- VPC
aws create-vpc --cidr-block 10.10.0.0/18 \
--no-amazon-provided-ipv6-cidr-block \
--tag-specifications "ResourceType=vpc, Tags=[{Key=Name,Value=kma-genesis},{Key=Lesson,Value=public-clouds}]" \
--query Vpc.VpcId \
--output text
Result: vpc-0a965db3cb8acb0ca - <vpc-id>
- 3 subnets within your VPC
aws ec2 create-subnet --vpc-id="<vpc-id>" --cidr-block 10.10.1.0/24
aws ec2 create-subnet --vpc-id="<vpc-id>" --cidr-block 10.10.2.0/24
aws ec2 create-subnet --vpc-id="<vpc-id>" --cidr-block 10.10.3.0/24
Result:
{
"Subnet": {
"AvailabilityZone": "us-east-1f",
"AvailabilityZoneId": "use1-az5",
"AvailableIpAddressCount": 251,
"CidrBlock": "10.10.1.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-0c70453934ded182e", - <subnet-id-1>
"VpcId": "vpc-0a965db3cb8acb0ca",
"OwnerId": "088937777598",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"SubnetArn": "arn:aws:ec2:us-east-1:088937777598:subnet/subnet-0c70453934ded182e"
}
}
{
"Subnet": {
"AvailabilityZone": "us-east-1f",
"AvailabilityZoneId": "use1-az5",
"AvailableIpAddressCount": 251,
"CidrBlock": "10.10.2.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-060337f291647bc0a", - <subnet-id-2>
"VpcId": "vpc-0a965db3cb8acb0ca",
"OwnerId": "088937777598",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"SubnetArn": "arn:aws:ec2:us-east-1:088937777598:subnet/subnet-060337f291647bc0a"
}
}
{
"Subnet": {
"AvailabilityZone": "us-east-1f",
"AvailabilityZoneId": "use1-az5",
"AvailableIpAddressCount": 251,
"CidrBlock": "10.10.3.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-0b5528d3c23c0c721", - <subnet-id-3>
"VpcId": "vpc-0a965db3cb8acb0ca",
"OwnerId": "088937777598",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"SubnetArn": "arn:aws:ec2:us-east-1:088937777598:subnet/subnet-0b5528d3c23c0c721"
}
}
aws ec2 create-internet-gateway --query InternetGateway.InternetGatewayId --output text
Result: igw-04ae604bde1d95fd4 - <gateway-id>
aws ec2 attach-internet-gateway --internet-gateway-id <gateway-id> --vpc-id <vpc-id>
- AWS Autoscaling group (ASG)
- EC2 instance within ASG based on latest AMI Amazon Linux 2 with 15GiB attached EBS (Elastic block storage)
aws ec2 create-launch-template --launch-template-name my-template-for-auto-scaling --version-description version1 \
--launch-template-data '{"BlockDeviceMappings":[{"DeviceName":"/dev/xvdcz","Ebs":{"VolumeSize":15,"VolumeType":"gp2","DeleteOnTermination":true}}],"ImageId":"ami-02e136e904f3da870","InstanceType":"t2.micro"}'
Result:
{
"LaunchTemplate": {
"LaunchTemplateId": "lt-0ed4053d1b8d0b705", - <lt-id>
"LaunchTemplateName": "my-template-for-auto-scaling",
"CreateTime": "2021-10-26T19:55:42+00:00",
"CreatedBy": "arn:aws:iam::088937777598:user/cli2",
"DefaultVersionNumber": 1,
"LatestVersionNumber": 1
}
}
aws autoscaling create-auto-scaling-group \
--auto-scaling-group-name my-asg \
--launch-template LaunchTemplateId=<lt-id> \
--min-size 1 \
--max-size 3 \
--vpc-zone-identifier "<subnet-id-1>,<subnet-id-2>,<subnet-id-3>" \
- Add to your EC2 instance Security groups, that allows connection to TCP ports 22 (SSH), 80 (HTTP), 443 (HTTPS)
aws ec2 create-security-group --group-name Genesis-ssh --description "Genesis security group for ssh (22)" --vpc-id <vpc-id>
aws ec2 create-security-group --group-name Genesis-http --description "Genesis security group for http (80)" --vpc-id <vpc-id>
aws ec2 create-security-group --group-name Genesis-https --description "Genesis security group for https (443)" --vpc-id <vpc-id>
Result:
{
"GroupId": "sg-00a662d9ae9c90402" - <gr-id-1>
}
{
"GroupId": "sg-0e558d70085434943" - <gr-id-2>
}
{
"GroupId": "sg-09209542da367ecc6" - <gr-id-3>
}
aws ec2 authorize-security-group-ingress --group-id <gr-id-1> --protocol tcp --port 80
aws ec2 authorize-security-group-ingress --group-id <gr-id-2> --protocol tcp --port 22
aws ec2 authorize-security-group-ingress --group-id <gr-id-3> --protocol tcp --port 433
Result:
{
"Return": true,
"SecurityGroupRules": []
}
(x3)
aws ec2 describe-instances
Result:
...
"InstanceId": "i-0969e3f263ee86833", - <i-id>
...
aws ec2 modify-instance-attribute --instance-id <i-id> --groups "<gr-id-1>" "<gr-id-2>" "<gr-id-3>"
- Put Application Load Balancer (ALB) as a proxy to your ASG
aws elb create-load-balancer --load-balancer-name my-load-balancer \
--listeners "Protocol=HTTP,LoadBalancerPort=80,InstanceProtocol=HTTP,InstancePort=80" \
--subnets subnet-0c70453934ded182e \
--security-groups sg-00a662d9ae9c90402
aws elb create-load-balancer --load-balancer-name my-load-balancer \
--listeners "Protocol=HTTP,LoadBalancerPort=80,InstanceProtocol=HTTP,InstancePort=80" \
--subnets <subnet-id-1> \
--security-groups <gr-id-1>
Result:
{
"DNSName": "my-load-balancer-192905928.us-east-1.elb.amazonaws.com"
}
aws autoscaling attach-load-balancers \
--load-balancer-names my-load-balancer \
--auto-scaling-group-name my-asg