Amazon VPC Operations: Difference between revisions
| Line 254: | Line 254: | ||
<syntaxhighlight lang='bash'> | <syntaxhighlight lang='bash'> | ||
aws ec2 delete-security-group --group-id sg-0b3b8bdd39f393d7a | aws ec2 delete-security-group --group-id sg-0b3b8bdd39f393d7a | ||
</syntaxhighlight> | |||
=Network ACL Operations== | |||
==Describe Network ACLs== | |||
<syntaxhighlight lang='bash'> | |||
aws ec2 describe-network-acls --network-acl-ids acl-09999999999999999 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Revision as of 21:11, 21 July 2020
Internal
Overview
VPC Operations
Create a VPC
Describe VPC
aws ec2 describe-vpcs --vpc-id <vpc-id>
Create a VPC with Amazon Console
VPC Console -> Your VPCs -> Create VPC:
Name tag: the name of the VPC
IPv4 CIDR block: 10.7.0.0/16
IPv6 CIDR block: No IPv6 CIDR Block
Tenancy: default
Create a VPC with CloudFormation
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref PrimaryIPAddressRange
EnableDnsSupport: true
EnableDnsHostnames: false
InstanceTenancy: "default"
Tags:
- Key: "Name"
Value: !Ref VPCName
CIDR Block Operations
Disassociate a CIDR Block from VPC
aws ec2 disassociate-vpc-cidr-block --association-id vpc-cidr-assoc-09999999999999999 --region us-west-2
Subnet Operations
Describe Subnets
All subnets available in the AWS account:
aws ec2 describe-subnets
Describe a specific subnet:
aws ec2 describe-subnets --subnet-id subnet-09999999999999999
Describe subnets associated with a certain VCP:
aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-09999999999999999
Describe subnets with a specific CIDR block:
aws ec2 describe-subnets --filters Name=cidr-block,Values=10.20.0.0/16
Note that more sub-CIDR blocks can be used in search.
Create a Subnet
Create a Subnet with CloudFormation
Resources:
Subnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: String
AvailabilityZone: String
AssignIpv6AddressOnCreation: Boolean
Ipv6CidrBlock: String
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: 'blue-subnet'
Delete a Subnet
aws ec2 delete-subnet --subnet-id subnet-09999999999999999
The subnet will not be deleted if it has "dependencies":
The subnet 'subnet-09999999999999999' has dependencies and cannot be deleted.
For that see:
Route Table Operations
Describe a Route Table
aws ec2 describe-route-tables --route-table-ids rtb-09999999999999999
Create a Route Table
Create a Route Table with CloudFormation
Resources:
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: "some-route-table"
SubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref Subnet
Note that a route table is not associated with any subnet after creation, an AWS::EC2::SubnetRouteTableAssociation resource must be explicitly created to implement the association.
Create a Route
Create a Route with CloudFormation
Resources:
ARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: String
DestinationCidrBlock: String
DestinationIpv6CidrBlock: String
GatewayId: String
NatGatewayId: String
NetworkInterfaceId: String
InstanceId: String
EgressOnlyInternetGatewayId: String
VpcPeeringConnectionId: String
Delete a Route
aws ec2 delete-route --destination-cidr-block "10.20.0.0/16" --route-table-id rtb-0cccccccccccccccc
Disassociate a Route Table from a Subnet
aws ec2 disassociate-route-table --association-id rtbassoc-02222222222222222
Internet Gateway Operations
Describe an Internet Gateway
aws ec2 describe-internet-gateways [--internet-gateway-ids igw-0f8b5a9295a707d16]
Create an Internet Gateway
Resources:
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: infinity-igw
InternetGatewayVpcAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
Note that an internet gateway is not attached with an VPC after creation, any AWS::EC2::VPCGatewayAttachment resource must be created to attach the internet gateway to a VPC.
However, if the creation is performed with terraform, it seems that terraform manages this transparently.
NAT Gateway Operations
Create a NAT Gateway
Create a NAT Gateway with Amazon Console
Create a NAT Gateway with CloudFormation
Resources:
NATGateway:
Type: AWS::EC2::NatGateway
Properties:
SubnetId: !Ref PublicSubnet
AllocationId: !Ref ElasticIP
Tags:
- Key: Name
Value: infinity-nat
Elastic IP Operations
Describe Elastic IP Addresses
aws [--region <region>] ec2 describe-addresses
Create an Elastic IP with CloudFormation
The following sequence declares an Elastic IP address and associates it with a VPC. If the Elastic IP and the VPC are defined in the same template, the EIP must declare a dependency on a VPC-gateway attachment.
Resources:
ElasticIPAddress:
Type: AWS::EC2::EIP
DependsOn:
- InternetGatewayVpcAttachment
Properties:
Domain: vpc
InstanceId: String
PublicIpv4Pool: String
Tags:
- Key: Name
Value: my-elastic-address
InstanceId and PublicIpv4Pool are optional.
Unfortunately, AWS::EC2::EIP does support Tags, and implicitly, cannot be named in the CloudFormation template.
Security Group Operations
Remove a Security Group
aws ec2 delete-security-group --group-id sg-0b3b8bdd39f393d7a
Network ACL Operations=
Describe Network ACLs
aws ec2 describe-network-acls --network-acl-ids acl-09999999999999999