Create an AWS VPC with public, private IPv4 and IPv6 subnets, NAT GW, Internet GW, Egress-Only IGW, and all routes

VPC CLI.ps1

#To-do
#   Create security group for private subnet and allow ICMPv4, ICMPv6 and SSH from public subnet.

$SubnetIncrement = 1
$SubnetIPv4CIDR = "172.31.0.0/16"

$VPC = aws ec2 create-vpc --cidr-block $SubnetIPv4CIDR --amazon-provided-ipv6-cidr-block --region us-west-2 | ConvertFrom-Json | Select-Object -ExpandProperty Vpc

aws ec2 create-tags --resources $VPC.VpcId --tags Key=Name,Value=TFC-Study

$VPCInfo = aws ec2 describe-vpcs --vpc-id $VPC.VpcId | ConvertFrom-Json | Select-Object -ExpandProperty Vpcs
$IPv6SubnetParent = $VPCInfo.Ipv6CidrBlockAssociationSet.Ipv6CidrBlock
$IPv6Subnet1 = $IPv6SubnetParent -Replace '.::/56',"$SubnetIncrement`:`:/64"
$IPv6Subnet2 = $IPv6SubnetParent -Replace '.::/56',"$($SubnetIncrement + 1)`:`:/64"

$PublicSubnet = aws ec2 create-subnet --vpc-id $VPC.VpcId --cidr-block 172.31.$SubnetIncrement.0/24 --ipv6-cidr-block $IPv6Subnet1 --availability-zone us-west-2a | ConvertFrom-Json | Select-Object -ExpandProperty Subnet
aws ec2 modify-subnet-attribute --subnet-id $PublicSubnet.SubnetId --assign-ipv6-address-on-creation

aws ec2 create-tags --resources $PublicSubnet.SubnetId --tags Key=Name,Value=TFC-Study-Subnet1

$PrivateSubnet = aws ec2 create-subnet --vpc-id $VPC.VpcId --cidr-block 172.31.$($SubnetIncrement + 1).0/24 --ipv6-cidr-block $IPv6Subnet2 --availability-zone us-west-2b | ConvertFrom-Json | Select-Object -ExpandProperty Subnet
aws ec2 modify-subnet-attribute --subnet-id $PrivateSubnet.SubnetId --assign-ipv6-address-on-creation

aws ec2 create-tags --resources $PrivateSubnet.SubnetId --tags Key=Name,Value=TFC-Study-Subnet2

$IGW = aws ec2 create-internet-gateway | ConvertFrom-Json | Select-Object -ExpandProperty InternetGateway

$EIP = aws ec2 allocate-address --domain vpc | ConvertFrom-Json
$NATGW = aws ec2 create-nat-gateway --subnet-id $PublicSubnet.SubnetId --allocation-id $EIP.AllocationId | ConvertFrom-Json | Select-Object -ExpandProperty NatGateway 

aws ec2 attach-internet-gateway --vpc-id $VPC.VpcId --internet-gateway-id $IGW.InternetGatewayId

$PublicRouteTable = aws ec2 create-route-table --vpc-id $VPC.VpcId | ConvertFrom-Json | Select-Object -ExpandProperty RouteTable 

aws ec2 create-tags --resources $PublicRouteTable.RouteTableId --tags Key=Name,Value=TFC-Study-Public

$PublicRoute = aws ec2 create-route --route-table-id $PublicRouteTable.RouteTableId --destination-ipv6-cidr-block ::/0 --gateway-id $IGW.InternetGatewayId #Can these be combined?
$PublicRoute = aws ec2 create-route --route-table-id $PublicRouteTable.RouteTableId --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW.InternetGatewayId

aws ec2 associate-route-table --subnet-id $PublicSubnet.SubnetId --route-table-id $PublicRouteTable.RouteTableId

$EIGW = aws ec2 create-egress-only-internet-gateway --vpc-id $VPC.VpcId | ConvertFrom-Json | Select-Object -ExpandProperty EgressOnlyInternetGateway

$PrivateRouteTable = aws ec2 create-route-table --vpc-id $VPC.VpcId | ConvertFrom-Json | Select-Object -ExpandProperty RouteTable

aws ec2 create-tags --resources $PrivateRouteTable.RouteTableId --tags Key=Name,Value=TFC-Study-Private

$PrivateRoute = aws ec2 create-route --route-table-id $PrivateRouteTable.RouteTableId --destination-ipv6-cidr-block ::/0 --egress-only-internet-gateway-id $EIGW.EgressOnlyInternetGatewayId
$PrivateRoute = aws ec2 create-route --route-table-id $PrivateRouteTable.RouteTableId --destination-cidr-block 0.0.0.0/0 --nat-gateway-id $NATGW.NatGatewayId

aws ec2 associate-route-table --subnet-id $PrivateSubnet.SubnetId --route-table-id $PrivateRouteTable.RouteTableId