The main idea of this post is to have an easy way to remind how to setup a VPC using awscli, and it's not intended to explain how a VPC works and what are the benefits of them.
The setup
Assuming that you already have awscli in place and configured, this is what we should do in order to have a working VPC:
- Create a VPC with a /16 subnet (it can be /17, /18, etc. but never less than /16). I'll be using 10.88.0.0/16 for this example.
- Create, at least, in different availability zones:
- Two public subnet: 10.88.0.0/24 and 10.88.1.0/24
- Two private subnet: 10.88.2.0/24 and 10.88.3.0/24
- Create an Internet gateway and attach it to the VPC.
- Create an Elastic IP Address.
- Create a NAT gateway, attach to it the Elastic IP and place the NAT gateway in the public subnet.
- Create a couple of routing tables:
- Assign public subnet to Internet gateway with destination of 0.0.0.0/0
- Assign the private subnet to NAT gateway with destination of 0.0.0.0/0
How it should be done.
This is the full list of commands that reflects the scenario described in the setup section. I won't explain each command, but feel free to ask in the comments:
aws ec2 create-vpc --cidr-block 10.88.0.0/16
aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block 10.88.0.0/24 --availability-zone us-east-1e
aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block 10.88.1.0/24 --availability-zone us-east-1f
aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block 10.88.2.0/24 --availability-zone us-east-1e
aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block 10.88.3.0/24 --availability-zone us-east-1f
aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --vpc-id $VPC_ID --internet-gateway-id $IGW
aws ec2 create-route-table --vpc-id $VPC_ID
aws ec2 create-route --route-table-id $RTB --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW
aws ec2 allocate-address --domain vpc
aws ec2 create-nat-gateway --subnet-id $PUBLIC_SUBNET --allocation-id $EIP
aws ec2 create-route-table --vpc-id $VPC_ID
aws ec2 create-route --route-table-id $RTB_PRIVATE --destination-cidr-block 0.0.0.0/0 --gateway-id $NGW
aws ec2 associate-route-table --subnet-id $PUBLIC_SUBNET0 --route-table-id $RTB_PUB
aws ec2 associate-route-table --subnet-id $PUBLIC_SUBNET1 --route-table-id $RTB_PUB
aws ec2 associate-route-table --subnet-id $PRIVATE_SUBNET2 --route-table-id $RTB_PRIV
aws ec2 associate-route-table --subnet-id $PRIVATE_SUBNET3 --route-table-id $RTB_PRIV
Tips and tricks.
As a lot of reference to previously created resources is needed, I found useful to create a file with the following format:
export VPC_ID="vpc-<some_long_id>"
export PRIV_SUBNET="subnet-<some_long_id>"
export PUB_SUBNET="subnet-<some_long_id>"
And time to time I run source file_with_var so I can easily access them using the $.
Top comments (1)
I wish all articles were this clear.