AWS Classroom Series – 28/Feb/2020

Solution for the exercises

  1. Now continue to create vpc with 4 subnets out of which two subnets are private and 2 are public.
## Create a vpc
aws ec2 create-vpc --cidr-block '10.10.0.0/16'

# For shell scripts export vpcid = 'vpc-0bec25679d1be0400'
#  For powershell $vpcid = 'vpc-0bec25679d1be0400'
# vpc id

aws ec2 create-subnet --cidr-block '10.10.0.0/24' --vpc-id $vpcid
# subnet id
# $subnet1 = 'subnet-01cc74cc2dde74755'
aws ec2 create-subnet --cidr-block '10.10.1.0/24' --vpc-id $vpcid
# subnet id
#  $subnet2 = 'subnet-02eff93367aab7879'
aws ec2 create-subnet --cidr-block '10.10.2.0/24' --vpc-id $vpcid
# subnet id
# $subnet3 = 'subnet-0ae049fff83fcc624'
aws ec2 create-subnet --cidr-block '10.10.3.0/24' --vpc-id $vpcid
# subnet id
# $subnet4 = 'subnet-0c05bfe3d7b003aa2'

# create internet gateway
aws ec2  create-internet-gateway
# internet gateway id
# $igw = 'igw-0a2618cdb8bf0fad3'

# attach internet gateway to vpc
aws ec2 attach-internet-gateway --internet-gateway-id  $igw  --vpc-id $vpcid


# create private route table
aws ec2 create-route-table --vpc-id $vpcid

# {
#     "RouteTable": {
#         "Associations": [],
#         "PropagatingVgws": [],
#         "RouteTableId": "rtb-053c4d74337724a5a",
#         "Routes": [
#             {
#                 "DestinationCidrBlock": "10.10.0.0/16",
#                 "GatewayId": "local",
#                 "Origin": "CreateRouteTable",
#                 "State": "active"
#             }
#         ],
#         "Tags": [],
#         "VpcId": "vpc-0bec25679d1be0400",
#         "OwnerId": "798279872530"
#     }
# }
# $privatert = 'rtb-053c4d74337724a5a'

# create public route table
aws ec2 create-route-table --vpc-id $vpcid

# $publicrt  = 'rtb-0fbabde61ee2edf64'

# create a route for public rt to internet gateway
aws ec2 create-route --gateway-id $igw --route-table-id $publicrt --destination-cidr-block '0.0.0.0/0'


# associate public rt to subnet1 and subnet2
aws ec2 associate-route-table --route-table-id $publicrt --subnet-id $subnet1

# {
#     "AssociationId": "rtbassoc-0ed5fb13e526212ab",
#     "AssociationState": {
#         "State": "associated"
#     }
# }

aws ec2 associate-route-table --route-table-id $publicrt --subnet-id $subnet2
# {
#     "AssociationId": "rtbassoc-031c89f0ff89746dd",
#     "AssociationState": {
#         "State": "associated"
#     }
# }

# associate private rt to subnet3 and subnet4 

aws ec2 associate-route-table --route-table-id $privatert --subnet-id $subnet3

# {
#     "AssociationId": "rtbassoc-09df82b5c4c045b91",
#     "AssociationState": {
#         "State": "associated"
#     }
# }

aws ec2 associate-route-table --route-table-id $privatert --subnet-id $subnet4

# {
#     "AssociationId": "rtbassoc-01327320d20923690",
#     "AssociationState": {
#         "State": "associated"
#     }
# }
  1. Create a Security Group and NACL
# Create a security group to allow ssh http and https inbound and everything outbound

aws ec2 create-security-group --description 'Allowsshandhttp' --group-name 'allowimp' --vpc-id $vpcid
# $sgid = 'sg-0a32918b1a48c9986'


aws ec2  authorize-security-group-ingress --group-id $sgid --protocol 'tcp' --port '22' --cidr '0.0.0.0/0'

aws ec2  authorize-security-group-ingress --group-id $sgid --protocol 'tcp' --port '80' --cidr '0.0.0.0/0'

aws ec2  authorize-security-group-ingress --group-id $sgid --protocol 'tcp' --port '443' --cidr '0.0.0.0/0'


# create nacl

aws ec2 create-network-acl --vpc-id $vpcid

# {
#     "NetworkAcl": {
#         "Associations": [],
#         "Entries": [
#             {
#                 "CidrBlock": "0.0.0.0/0",
#                 "Egress": true,
#                 "IcmpTypeCode": {},
#                 "PortRange": {},
#                 "Protocol": "-1",
#                 "RuleAction": "deny",
#                 "RuleNumber": 32767
#             },
#             {
#                 "CidrBlock": "0.0.0.0/0",
#                 "Egress": false,
#                 "IcmpTypeCode": {},
#                 "PortRange": {},
#                 "Protocol": "-1",
#                 "RuleAction": "deny",
#                 "RuleNumber": 32767
#             }
#         ],
#         "IsDefault": false,
#         "NetworkAclId": "acl-0f171f7081fa484c5",
#         "Tags": [],
#         "VpcId": "vpc-0bec25679d1be0400",
#         "OwnerId": "798279872530"
#     }
# }

# $nacl = 'acl-0f171f7081fa484c5'

# add nacl entry to allow communication within vpc both inbound and outbound

aws ec2 create-network-acl-entry --network-acl-id $nacl --ingress  --rule-number 300 --protocol tcp --port-range From=0,To=65535 --rule-action allow --cidr-block 10.10.0.0/16 

aws ec2 create-network-acl-entry --network-acl-id $nacl --egress  --rule-number 300 --protocol tcp --port-range From=0,To=65535 --rule-action allow --cidr-block 0.0.0.0/0 

aws ec2 create-network-acl-entry --network-acl-id $nacl --ingress  --rule-number 310 --protocol tcp --port-range From=22,To=22 --rule-action allow --cidr-block 0.0.0.0/0 

aws ec2 create-network-acl-entry --network-acl-id $nacl --ingress  --rule-number 320 --protocol tcp --port-range From=80,To=80 --rule-action allow --cidr-block 0.0.0.0/0

# deny all traffic from 8.8.8.8

aws ec2 create-network-acl-entry --network-acl-id $nacl --ingress  --rule-number 290 --protocol tcp --port-range From=0,To=65535 --rule-action deny --cidr-block 8.8.8.8/32

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube