Created
December 6, 2019 23:40
-
-
Save tylerapplebaum/804899a93d66f99c51ea6321b1359906 to your computer and use it in GitHub Desktop.
Create an AWS VPC with public, private IPv4 and IPv6 subnets, NAT GW, Internet GW, Egress-Only IGW, and all routes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#To-do | |
# Create security group for private subnet and allow ICMPv4, ICMPv6 and SSH from public subnet. | |
$SubnetIncrement = 1 | |
$SubnetIPv4CIDR = "172.31.0.0/16" | |
$VPC = aws ec2 create-vpc --cidr-block $SubnetIPv4CIDR --amazon-provided-ipv6-cidr-block --region us-west-2 | ConvertFrom-Json | Select-Object -ExpandProperty Vpc | |
aws ec2 create-tags --resources $VPC.VpcId --tags Key=Name,Value=TFC-Study | |
$VPCInfo = aws ec2 describe-vpcs --vpc-id $VPC.VpcId | ConvertFrom-Json | Select-Object -ExpandProperty Vpcs | |
$IPv6SubnetParent = $VPCInfo.Ipv6CidrBlockAssociationSet.Ipv6CidrBlock | |
$IPv6Subnet1 = $IPv6SubnetParent -Replace '.::/56',"$SubnetIncrement`:`:/64" | |
$IPv6Subnet2 = $IPv6SubnetParent -Replace '.::/56',"$($SubnetIncrement + 1)`:`:/64" | |
$PublicSubnet = aws ec2 create-subnet --vpc-id $VPC.VpcId --cidr-block 172.31.$SubnetIncrement.0/24 --ipv6-cidr-block $IPv6Subnet1 --availability-zone us-west-2a | ConvertFrom-Json | Select-Object -ExpandProperty Subnet | |
aws ec2 modify-subnet-attribute --subnet-id $PublicSubnet.SubnetId --assign-ipv6-address-on-creation | |
aws ec2 create-tags --resources $PublicSubnet.SubnetId --tags Key=Name,Value=TFC-Study-Subnet1 | |
$PrivateSubnet = aws ec2 create-subnet --vpc-id $VPC.VpcId --cidr-block 172.31.$($SubnetIncrement + 1).0/24 --ipv6-cidr-block $IPv6Subnet2 --availability-zone us-west-2b | ConvertFrom-Json | Select-Object -ExpandProperty Subnet | |
aws ec2 modify-subnet-attribute --subnet-id $PrivateSubnet.SubnetId --assign-ipv6-address-on-creation | |
aws ec2 create-tags --resources $PrivateSubnet.SubnetId --tags Key=Name,Value=TFC-Study-Subnet2 | |
$IGW = aws ec2 create-internet-gateway | ConvertFrom-Json | Select-Object -ExpandProperty InternetGateway | |
$EIP = aws ec2 allocate-address --domain vpc | ConvertFrom-Json | |
$NATGW = aws ec2 create-nat-gateway --subnet-id $PublicSubnet.SubnetId --allocation-id $EIP.AllocationId | ConvertFrom-Json | Select-Object -ExpandProperty NatGateway | |
aws ec2 attach-internet-gateway --vpc-id $VPC.VpcId --internet-gateway-id $IGW.InternetGatewayId | |
$PublicRouteTable = aws ec2 create-route-table --vpc-id $VPC.VpcId | ConvertFrom-Json | Select-Object -ExpandProperty RouteTable | |
aws ec2 create-tags --resources $PublicRouteTable.RouteTableId --tags Key=Name,Value=TFC-Study-Public | |
$PublicRoute = aws ec2 create-route --route-table-id $PublicRouteTable.RouteTableId --destination-ipv6-cidr-block ::/0 --gateway-id $IGW.InternetGatewayId #Can these be combined? | |
$PublicRoute = aws ec2 create-route --route-table-id $PublicRouteTable.RouteTableId --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW.InternetGatewayId | |
aws ec2 associate-route-table --subnet-id $PublicSubnet.SubnetId --route-table-id $PublicRouteTable.RouteTableId | |
$EIGW = aws ec2 create-egress-only-internet-gateway --vpc-id $VPC.VpcId | ConvertFrom-Json | Select-Object -ExpandProperty EgressOnlyInternetGateway | |
$PrivateRouteTable = aws ec2 create-route-table --vpc-id $VPC.VpcId | ConvertFrom-Json | Select-Object -ExpandProperty RouteTable | |
aws ec2 create-tags --resources $PrivateRouteTable.RouteTableId --tags Key=Name,Value=TFC-Study-Private | |
$PrivateRoute = aws ec2 create-route --route-table-id $PrivateRouteTable.RouteTableId --destination-ipv6-cidr-block ::/0 --egress-only-internet-gateway-id $EIGW.EgressOnlyInternetGatewayId | |
$PrivateRoute = aws ec2 create-route --route-table-id $PrivateRouteTable.RouteTableId --destination-cidr-block 0.0.0.0/0 --nat-gateway-id $NATGW.NatGatewayId | |
aws ec2 associate-route-table --subnet-id $PrivateSubnet.SubnetId --route-table-id $PrivateRouteTable.RouteTableId |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment