This shell script leverages the AWS Command Line Interface (AWS CLI) to create a custom AWS Virtual Private Cloud (VPC). The script automates the creation of a custom IPv4 VPC, having both public and private subnets, and a NAT gateway.
I created this script as a learning exercise to familiarize myself with the detailed configuration steps required to create a custom VPC. Administrators are shielded from some of these details when using the AWS Console and I desired a better understanding.
The script assumes the AWS CLI is installed and configured with the necessary security credentials. Procedures for installing the AWS CLI can be found by following the links below.
- Install Python, pip, and the AWS Command Line Interface on Linux
- Install the AWS Command Line Interface on Microsoft Windows
- Install the AWS Command Line Interface on macOS
- Install the AWS Command Line Interface in a Virtual Environment
- Install the AWS CLI Using the Bundled Installer (Linux, macOS, or Unix)
I use a MacBook Pro and prefer the convenience of a package manager such as Homebrew. If you use a Mac and have Homebrew already installed, you can easily install the AWS CLI using the following command.
$ brew install awscli
After the AWS CLI is installed, you'll need to configure it.
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json
The AWS CLI will prompt you for four pieces of information. AWS Access Key ID and AWS Secret Access Key are your account credentials. The two remaining settings are optional. Detailed information for configuring the AWS CLI can be found here. If you don't have keys, see the Getting Set Up section.
You can either clone this repository or you can download just this script to your workstation.
$ curl -sL https://raw.githubusercontent.com/kovarus/aws-cli-create-vpcs/master/aws-cli-create-vpc.sh > aws-cli-create-vpc.sh
The GitHub repository must be public for the preceding command to work.
The script is configured by setting variables within the script.
#==============================================================================
# MODIFY THE SETTINGS BELOW
#==============================================================================
#
AWS_REGION="us-west-1"
VPC_NAME="My VPC"
VPC_CIDR="10.0.0.0/16"
SUBNET_PUBLIC_CIDR="10.0.1.0/24"
SUBNET_PUBLIC_AZ="us-west-1a"
SUBNET_PUBLIC_NAME="10.0.1.0 - us-west-1a"
SUBNET_PRIVATE_CIDR="10.0.2.0/24"
SUBNET_PRIVATE_AZ="us-west-1c"
SUBNET_PRIVATE_NAME="10.0.2.0 - us-west-1b"
CHECK_FREQUENCY=5
The variables are predefined with common values which work out-of-the-box. Feel free to modify them as follows.
- Set
AWS_REGION
to the AWS region you wish to create your VPC in. You can find a list of AWS regions here. The list of available regions can change as AWS becomes available in new locations. A more programmatic method for obtaining a list of available AWS regions would to use the the AWS CLI itself.$ aws ec2 describe-regions --output text REGIONS ec2.ap-south-1.amazonaws.com ap-south-1 REGIONS ec2.eu-west-2.amazonaws.com eu-west-2 REGIONS ec2.eu-west-1.amazonaws.com eu-west-1 REGIONS ec2.ap-northeast-2.amazonaws.com ap-northeast-2 REGIONS ec2.ap-northeast-1.amazonaws.com ap-northeast-1 REGIONS ec2.sa-east-1.amazonaws.com sa-east-1 REGIONS ec2.ca-central-1.amazonaws.com ca-central-1 REGIONS ec2.ap-southeast-1.amazonaws.com ap-southeast-1 REGIONS ec2.ap-southeast-2.amazonaws.com ap-southeast-2 REGIONS ec2.eu-central-1.amazonaws.com eu-central-1 REGIONS ec2.us-east-1.amazonaws.com us-east-1 REGIONS ec2.us-east-2.amazonaws.com us-east-2 REGIONS ec2.us-west-1.amazonaws.com us-west-1 REGIONS ec2.us-west-2.amazonaws.com us-west-2
- Set
VPC_NAME
to the name you prefer for your VPC. Generally allowed characters are: letters, spaces, and numbers representable in UTF-8, plus the following special characters: + - = . _ : / @. - Set
VPC_CIDR
to a single CIDR block sized between a/16
netmask and/28
netmask. See VPC and Subnet Sizing for more information. - Set
SUBNET_PUBLIC_CIDR
to a valid CIDR block for the VPC CIDR block you specified in the preceding step. See VPC and Subnet Sizing for more information. EC2 instances deployed into this subnet will be accessible from the Internet. - Set
SUBNET_PUBLIC_AZ
to an AWS Availability Zone which is valid for the region you specified in the preceding step. You can obtain a list of valid Availability Zones using the AWS CLI itself.$ aws ec2 describe-availability-zones --output text --region us-west-1 AVAILABILITYZONES us-west-1 available us-west-1a AVAILABILITYZONES us-west-1 available us-west-1c
- Set
SUBNET_PUBLIC_NAME
to a name of your choosing. I prefer a format of<subnet address> - <availability zone>
. For example, if I was creating a subnet with a CIDR block of10.0.1.0/24
in theus-west-1a
Availability Zone, I would name the subnet as10.0.1.0 - us-west-1a
. - Set
SUBNET_PRIVATE_CIDR
to a valid CIDR block for the VPC CIDR block you specified in the preceding step. See VPC and Subnet Sizing for more information. EC2 instances deployed into this subnet will NOT be accessible from the Internet, but will have access TO the Internet via a NAT Gateway. - Set
SUBNET_PRIVATE_AZ
to an AWS Availability Zone other than the one you specified for the Public Subnet. Deploying multiple subnets across two or more Availability Zones is a best practice. Be sure to specify an Availability Zone which is in the same region you specified in the preceding step. - Set
SUBNET_PRIVATE_NAME
to a name of your choosing. See the recommended format per the preceding step. - I recommend leaving
CHECK_FREQUENCY
as is. This specifies the number of seconds the script should wait when repeatedly checking the status of a task for completion. In this specific case, one of the steps in the script inititates the creation of a NAT Gateway and the script must wait until the NAT Gateway is available before proceeding with the remaining steps.
Run the script as follows and monitor the status for completion.
$ ./aws-cli-create-vpc.sh
Creating VPC in preferred region...
VPC ID 'vpc-6c10b108' CREATED in 'us-west-1' region.
VPC ID 'vpc-6c10b108' NAMED as 'My VPC'.
Creating Public Subnet...
Subnet ID 'subnet-ebea998f' CREATED in 'us-west-1a' Availability Zone.
Subnet ID 'subnet-ebea998f' NAMED as '10.0.1.0 - us-west-1a'.
Creating Private Subnet...
Subnet ID 'subnet-6c54d634' CREATED in 'us-west-1c' Availability Zone.
Subnet ID 'subnet-6c54d634' NAMED as '10.0.2.0 - us-west-1b'.
Creating Internet Gateway...
Internet Gateway ID 'igw-ede8c188' CREATED.
Internet Gateway ID 'igw-ede8c188' ATTACHED to VPC ID 'vpc-6c10b108'.
Creating Route Table...
Route Table ID 'rtb-8630ace2' CREATED.
Route to '0.0.0.0/0' via Internet Gateway ID 'igw-ede8c188' ADDED to Route Table ID 'rtb-8630ace2'.
Public Subnet ID 'subnet-ebea998f' ASSOCIATED with Route Table ID 'rtb-8630ace2'.
'Auto-assign Public IP' ENABLED on Public Subnet ID 'subnet-ebea998f'.
Creating NAT Gateway...
Elastic IP address ID 'eipalloc-daeacbe0' ALLOCATED.
Creating NAT Gateway ID 'nat-007f5446e719fdd4e' and waiting for it to become available.
Please BE PATIENT as this can take some time to complete.
......
STATUS: AVAILABLE - 00h:01m:49s elapsed while waiting for NAT Gateway to become available...
......
NAT Gateway ID 'nat-007f5446e719fdd4e' is now AVAILABLE.
Main Route Table ID is 'rtb-b930acdd'.
Route to '0.0.0.0/0' via NAT Gateway with ID 'nat-007f5446e719fdd4e' ADDED to Route Table ID 'rtb-b930acdd'.
COMPLETED
When creating a custom VPC, there are several tasks which must be performed. The AWS Console simplifies the process by abstracting away some of the details and automating some of the procedures. Below is a listing of the steps required to create a custom VPC having both Public and Private Subnets and configuring the Private Subnet with access to the Internet via a NAT Gateway.
- Create a VPC
- Add a tag to name the VPC
- Create a Public Subnet
- Add a tag to name the Public Subnet
- Create a Private Subnet
- Add a tag to name the Private Subnet
- Create an Internet Gateway
- Attach the Internet Gateway to the VPC
- Create a new Route Table
- Add a route to the Internet Gateway to the new Route Table
- Associate the Public Subnet with the new Route Table
- Enable the Auto-assign Public IP setting on the Public Subnet
- Configure the Private Subnet with a NAT Gateway
- Allocate an Elastic IP Address for the NAT Gateway
- Create a NAT Gateway and wait for it to become available
- Add a route to the NAT Gateway to the Main Route Table
- 0.1.0 — (03/18/2017) first release
- 0.0.1 — (02/25/2017) work in progress
- Joe Arauzo - https://github.com/JoeArauzo
Copyright 2017 Joseph Arauzo
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.