pcgeek86/build-aws-vpc.ps1

## build-aws-vpc.ps1
<#
- Creates an Amazon Web Services (AWS) Virtual Private Cloud (VPC) in the us-west-2 (Oregon) region.
- VPC contains two public subnets and two private subnets.
- NAT Gateway is created to handle outbount Internet traffic from private subnets.
- Internet Gateway is created to handle in/outbound Internet traffic for public subnets.
- iex (iwr https://gist.githubusercontent.com/pcgeek86/523b3b7c80eb25bd7f993354509268d0/raw).Content
#>
function Add-EC2NameTag {
  <#
  .Synopsis
  Helper function that adds a Name tag to an EC2 resource ID.
  #>
  [CmdletBinding()]
  param (
    [Parameter(Mandatory = $true)]
    [string] $Name,
    [Parameter(Mandatory = $true)]
    [string] $ResourceId
  )
  $Tag = [Amazon.EC2.Model.Tag]::new('Name', $Name)
  New-EC2Tag -Tag $Tag -Resource $ResourceId
}

$Region = 'us-west-2'
$VPC = New-EC2Vpc -CidrBlock 10.8.0.0/16
Write-Host -Object ('Created new VPC {0}' -f $VPC.VpcId)

$PublicSubnet1 = New-EC2Subnet -VpcId $VPC.VpcId -CidrBlock 10.8.1.0/24 -Region $Region -AvailabilityZone us-west-2a
$PublicSubnet2 = New-EC2Subnet -VpcId $VPC.VpcId -CidrBlock 10.8.2.0/24 -Region $Region -AvailabilityZone us-west-2c
$PrivateSubnet1 = New-EC2Subnet -VpcId $VPC.VpcId -CidrBlock 10.8.6.0/24 -Region $Region -AvailabilityZone us-west-2b
$PrivateSubnet2 = New-EC2Subnet -VpcId $VPC.VpcId -CidrBlock 10.8.7.0/24 -Region $Region -AvailabilityZone us-west-2c
Write-Host -Object ('Created VPC subnets: {0} {1} {2} {3}' -f $PublicSubnet1.SubnetId, $PublicSubnet2.SubnetId, $PrivateSubnet1.SubnetId, $PrivateSubnet2.SubnetId)

# Create VPC Internet Gateway and attach to VPC
$InternetGateway = New-EC2InternetGateway -Region $Region
Add-EC2InternetGateway -InternetGatewayId $InternetGateway.InternetGatewayId -VpcId $VPC.VpcId
Write-Host -Object ('Created Internet Gateway {0}' -f $InternetGateway.InternetGatewayId)

# Add route to Internet to public subnets
$MainRouteTableFilter = [Amazon.EC2.Model.Filter]::new()
$MainRouteTableFilter.Name = 'association.main'
$MainRouteTableFilter.Values = @('true')
$RouteTable = Get-EC2RouteTable -Filter $MainRouteTableFilter | ? VpcId -eq $VPC.VpcId
$null = New-EC2Route -GatewayId $InternetGateway.InternetGatewayId -DestinationCidrBlock 0.0.0.0/0 -RouteTableId $RouteTable.RouteTableId

# For private subnets to access Internet, create a NAT Gateway
$ElasticIP = New-EC2Address
$NATGateway = New-EC2NatGateway -Region $Region -SubnetId $PublicSubnet1.SubnetId -AllocationId $ElasticIP.AllocationId
while ((Get-EC2NatGateway -NatGatewayId $NATGateway.NatGateway.NatGatewayId).State -ne 'Available') {
  Write-Host -Object ('Waiting for NAT Gateway {0} to be available ...' -f $NATGateway.NatGateway.NatGatewayId)
  Start-Sleep -Seconds 10
}

# We need a separate EC2 VPC Route Table to enable private subnets to route outbound to Internet
$PrivateRouteTable = New-EC2RouteTable -VpcId $VPC.VpcId
$null = New-EC2Route -DestinationCidrBlock 0.0.0.0/0 -NatGatewayId $NATGateway.NatGateway.NatGatewayId -RouteTableId $PrivateRouteTable.RouteTableId

# Associate the private subnets with the route table pointing to the NAT Gateway
Register-EC2RouteTable -SubnetId $PrivateSubnet1.SubnetId -RouteTableId $PrivateRouteTable.RouteTableId
Register-EC2RouteTable -SubnetId $PrivateSubnet2.SubnetId -RouteTableId $PrivateRouteTable.RouteTableId

# Add tags to VPC resources
$TagName = 'Trevor'
Add-EC2NameTag -Name $TagName -Resource $VPC.VpcId
Add-EC2NameTag -Name $TagName -Resource $InternetGateway.InternetGatewayId
Add-EC2NameTag -Name $TagName -Resource $RouteTable.RouteTableId
Add-EC2NameTag -Name $TagName -Resource $NATGateway.NatGateway.NatGatewayId

# Tag the subnets that were created earlier
Add-EC2NameTag -Name Trevor-PublicSubnet1 -Resource $PublicSubnet1.SubnetId
Add-EC2NameTag -Name Trevor-PublicSubnet2 -Resource $PublicSubnet2.SubnetId
Add-EC2NameTag -Name Trevor-PrivateSubnet1 -Resource $PrivateSubnet1.SubnetId
Add-EC2NameTag -Name Trevor-PrivateSubnet2 -Resource $PrivateSubnet2.SubnetId

# Tag the private route table
Add-EC2NameTag -Name PrivateRouteTable -Resource $PrivateRouteTable.RouteTableId
	<#
	- Creates an Amazon Web Services (AWS) Virtual Private Cloud (VPC) in the us-west-2 (Oregon) region.
	- VPC contains two public subnets and two private subnets.
	- NAT Gateway is created to handle outbount Internet traffic from private subnets.
	- Internet Gateway is created to handle in/outbound Internet traffic for public subnets.
	- iex (iwr https://gist.githubusercontent.com/pcgeek86/523b3b7c80eb25bd7f993354509268d0/raw).Content
	#>
	function Add-EC2NameTag {
	<#
	.Synopsis
	Helper function that adds a Name tag to an EC2 resource ID.
	#>
	[CmdletBinding()]
	param (
	[Parameter(Mandatory = $true)]
	[string] $Name,
	[Parameter(Mandatory = $true)]
	[string] $ResourceId
	)
	$Tag = [Amazon.EC2.Model.Tag]::new('Name', $Name)
	New-EC2Tag -Tag $Tag -Resource $ResourceId
	}

	$Region = 'us-west-2'
	$VPC = New-EC2Vpc -CidrBlock 10.8.0.0/16
	Write-Host -Object ('Created new VPC {0}' -f $VPC.VpcId)

	$PublicSubnet1 = New-EC2Subnet -VpcId $VPC.VpcId -CidrBlock 10.8.1.0/24 -Region $Region -AvailabilityZone us-west-2a
	$PublicSubnet2 = New-EC2Subnet -VpcId $VPC.VpcId -CidrBlock 10.8.2.0/24 -Region $Region -AvailabilityZone us-west-2c
	$PrivateSubnet1 = New-EC2Subnet -VpcId $VPC.VpcId -CidrBlock 10.8.6.0/24 -Region $Region -AvailabilityZone us-west-2b
	$PrivateSubnet2 = New-EC2Subnet -VpcId $VPC.VpcId -CidrBlock 10.8.7.0/24 -Region $Region -AvailabilityZone us-west-2c
	Write-Host -Object ('Created VPC subnets: {0} {1} {2} {3}' -f $PublicSubnet1.SubnetId, $PublicSubnet2.SubnetId, $PrivateSubnet1.SubnetId, $PrivateSubnet2.SubnetId)

	# Create VPC Internet Gateway and attach to VPC
	$InternetGateway = New-EC2InternetGateway -Region $Region
	Add-EC2InternetGateway -InternetGatewayId $InternetGateway.InternetGatewayId -VpcId $VPC.VpcId
	Write-Host -Object ('Created Internet Gateway {0}' -f $InternetGateway.InternetGatewayId)

	# Add route to Internet to public subnets
	$MainRouteTableFilter = [Amazon.EC2.Model.Filter]::new()
	$MainRouteTableFilter.Name = 'association.main'
	$MainRouteTableFilter.Values = @('true')
	$RouteTable = Get-EC2RouteTable -Filter $MainRouteTableFilter \| ? VpcId -eq $VPC.VpcId
	$null = New-EC2Route -GatewayId $InternetGateway.InternetGatewayId -DestinationCidrBlock 0.0.0.0/0 -RouteTableId $RouteTable.RouteTableId

	# For private subnets to access Internet, create a NAT Gateway
	$ElasticIP = New-EC2Address
	$NATGateway = New-EC2NatGateway -Region $Region -SubnetId $PublicSubnet1.SubnetId -AllocationId $ElasticIP.AllocationId
	while ((Get-EC2NatGateway -NatGatewayId $NATGateway.NatGateway.NatGatewayId).State -ne 'Available') {
	Write-Host -Object ('Waiting for NAT Gateway {0} to be available ...' -f $NATGateway.NatGateway.NatGatewayId)
	Start-Sleep -Seconds 10
	}

	# We need a separate EC2 VPC Route Table to enable private subnets to route outbound to Internet
	$PrivateRouteTable = New-EC2RouteTable -VpcId $VPC.VpcId
	$null = New-EC2Route -DestinationCidrBlock 0.0.0.0/0 -NatGatewayId $NATGateway.NatGateway.NatGatewayId -RouteTableId $PrivateRouteTable.RouteTableId

	# Associate the private subnets with the route table pointing to the NAT Gateway
	Register-EC2RouteTable -SubnetId $PrivateSubnet1.SubnetId -RouteTableId $PrivateRouteTable.RouteTableId
	Register-EC2RouteTable -SubnetId $PrivateSubnet2.SubnetId -RouteTableId $PrivateRouteTable.RouteTableId

	# Add tags to VPC resources
	$TagName = 'Trevor'
	Add-EC2NameTag -Name $TagName -Resource $VPC.VpcId
	Add-EC2NameTag -Name $TagName -Resource $InternetGateway.InternetGatewayId
	Add-EC2NameTag -Name $TagName -Resource $RouteTable.RouteTableId
	Add-EC2NameTag -Name $TagName -Resource $NATGateway.NatGateway.NatGatewayId

	# Tag the subnets that were created earlier
	Add-EC2NameTag -Name Trevor-PublicSubnet1 -Resource $PublicSubnet1.SubnetId
	Add-EC2NameTag -Name Trevor-PublicSubnet2 -Resource $PublicSubnet2.SubnetId
	Add-EC2NameTag -Name Trevor-PrivateSubnet1 -Resource $PrivateSubnet1.SubnetId
	Add-EC2NameTag -Name Trevor-PrivateSubnet2 -Resource $PrivateSubnet2.SubnetId

	# Tag the private route table
	Add-EC2NameTag -Name PrivateRouteTable -Resource $PrivateRouteTable.RouteTableId