diff --git a/generic-infra-code/vpc_aws-cli/README.txt b/generic-infra-code/vpc_aws-cli/README.txt new file mode 100644 index 0000000..6cfe746 --- /dev/null +++ b/generic-infra-code/vpc_aws-cli/README.txt @@ -0,0 +1,176 @@ +#create VPC, Subnets, Route tables, Security groups and Instances using AWS CLI +#step by step + +Prerequisites + +#You have the aws account and You can sign up and setting it up. +# You can set up configure to awscli in your machine. + +If you have those two set up, then you’re good to go. Now, let’s get started + +Step 1 — Create a VPC +To create a VPC, open up your terminal and enter the following command: + +#aws ec2 create-vpc --cidr-block 10.0.0.0/16 + +You can decide to add a tag to your VPC to easily identify it once you start having multiple VPCs, to do this, run the command below: + +#aws ec2 create-tags --resources --tags Key=,Value= + +EXPLAIN: + +--tags Key=,Value=: Specify the tags you want to associate with the resource + Replace with the desired tag key (e.g., “Name”) and with the corresponding value (e.g., “MyVPC”). + +show the vpcs, run the command below: + +#aws ec2 describe-vpcs + +Step 2 - Create public and private subnets +To create the public subnet, run the following command: + +#aws ec2 create-subnet --vpc-id --cidr-block 10.0.1.0/24 + +Again, your terminal should respond with information about the subnet you’ve just made. +Pick out the subnet id and add a tag to it just as we’ve done for the VPC itself: + +#aws ec2 create-tags --resources --tags Key=,Value= + +And for the private subnet: + +#aws ec2 create-subnet --vpc-id --cidr-block 10.0.2.0/24 + +And for the tag: + +aws ec2 create-tags --resources --tags Key=,Value= + +show the subnets, run the command below: + +#aws ec2 describe-subnets + +Step 3 - Create internet gateway for the VPC +To create an internet gateway, use the following command: + +#aws ec2 create-internet-gateway + +You can add a tag to the internet gateway: + +#aws ec2 create-tags --resources --tags Key=,Value= + +Then attach the internet gateway to the VPC: + +#aws ec2 attach-internet-gateway --internet-gateway-id --vpc-id + +Step 4 - Create an elastic IP address for NAT gateway +Run the following command to create an elastic IP address: + +#aws ec2 allocate-address --domain vpc + +Step 5 - Create a NAT gateway +To create a NAT gateway, use the following command: + +#aws ec2 create-nat-gateway --subnet-id --allocation-id + +Then add a tag to the NAT gateway: + +#aws ec2 create-tags --resources --tags Key=,Value= + +Step 6 - Create a route table for each subnet +To create a route table, use the following command:(public) + +#aws ec2 create-route-table --vpc-id + +You can tag the first route table as public: + +#aws ec2 create-tags --resources --tags Key=,Value= + +To create a route table, use the following command:(private) + +#aws ec2 create-route-table --vpc-id + +Then tag the second route table as private: + +#aws ec2 create-tags --resources --tags Key=,Value= + +Step 7 - Create routes +We’ll first attach the route table created for the public subnet to the internet gateway. +The route matches all IPv4 traffic (0.0.0.0/0) and routes it to the specified Internet gateway. +use the following command: + +#aws ec2 create-route --route-table-id --destination-cidr-block 0.0.0.0/0 --gateway-id + +Then attach the route table created for the private subnet to the NAT gateway. +The route matches all IPv4 traffic (0.0.0.0/0) and routes it to the specified NAT gateway. +use the following command: + +#aws ec2 create-route --route-table-id --destination-cidr-block 0.0.0.0/0 --gateway-id + +Step 8 - Associate route table to subnet +Associate the public route table to the public subnet. +use the following command: + +#aws ec2 associate-route-table --route-table-id --subnet-id + +Associate the private route table to the private subnet. +use the following command: + +#aws ec2 associate-route-table --route-table-id --subnet-id + +Step 9 - Create a security groups for the VPC +To create a security group with the following command:(Public) + +#aws ec2 create-security-group --group-name --description "" --vpc-id + +Add a tag to the public security group: + +#aws ec2 create-tags --resources --tags Key=,Value= + +Then we specify rules for the security group created. port 80 allows inbound HTTP access from all IPv4 addresses +and port 22 allows inbound SSH access to instances from IPv4 IP addresses in your network. + +#aws ec2 authorize-security-group-ingress --group-id --protocol tcp --port 22 --cidr 0.0.0.0/0 + +#aws ec2 authorize-security-group-ingress --group-id --protocol tcp --port 80 --cidr 0.0.0.0/0 + +To create a security group with the following command:(PRIVATE) + +#aws ec2 create-security-group --group-name --description "" --vpc-id + +Add a tag to the private security group: + +#aws ec2 create-tags --resources --tags Key=,Value= + +Create Two Security Groups One for Private [Edit the Inbound rules with RDP, HTTP/HTTPS, SSH and map 10.0.1.0/24 of Public in the source] + +#aws ec2 authorize-security-group-ingress --group-id --protocol tcp --port 22 --cidr 10.0.1.0/24 + + +Step 10 - Create Key-pair +use the following command: + +#aws ec2 create-key-pair --key-name cli-keyPair --query 'KeyMaterial' --output text > cli-keyPair.pem + + +Step 11 - Run an instance +Create Two EC2s one in public and one in private subnets with proper Security Groups. +Use the following command:(public) + +#aws ec2 run-instances --image-id ami-0533f2ba8a1995cf9 --instance-type t2.micro --count 1 --subnet-id \ +--security-group-ids --associate-public-ip-address --key-name cli-keyPair + +Add a tag to the instance created: + +#aws ec2 create-tags --resources --tags Key=,Value= + +Use the following command:(private) + +#aws ec2 run-instances --image-id ami-0533f2ba8a1995cf9 --instance-type t2.micro --count 1 --subnet-id \ +--security-group-ids --key-name cli-keyPair + +Add a tag to the instance created: + +#aws ec2 create-tags --resources --tags Key=,Value= + +Login into Public ec2 and check the internet connection and now login into the Private EC2 and verify the connectivity and Internet facility +and check the ssh connection from othre ec2 to private ec2 ....So if you don't get the connection,......it is work...... +