIDR 0.0.0.0/0 means fix the first 0 bits and use the last 32 bits to form a range of addresses. In this case, all the possible IP addresses are included in the range.

Hope it helps you in understanding your problem that first 16 bits needs to be fixed in x.x.0.0/16 CIDR.