Amazon VPC Operations
Jump to navigation
Jump to search
Internal
Overview
VPC Operations
Create a VPC
Describe VPC
aws ec2 describe-vpcs --vpc-id <vpc-id>
Create a VPC with Amazon Console
VPC Console -> Your VPCs -> Create VPC:
Name tag: the name of the VPC
IPv4 CIDR block: 10.7.0.0/16
IPv6 CIDR block: No IPv6 CIDR Block
Tenancy: default
Create a VPC with CloudFormation
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref PrimaryIPAddressRange
EnableDnsSupport: true
EnableDnsHostnames: false
InstanceTenancy: "default"
Tags:
- Key: "Name"
Value: !Ref VPCName
Subnet Operations
Describe Subnets
All subnets available in the AWS account:
aws ec2 describe-subnets
<syntaxhighlight lang='bash'>
Subnets associated with a certain VCP
<syntaxhighlight lang='bash'>
aws ec2 describe-subnets --filters Name=vpc-id,Values=vpc-09999999999999999
<syntaxhighlight lang='bash'>
==Create a Subnet==
===Create a Subnet with CloudFormation===
Resources:
Subnet1:
Type: AWS::EC2::Subnet
Properties:
[[Amazon_VPC_Concepts#Subnet|VpcId]]: !Ref VPC
[[Amazon_VPC_Concepts#Subnet|CidrBlock]]: String
AvailabilityZone: String
AssignIpv6AddressOnCreation: Boolean
[[Amazon_VPC_Concepts#Subnet|Ipv6CidrBlock]]: String
[[Amazon_VPC_Concepts#Mapping_Public_IP_Addressed_on_Launch|MapPublicIpOnLaunch]]: false
Tags:
- Key: Name
Value: 'blue-subnet'
=Route Table Operations=
==Create a Route Table==
===Create a Route Table with CloudFormation===
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route-table.html AWS::EC2::RouteTable]}}
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet-route-table-assoc.html|AWS::EC2::SubnetRouteTableAssociation]}}
Resources:
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: "some-route-table"
SubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref Subnet
Note that a route table is not associated with any subnet after creation, an AWS::EC2::SubnetRouteTableAssociation resource must be explicitly created to implement the association.
==Create a Route==
===Create a Route with CloudFormation===
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route.html AWS::EC2::Route]}}
Resources:
ARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: String
DestinationCidrBlock: String
DestinationIpv6CidrBlock: String
GatewayId: String
NatGatewayId: String
NetworkInterfaceId: String
InstanceId: String
EgressOnlyInternetGatewayId: String
VpcPeeringConnectionId: String
=Internet Gateway Operations=
==Describe an Internet Gateway==
aws ec2 describe-internet-gateways [--internet-gateway-ids igw-0f8b5a9295a707d16]
==Create an Internet Gateway==
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-internetgateway.html AWS::EC2::InternetGateway]}}
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html AWS::EC2::VPCGatewayAttachment]}}
Resources:
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: infinity-igw
<span id='InternetGatewayVpcAttachment '></span>InternetGatewayVpcAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
Note that an internet gateway is not attached with an VPC after creation, any AWS::EC2::VPCGatewayAttachment resource must be created to attach the internet gateway to a VPC.
However, if the creation is performed with [[Terraform|terraform]], it seems that terraform manages this transparently.
=NAT Gateway Operations=
==Create a NAT Gateway==
===Create a NAT Gateway with Amazon Console===
{{Internal|Create a NAT Gateway with Amazon Console|Create a NAT Gateway with Amazon Console}}
===Create a NAT Gateway with CloudFormation===
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-natgateway.html AWS::EC2::NatGateway]}}
Resources:
NATGateway:
Type: AWS::EC2::NatGateway
Properties:
SubnetId: !Ref PublicSubnet
[[Amazon_VPC_Concepts#Elastic_IP|AllocationId]]: !Ref ElasticIP
Tags:
- Key: Name
Value: infinity-nat
=Elastic IP Operations=
==Describe Elastic IP Addresses==
aws [--region <region>] ec2 describe-addresses
==Create an Elastic IP with CloudFormation==
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip.html AWS::EC2::EIP]}}
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip-association.html AWS::EC2::EIPAssociation]}}
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-network-interface-attachment.html AWS::EC2::NetworkInterfaceAttachment]}}
The following sequence declares an Elastic IP address and associates it with a VPC. If the Elastic IP and the VPC are defined in the same template, the EIP must declare a dependency on a [[Amazon_VPC_Concepts#VPC-Gateway_Attachment|VPC-gateway attachment]].
Resources:
ElasticIPAddress:
Type: [[Amazon_VPC_Concepts#Elastic_IP_Address|AWS::EC2::EIP]]
DependsOn:
- [[#InternetGatewayVpcAttachment|InternetGatewayVpcAttachment]]
Properties:
Domain: vpc
[[Amazon_VPC_Concepts#Elastic_IP_Address_EC2_Instance|InstanceId]]: String
PublicIpv4Pool: String
Tags:
- Key: Name
Value: my-elastic-address
InstanceId and PublicIpv4Pool are optional.
Unfortunately, AWS::EC2::EIP does support Tags, and implicitly, cannot be named in the CloudFormation template.
=Security Group Operations=
==Remove a Security Group==
<syntaxhighlight lang='bash'>
aws ec2 delete-security-group --group-id sg-0b3b8bdd39f393d7a