Boto3 tutorial: create a vpc, a security group, a subnet, an instance on that subnet, then make that instance 'pingable' from Internet

boto3_tutorial.py

import boto3

# http://boto3.readthedocs.io/en/latest/reference/services/ec2.html#service-resource

ec2 = boto3.resource('ec2', aws_access_key_id='AWS_ACCESS_KEY_ID',
                     aws_secret_access_key='AWS_SECRET_ACCESS_KEY',
                     region_name='us-west-2')

# create VPC
vpc = ec2.create_vpc(CidrBlock='192.168.0.0/16')
# we can assign a name to vpc, or any resource, by using tag
vpc.create_tags(Tags=[{"Key": "Name", "Value": "default_vpc"}])
vpc.wait_until_available()
print(vpc.id)

# create then attach internet gateway
ig = ec2.create_internet_gateway()
vpc.attach_internet_gateway(InternetGatewayId=ig.id)
print(ig.id)

# create a route table and a public route
route_table = vpc.create_route_table()
route = route_table.create_route(
    DestinationCidrBlock='0.0.0.0/0',
    GatewayId=ig.id
)
print(route_table.id)

# create subnet
subnet = ec2.create_subnet(CidrBlock='192.168.1.0/24', VpcId=vpc.id)
print(subnet.id)

# associate the route table with the subnet
route_table.associate_with_subnet(SubnetId=subnet.id)

# Create sec group
sec_group = ec2.create_security_group(
    GroupName='slice_0', Description='slice_0 sec group', VpcId=vpc.id)
sec_group.authorize_ingress(
    CidrIp='0.0.0.0/0',
    IpProtocol='icmp',
    FromPort=-1,
    ToPort=-1
)
print(sec_group.id)

# find image id ami-835b4efa / us-west-2
# Create instance
instances = ec2.create_instances(
    ImageId='ami-835b4efa', InstanceType='t2.micro', MaxCount=1, MinCount=1,
    NetworkInterfaces=[{'SubnetId': subnet.id, 'DeviceIndex': 0, 'AssociatePublicIpAddress': True, 'Groups': [sec_group.group_id]}])
instances[0].wait_until_running()
print(instances[0].id)

create_vpc currently return dicts. To get the objects you need to make a separate call

ec2_client = session.client('ec2', REGION)
ec2_resource = session.resource('ec2', REGION)
create_vpc_response = ec2_client.create_vpc(CidrBlock=cidr_block)
vpc = ec2_resource.Vpc(create_vpc_response["Vpc"]["VpcId"])

create_subnet can be run directly on the vpc object

subnet = vpc.create_subnet(CidrBlock=subnet_cidr, AvailabilityZone="{}{}".format(REGION, az))

create_internet_gateway also returns a dict

create_ig_response = ec2_client.create_internet_gateway()
ig_id = create_ig_response["InternetGateway"]["InternetGatewayId"]

Creating the VPC also automatically creates a route table so you don't need to create an additional

for route_table in vpc.route_tables.all():  # There should only be one route table to start with
    route_table.create_route(DestinationCidrBlock='0.0.0.0/0', GatewayId=ig_id
)

Quick q: Is it better these days to setup services like this directly with Python/boto3 or use Amazon's own CloudFormation which templates all this already?

Whatever floats your boat. Hell where I work we don't use either and we use Terraform instead.

create_vpc currently return dicts. To get the objects you need to make a separate call

Neah that is if you use the client (low level)
He is using resource which is called abstraction I think (object level)

Quick q: Is it better these days to setup services like this directly with Python/boto3 or use Amazon's own CloudFormation which templates all this already?

terraform

Thanks. Anyone else having difficulty finding boto3 'resources' vs 'client' oriented documents?

I don't like the way you allocated subnets. You'll only have 256 IP addresses. You need a /19 suffix, not a /24 suffix. 2^13 = 8192, 2^8 = 256. By going from /16 to /19 you lose 3 bits that can be used in IP addresses in the subnet, but it'll allow you to have 8 subnets (more than the 6 at us-east-1 that AWS allows). If you need 2 subnets, you can do /17, 3 subnets, do /18. It'll give you 10x the number of IP addresses you can use. I think that's worth some math.