Learn basic Amazon Virtual Private Cloud network configuration in this excerpt from Packt's "AWS Networking Cookbook."
In this chapter, we will learn how to quickly create different AWS VPC networking topologies. We will also learn how to connect two VPCs in the same region or across different AWS regions. The criteria for choosing one of the different available topologies of VPC will depend on the following different considerations:
- Availability of the application deployed to AWS: Single AZ deployment can provide moderate availability. Multi AZ deployments will provide high availability and fault tolerance of a single AZ failure. Multi region deployment will provide very high availability of the application. It will be available even if the complete region of AWS fails.
- Creating a public and private subnet: Public and private subnets need to be created based on the security requirements of different layers of the application.
- Connectivity requirement between data center (DC) and AWS Cloud: For securely connecting DC and AWS Cloud, a VPN needs to be created. For high bandwidth and dedicated connectivity, direct connect can be configured. VPN hub can be created for connecting multiple DCs to AWS VPCs.
- Connectivity among different VPCs: Different VPCs in the same or different regions may need to be connected for security and high availability.
AWS provides a VPC wizard for the quick creation of some of these topologies to fit their exact use case.
Creating a VPC and subnet from the CLI
AWS CLI is a command-line interface that facilitates managing AWS resources from the command line. Until now we have learnt recipes for creating AWS networking components from the console. In this recipe we'll learn how to create them through the CLI. This will help you understand how scripts can be written to automate the management of network components.
You will need to configure the CLI in the system from which you are going to execute the commands.
How to do it...
Follow the steps provided to create AWS VPC and subnet from CLI.
- Open your command prompt and give the command:
aws ec2 create-vpc --profile user2 --region us-east-1 --cidr-block 10.0.0.0/16 --amazon-provided-ipv6-cidr-block
The different components of our command are explained as follows:
- aws ec2 create-vpc: This is the command for creating a VPC profile.
- user2: This is the user profile with which a VPC is being created. You may omit this if you want to create the VPC with a default profile.
- region us-east-1: This is the AWS region where the VPC is going to be created. You can omit this if you want to create it in the default region.
- cidr-block 10.0.0.0/16: This is the IPv4 CIDR block associated with the VPC.
- amazon-provided-ipv6-cidr-block: This is an option if you want AWS to associate IPv6 to be with VPC.(Click on image for a larger view)
Create VPC from CLI
- You can see the response where a VPC is created with the ID vpc-23e0795a with a given CIDR range for both IPv4 and IPv6.
- You can browse to the AWS console for the VPC and check that the VPC has been created with the properties shown in the command prompt. (Click on the image for larger view)
View VPC created from CLI
- Now let's create a subnet in the VPC by giving the following command:
aws ec2 create-subnet --profile user2 --region us-east-1 --vpc-id vpc-23e0795a --cidr-block 10.0.1.0/24 --ipv6-cidr-block 2600:1f18:4659:5c00::/64
Here we are providing the profile and region that we explained earlier. We are also providing the following options:
- vpc-id vpc-23e0795a: The VPC in which subnet will be created
- cidr-block 10.0.1.0/24: The IPv4 CIDR range of the subnet
- ipv6-cidr-block 2600:1f18:4659:5c00::/64: The IPv6 IP range associated with the subnet (Click on image for larger view)
Create subnet from CLI
- We can browse to the AWS VPC console and go to subnets. We can see the subnet created as shown in the following screenshot (click on image for larger view):
View subnet created from CLI
You’ve seen how you can create multiple VPCs and subnets in multiple regions from a single script. There are multiple other third-party tools such as Terraform, Chef, and Ansible through which you can also create and manage AWS components. Or, you could also use AWS CloudFormation. We will look at some of these in next chapters.