Amazon VPC Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 224: Line 224:
==Describe Elastic IP Addresses==
==Describe Elastic IP Addresses==


aws [--region <region>] ec2 describe-addresses
<syntaxhighlight lang='bash'>
aws [--region <region>] ec2 describe-addresses
</syntaxhighlight>
 
<syntaxhighlight lang='bash'>
aws [--region <region>] ec2 describe-addresses --filters Name=association-id,Values=...
</syntaxhighlight>


==Create an Elastic IP with CloudFormation==
==Create an Elastic IP with CloudFormation==

Revision as of 21:17, 21 July 2020

Internal

Overview

VPC Operations

Create a VPC

Describe VPC

aws ec2 describe-vpcs --vpc-id <vpc-id>

Create a VPC with Amazon Console

VPC Console -> Your VPCs -> Create VPC:

Name tag: the name of the VPC

IPv4 CIDR block: 10.7.0.0/16

IPv6 CIDR block: No IPv6 CIDR Block

Tenancy: default

Create a VPC with CloudFormation

AWS::EC2::VPC
Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties: 
      CidrBlock: !Ref PrimaryIPAddressRange
      EnableDnsSupport: true
      EnableDnsHostnames: false
      InstanceTenancy: "default"
      Tags:
        - Key: "Name"
          Value: !Ref VPCName

CIDR Block Operations

Disassociate a CIDR Block from VPC

aws ec2 disassociate-vpc-cidr-block --association-id vpc-cidr-assoc-09999999999999999 --region us-west-2

Subnet Operations

AWS::EC2::Subnet

Describe Subnets

All subnets available in the AWS account:

aws ec2 describe-subnets

Describe a specific subnet:

aws ec2 describe-subnets --subnet-id subnet-09999999999999999

Describe subnets associated with a certain VCP:

aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-09999999999999999

Describe subnets with a specific CIDR block:

aws ec2 describe-subnets --filters Name=cidr-block,Values=10.20.0.0/16

Note that more sub-CIDR blocks can be used in search.

Create a Subnet

Create a Subnet with CloudFormation

Resources:
  Subnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: String
      AvailabilityZone: String
      AssignIpv6AddressOnCreation: Boolean
      Ipv6CidrBlock: String
      MapPublicIpOnLaunch: false
      Tags:
        - Key: Name
          Value: 'blue-subnet'

Delete a Subnet

aws ec2 delete-subnet --subnet-id subnet-09999999999999999

The subnet will not be deleted if it has "dependencies":

The subnet 'subnet-09999999999999999' has dependencies and cannot be deleted.

For that see:

Route Table Operations

Describe a Route Table

aws ec2 describe-route-tables --route-table-ids rtb-09999999999999999

Create a Route Table

Create a Route Table with CloudFormation

AWS::EC2::RouteTable
[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet-route-table-assoc.html
Resources:

  RouteTable:
    Type: AWS::EC2::RouteTable
    Properties: 
        VpcId: !Ref VPC
        Tags:
          - Key: Name
            Value: "some-route-table"

  SubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties: 
      RouteTableId: !Ref RouteTable
      SubnetId: !Ref Subnet

Note that a route table is not associated with any subnet after creation, an AWS::EC2::SubnetRouteTableAssociation resource must be explicitly created to implement the association.

Create a Route

Create a Route with CloudFormation

AWS::EC2::Route
Resources:
  ARoute:
    Type: AWS::EC2::Route
    Properties: 
      RouteTableId: String
      DestinationCidrBlock: String
      DestinationIpv6CidrBlock: String
      GatewayId: String
      NatGatewayId: String
      NetworkInterfaceId: String
      InstanceId: String
      EgressOnlyInternetGatewayId: String
      VpcPeeringConnectionId: String

Delete a Route

aws ec2 delete-route --destination-cidr-block "10.20.0.0/16" --route-table-id rtb-0cccccccccccccccc

Disassociate a Route Table from a Subnet

aws ec2 disassociate-route-table --association-id rtbassoc-02222222222222222

Internet Gateway Operations

Describe an Internet Gateway

aws ec2 describe-internet-gateways [--internet-gateway-ids igw-0f8b5a9295a707d16]

Create an Internet Gateway

AWS::EC2::InternetGateway
AWS::EC2::VPCGatewayAttachment
Resources:

  InternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties: 
      Tags:
        - Key: Name
          Value: infinity-igw

  InternetGatewayVpcAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties: 
        InternetGatewayId: !Ref InternetGateway
        VpcId: !Ref VPC

Note that an internet gateway is not attached with an VPC after creation, any AWS::EC2::VPCGatewayAttachment resource must be created to attach the internet gateway to a VPC.

However, if the creation is performed with terraform, it seems that terraform manages this transparently.

NAT Gateway Operations

Create a NAT Gateway

Create a NAT Gateway with Amazon Console

Create a NAT Gateway with Amazon Console

Create a NAT Gateway with CloudFormation

AWS::EC2::NatGateway
Resources:
  NATGateway:
    Type: AWS::EC2::NatGateway
    Properties: 
       SubnetId: !Ref PublicSubnet
       AllocationId: !Ref ElasticIP
       Tags: 
         - Key: Name
           Value: infinity-nat

Elastic IP Operations

Describe Elastic IP Addresses

aws [--region <region>] ec2 describe-addresses
aws [--region <region>] ec2 describe-addresses --filters Name=association-id,Values=...

Create an Elastic IP with CloudFormation

AWS::EC2::EIP
AWS::EC2::EIPAssociation
AWS::EC2::NetworkInterfaceAttachment

The following sequence declares an Elastic IP address and associates it with a VPC. If the Elastic IP and the VPC are defined in the same template, the EIP must declare a dependency on a VPC-gateway attachment.

Resources:
  ElasticIPAddress:
    Type: AWS::EC2::EIP
    DependsOn:
      - InternetGatewayVpcAttachment
    Properties:
      Domain: vpc
      InstanceId: String
      PublicIpv4Pool: String
      Tags:
         - Key: Name
           Value: my-elastic-address

InstanceId and PublicIpv4Pool are optional.

Unfortunately, AWS::EC2::EIP does support Tags, and implicitly, cannot be named in the CloudFormation template.

Security Group Operations

Remove a Security Group

aws ec2 delete-security-group --group-id sg-0b3b8bdd39f393d7a

Network ACL Operations=

Describe Network ACLs

aws ec2 describe-network-acls --network-acl-ids acl-09999999999999999