Amazon VPC Operations: Difference between revisions
No edit summary |
|||
(86 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
=Overview= | =Overview= | ||
=Create a VPC= | =VPC Operations= | ||
==Create a VPC== | |||
==Describe VPC== | |||
aws ec2 describe-vpcs --vpc-id <''vpc-id''> | |||
===Create a VPC with Amazon Console=== | |||
VPC Console -> Your VPCs -> Create VPC: | VPC Console -> Your VPCs -> Create VPC: | ||
Line 16: | Line 24: | ||
Tenancy: default | Tenancy: default | ||
=Describe VPC= | ===Create a VPC with CloudFormation=== | ||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html AWS::EC2::VPC]}} | |||
Resources: | |||
VPC: | |||
Type: AWS::EC2::VPC | |||
Properties: | |||
[[Amazon_VPC_Concepts#Primary_IP_Address_Range_.28CIDR_Block.29|CidrBlock]]: !Ref PrimaryIPAddressRange | |||
[[Amazon_VPC_Concepts#DNS|EnableDnsSupport]]: true | |||
[[Amazon_VPC_Concepts#DNS_Hostname_Generation|EnableDnsHostnames]]: false | |||
[[Amazon_VPC_Concepts#Tenancy|InstanceTenancy]]: "default" | |||
Tags: | |||
- Key: "Name" | |||
Value: !Ref VPCName | |||
=CIDR Block Operations= | |||
==Disassociate a CIDR Block from VPC== | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 disassociate-vpc-cidr-block --association-id vpc-cidr-assoc-09999999999999999 --region us-west-2 | |||
</syntaxhighlight> | |||
=Subnet Operations= | |||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet.html AWS::EC2::Subnet]}} | |||
==Describe Subnets== | |||
All subnets available in the AWS account: | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 describe-subnets | |||
</syntaxhighlight> | |||
Describe a specific subnet: | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 describe-subnets --subnet-id subnet-09999999999999999 | |||
</syntaxhighlight> | |||
Describe subnets associated with a certain VCP: | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-09999999999999999 | |||
</syntaxhighlight> | |||
Describe subnets with a specific CIDR block: | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 describe-subnets --filters Name=cidr-block,Values=10.20.0.0/16 | |||
</syntaxhighlight> | |||
Note that more sub-CIDR blocks can be used in search. | |||
==Create a Subnet== | |||
===Create a Subnet with CloudFormation=== | |||
Resources: | |||
Subnet1: | |||
Type: AWS::EC2::Subnet | |||
Properties: | |||
[[Amazon_VPC_Concepts#Subnet|VpcId]]: !Ref VPC | |||
[[Amazon_VPC_Concepts#Subnet|CidrBlock]]: String | |||
AvailabilityZone: String | |||
AssignIpv6AddressOnCreation: Boolean | |||
[[Amazon_VPC_Concepts#Subnet|Ipv6CidrBlock]]: String | |||
[[Amazon_VPC_Concepts#Mapping_Public_IP_Addressed_on_Launch|MapPublicIpOnLaunch]]: false | |||
Tags: | |||
- Key: Name | |||
Value: 'blue-subnet' | |||
==Delete a Subnet== | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 delete-subnet --subnet-id subnet-09999999999999999 | |||
</syntaxhighlight> | |||
The subnet will not be deleted if it has "dependencies": | |||
<syntaxhighlight lang='text'> | |||
The subnet 'subnet-09999999999999999' has dependencies and cannot be deleted. | |||
</syntaxhighlight> | |||
For that see: | |||
* Attempt to delete from the AWS Console. Select the subnet → Actions → Delete Subnet. You will get a note: "the following subnets cannot be deleted. The following subnets contain one or more instances and cannot be deleted until those instances have been terminated. Click here to view instances. The following subnets contain one or more network interfaces and cannot be deleted until those network interfaces have been deleted Click here to view your network interfaces. | |||
* [[Amazon_VPC_Operations#Disassociate_a_Route_Table_from_a_Subnet|Disassociate a Route Table from a Subnet]] | |||
=Route Table Operations= | |||
==Describe a Route Table== | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 describe-route-tables --route-table-ids rtb-09999999999999999 | |||
</syntaxhighlight> | |||
==Create a Route Table== | |||
===Create a Route Table with CloudFormation=== | |||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route-table.html AWS::EC2::RouteTable]}} | |||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet-route-table-assoc.html|AWS::EC2::SubnetRouteTableAssociation]}} | |||
Resources: | |||
RouteTable: | |||
Type: AWS::EC2::RouteTable | |||
Properties: | |||
VpcId: !Ref VPC | |||
Tags: | |||
- Key: Name | |||
Value: "some-route-table" | |||
SubnetRouteTableAssociation: | |||
Type: AWS::EC2::SubnetRouteTableAssociation | |||
Properties: | |||
RouteTableId: !Ref RouteTable | |||
SubnetId: !Ref Subnet | |||
Note that a route table is not associated with any subnet after creation, an AWS::EC2::SubnetRouteTableAssociation resource must be explicitly created to implement the association. | |||
==Create a Route== | |||
===Create a Route with CloudFormation=== | |||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route.html AWS::EC2::Route]}} | |||
Resources: | |||
ARoute: | |||
Type: AWS::EC2::Route | |||
Properties: | |||
RouteTableId: String | |||
DestinationCidrBlock: String | |||
DestinationIpv6CidrBlock: String | |||
GatewayId: String | |||
NatGatewayId: String | |||
NetworkInterfaceId: String | |||
InstanceId: String | |||
EgressOnlyInternetGatewayId: String | |||
VpcPeeringConnectionId: String | |||
==Delete a Route== | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 delete-route --destination-cidr-block "10.20.0.0/16" --route-table-id rtb-0cccccccccccccccc | |||
</syntaxhighlight> | |||
==Disassociate a Route Table from a Subnet== | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 disassociate-route-table --association-id rtbassoc-02222222222222222 | |||
</syntaxhighlight> | |||
=Internet Gateway Operations= | |||
==Describe an Internet Gateway== | |||
aws ec2 describe-internet-gateways [--internet-gateway-ids igw-0f8b5a9295a707d16] | |||
==Create an Internet Gateway== | |||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-internetgateway.html AWS::EC2::InternetGateway]}} | |||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html AWS::EC2::VPCGatewayAttachment]}} | |||
Resources: | |||
InternetGateway: | |||
Type: AWS::EC2::InternetGateway | |||
Properties: | |||
Tags: | |||
- Key: Name | |||
Value: infinity-igw | |||
<span id='InternetGatewayVpcAttachment '></span>InternetGatewayVpcAttachment: | |||
Type: AWS::EC2::VPCGatewayAttachment | |||
Properties: | |||
InternetGatewayId: !Ref InternetGateway | |||
VpcId: !Ref VPC | |||
Note that an internet gateway is not attached with an VPC after creation, any AWS::EC2::VPCGatewayAttachment resource must be created to attach the internet gateway to a VPC. | |||
However, if the creation is performed with [[Terraform|terraform]], it seems that terraform manages this transparently. | |||
=NAT Gateway Operations= | |||
==Create a NAT Gateway== | |||
===Create a NAT Gateway with Amazon Console=== | |||
{{Internal|Create a NAT Gateway with Amazon Console|Create a NAT Gateway with Amazon Console}} | |||
===Create a NAT Gateway with CloudFormation=== | |||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-natgateway.html AWS::EC2::NatGateway]}} | |||
Resources: | |||
NATGateway: | |||
Type: AWS::EC2::NatGateway | |||
Properties: | |||
SubnetId: !Ref PublicSubnet | |||
[[Amazon_VPC_Concepts#Elastic_IP|AllocationId]]: !Ref ElasticIP | |||
Tags: | |||
- Key: Name | |||
Value: infinity-nat | |||
=Elastic IP Operations= | |||
==Describe Elastic IP Addresses== | |||
<syntaxhighlight lang='bash'> | |||
aws [--region <region>] ec2 describe-addresses | |||
</syntaxhighlight> | |||
<syntaxhighlight lang='bash'> | |||
aws [--region <region>] ec2 describe-addresses --filters Name=association-id,Values=... | |||
</syntaxhighlight> | |||
==Create an Elastic IP with CloudFormation== | |||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip.html AWS::EC2::EIP]}} | |||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip-association.html AWS::EC2::EIPAssociation]}} | |||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-network-interface-attachment.html AWS::EC2::NetworkInterfaceAttachment]}} | |||
The following sequence declares an Elastic IP address and associates it with a VPC. If the Elastic IP and the VPC are defined in the same template, the EIP must declare a dependency on a [[Amazon_VPC_Concepts#VPC-Gateway_Attachment|VPC-gateway attachment]]. | |||
Resources: | |||
ElasticIPAddress: | |||
Type: [[Amazon_VPC_Concepts#Elastic_IP_Address|AWS::EC2::EIP]] | |||
DependsOn: | |||
- [[#InternetGatewayVpcAttachment|InternetGatewayVpcAttachment]] | |||
Properties: | |||
Domain: vpc | |||
[[Amazon_VPC_Concepts#Elastic_IP_Address_EC2_Instance|InstanceId]]: String | |||
PublicIpv4Pool: String | |||
Tags: | |||
- Key: Name | |||
Value: my-elastic-address | |||
InstanceId and PublicIpv4Pool are optional. | |||
Unfortunately, AWS::EC2::EIP does support Tags, and implicitly, cannot be named in the CloudFormation template. | |||
= | =Security Group Operations= | ||
==Remove a Security Group== | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 delete-security-group --group-id sg-0b3b8bdd39f393d7a | |||
</syntaxhighlight> | |||
= | =Network ACL Operations= | ||
==Describe Network ACLs== | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 describe-network-acls --network-acl-ids acl-09999999999999999 | |||
</syntaxhighlight> | |||
=Network Interface Operations= |
Latest revision as of 22:16, 21 July 2020
Internal
Overview
VPC Operations
Create a VPC
Describe VPC
aws ec2 describe-vpcs --vpc-id <vpc-id>
Create a VPC with Amazon Console
VPC Console -> Your VPCs -> Create VPC:
Name tag: the name of the VPC
IPv4 CIDR block: 10.7.0.0/16
IPv6 CIDR block: No IPv6 CIDR Block
Tenancy: default
Create a VPC with CloudFormation
Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref PrimaryIPAddressRange EnableDnsSupport: true EnableDnsHostnames: false InstanceTenancy: "default" Tags: - Key: "Name" Value: !Ref VPCName
CIDR Block Operations
Disassociate a CIDR Block from VPC
aws ec2 disassociate-vpc-cidr-block --association-id vpc-cidr-assoc-09999999999999999 --region us-west-2
Subnet Operations
Describe Subnets
All subnets available in the AWS account:
aws ec2 describe-subnets
Describe a specific subnet:
aws ec2 describe-subnets --subnet-id subnet-09999999999999999
Describe subnets associated with a certain VCP:
aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-09999999999999999
Describe subnets with a specific CIDR block:
aws ec2 describe-subnets --filters Name=cidr-block,Values=10.20.0.0/16
Note that more sub-CIDR blocks can be used in search.
Create a Subnet
Create a Subnet with CloudFormation
Resources: Subnet1: Type: AWS::EC2::Subnet Properties: VpcId: !Ref VPC CidrBlock: String AvailabilityZone: String AssignIpv6AddressOnCreation: Boolean Ipv6CidrBlock: String MapPublicIpOnLaunch: false Tags: - Key: Name Value: 'blue-subnet'
Delete a Subnet
aws ec2 delete-subnet --subnet-id subnet-09999999999999999
The subnet will not be deleted if it has "dependencies":
The subnet 'subnet-09999999999999999' has dependencies and cannot be deleted.
For that see:
- Attempt to delete from the AWS Console. Select the subnet → Actions → Delete Subnet. You will get a note: "the following subnets cannot be deleted. The following subnets contain one or more instances and cannot be deleted until those instances have been terminated. Click here to view instances. The following subnets contain one or more network interfaces and cannot be deleted until those network interfaces have been deleted Click here to view your network interfaces.
- Disassociate a Route Table from a Subnet
Route Table Operations
Describe a Route Table
aws ec2 describe-route-tables --route-table-ids rtb-09999999999999999
Create a Route Table
Create a Route Table with CloudFormation
Resources: RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC Tags: - Key: Name Value: "some-route-table" SubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref RouteTable SubnetId: !Ref Subnet
Note that a route table is not associated with any subnet after creation, an AWS::EC2::SubnetRouteTableAssociation resource must be explicitly created to implement the association.
Create a Route
Create a Route with CloudFormation
Resources: ARoute: Type: AWS::EC2::Route Properties: RouteTableId: String DestinationCidrBlock: String DestinationIpv6CidrBlock: String GatewayId: String NatGatewayId: String NetworkInterfaceId: String InstanceId: String EgressOnlyInternetGatewayId: String VpcPeeringConnectionId: String
Delete a Route
aws ec2 delete-route --destination-cidr-block "10.20.0.0/16" --route-table-id rtb-0cccccccccccccccc
Disassociate a Route Table from a Subnet
aws ec2 disassociate-route-table --association-id rtbassoc-02222222222222222
Internet Gateway Operations
Describe an Internet Gateway
aws ec2 describe-internet-gateways [--internet-gateway-ids igw-0f8b5a9295a707d16]
Create an Internet Gateway
Resources: InternetGateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: infinity-igw InternetGatewayVpcAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref InternetGateway VpcId: !Ref VPC
Note that an internet gateway is not attached with an VPC after creation, any AWS::EC2::VPCGatewayAttachment resource must be created to attach the internet gateway to a VPC.
However, if the creation is performed with terraform, it seems that terraform manages this transparently.
NAT Gateway Operations
Create a NAT Gateway
Create a NAT Gateway with Amazon Console
Create a NAT Gateway with CloudFormation
Resources: NATGateway: Type: AWS::EC2::NatGateway Properties: SubnetId: !Ref PublicSubnet AllocationId: !Ref ElasticIP Tags: - Key: Name Value: infinity-nat
Elastic IP Operations
Describe Elastic IP Addresses
aws [--region <region>] ec2 describe-addresses
aws [--region <region>] ec2 describe-addresses --filters Name=association-id,Values=...
Create an Elastic IP with CloudFormation
The following sequence declares an Elastic IP address and associates it with a VPC. If the Elastic IP and the VPC are defined in the same template, the EIP must declare a dependency on a VPC-gateway attachment.
Resources: ElasticIPAddress: Type: AWS::EC2::EIP DependsOn: - InternetGatewayVpcAttachment Properties: Domain: vpc InstanceId: String PublicIpv4Pool: String Tags: - Key: Name Value: my-elastic-address
InstanceId and PublicIpv4Pool are optional.
Unfortunately, AWS::EC2::EIP does support Tags, and implicitly, cannot be named in the CloudFormation template.
Security Group Operations
Remove a Security Group
aws ec2 delete-security-group --group-id sg-0b3b8bdd39f393d7a
Network ACL Operations
Describe Network ACLs
aws ec2 describe-network-acls --network-acl-ids acl-09999999999999999