Getting Started with AWS using the AWS CLI

In a previous article I demonstrated how to get started with AWS by creating a public IPv4 VPC and subnet before creating a new EC2 instance. In this article, I’ll demonstrate how the same can be done using the AWS CLI.

This article assumes you have already installed and configured the AWS CLI. You can follow one of my previous guides depending on whether you use Ubuntu, CentOS or an Arch variant.

Contents [hide]

1 Create a VPC
2 Create a Subnet
3 Create an Internet Gateway
4 Add a Default Route to the Internet
5 Create an EC2 Instance
6 Delete Everything

Create a VPC

[andy@home-pc ~]$ aws ec2 create-vpc --cidr-block 10.0.0.0/16

[andy@home-pc ~]$ aws ec2 create-vpc --cidr-block 10.0.0.0/16

To give it a tag, use the VpcId from the above output with the create-tags command.

[andy@home-pc ~]$ aws ec2 create-tags --resources vpc-0a87343e757ab2111 --tags "Key=Name,Value=default-vpc"

[andy@home-pc ~]$ aws ec2 create-tags --resources vpc-0a87343e757ab2111 --tags "Key=Name,Value=default-vpc"

Create a Subnet

[andy@home-pc ~]$ aws ec2 create-subnet --vpc-id vpc-0a87343e757ab2111 --cidr-block 10.0.0.0/24

[andy@home-pc ~]$ aws ec2 create-subnet --vpc-id vpc-0a87343e757ab2111 --cidr-block 10.0.0.0/24

Create the tag with:

[andy@home-pc ~]$ aws ec2 create-tags --resources subnet-02611e07a2f707c9a --tags "Key=Name,Value=subnet-000-pikedom"

[andy@home-pc ~]$ aws ec2 create-tags --resources subnet-02611e07a2f707c9a --tags "Key=Name,Value=subnet-000-pikedom"

Create an Internet Gateway

[andy@home-pc ~]$ aws ec2 create-internet-gateway

[andy@home-pc ~]$ aws ec2 create-internet-gateway

To give it a name, add a tag like so:

[andy@home-pc ~]$ aws ec2 create-tags --resources igw-08a69c59e92515b98 --tags "Key=Name,Value=default-internet-gw"

[andy@home-pc ~]$ aws ec2 create-tags --resources igw-08a69c59e92515b98 --tags "Key=Name,Value=default-internet-gw"

Attach the internet gateway to the VPC.

[andy@home-pc ~]$ aws ec2 attach-internet-gateway --vpc-id vpc-0a87343e757ab2111 --internet-gateway-id igw-08a69c59e92515b98

[andy@home-pc ~]$ aws ec2 attach-internet-gateway --vpc-id vpc-0a87343e757ab2111 --internet-gateway-id igw-08a69c59e92515b98

Add a Default Route to the Internet

[andy@home-pc ~]$ aws ec2 create-route-table --vpc-id vpc-0a87343e757ab2111

[andy@home-pc ~]$ aws ec2 create-route-table --vpc-id vpc-0a87343e757ab2111

Give it a tag.

[andy@home-pc ~]$ aws ec2 create-tags --resources rtb-00ae80f48a64a935e --tags "Key=Name,Value=default-routing-table"

[andy@home-pc ~]$ aws ec2 create-tags --resources rtb-00ae80f48a64a935e --tags "Key=Name,Value=default-routing-table"

Then create a route the points all traffic the internet.

[andy@home-pc ~]$ aws ec2 create-route --route-table-id rtb-00ae80f48a64a935e --destination-cidr-block 0.0.0.0/0 --gateway-id igw-08a69c59e92515b98

{

"Return": true

}

[andy@home-pc ~]$ aws ec2 create-route --route-table-id rtb-00ae80f48a64a935e --destination-cidr-block 0.0.0.0/0 --gateway-id igw-08a69c59e92515b98 { "Return": true }

[andy@home-pc ~]$ aws ec2 create-route --route-table-id rtb-00ae80f48a64a935e --destination-cidr-block 0.0.0.0/0 --gateway-id igw-08a69c59e92515b98
{
    "Return": true
}

Check everything looks okay with the following command.

[andy@home-pc ~]$ aws ec2 describe-route-tables --route-table-id rtb-00ae80f48a64a935e

[andy@home-pc ~]$ aws ec2 describe-route-tables --route-table-id rtb-00ae80f48a64a935e

Make the subnet public with:

[andy@home-pc ~]$ aws ec2 associate-route-table --subnet-id subnet-02611e07a2f707c9a --route-table-id rtb-00ae80f48a64a935e

{

"AssociationId": "rtbassoc-04fb047967eb5878c",

"AssociationState": {

"State": "associated"

}

[andy@home-pc ~]$ aws ec2 associate-route-table --subnet-id subnet-02611e07a2f707c9a --route-table-id rtb-00ae80f48a64a935e { "AssociationId": "rtbassoc-04fb047967eb5878c", "AssociationState": { "State": "associated" } }

[andy@home-pc ~]$ aws ec2 associate-route-table --subnet-id subnet-02611e07a2f707c9a --route-table-id rtb-00ae80f48a64a935e
{
    "AssociationId": "rtbassoc-04fb047967eb5878c",
    "AssociationState": {
        "State": "associated"
    }
}

I also want all EC2 instances on this subnet to automatically have a public IP. You can do this with:

[andy@home-pc ~]$ aws ec2 modify-subnet-attribute --subnet-id subnet-02611e07a2f707c9a --map-public-ip-on-launch

[andy@home-pc ~]$ aws ec2 modify-subnet-attribute --subnet-id subnet-02611e07a2f707c9a --map-public-ip-on-launch

Create an EC2 Instance

If you don’t already have a kaypair, create one like so.

[andy@home-pc ~]$ aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem

[andy@home-pc ~]$ aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem

Restrict the permissions:

[andy@home-pc ~]$ chmod -v 600 MyKeyPair.pem

mode of 'MyKeyPair.pem' changed from 0644 (rw-r--r--) to 0600 (rw-------)

[andy@home-pc ~]$ chmod -v 600 MyKeyPair.pem mode of 'MyKeyPair.pem' changed from 0644 (rw-r--r--) to 0600 (rw-------)

[andy@home-pc ~]$ chmod -v 600 MyKeyPair.pem
mode of 'MyKeyPair.pem' changed from 0644 (rw-r--r--) to 0600 (rw-------)

Create a security group to allow SSH access from anywhere:

[andy@home-pc ~]$ aws ec2 create-security-group --group-name SSHAccess --description "Security group for SSH access" --vpc-id vpc-0a87343e757ab2111

{

"GroupId": "sg-0b58a2118aeb9a940"

}

[andy@home-pc ~]$ aws ec2 authorize-security-group-ingress --group-id sg-0b58a2118aeb9a940 --protocol tcp --port 22 --cidr 0.0.0.0/0

[andy@home-pc ~]$ aws ec2 create-security-group --group-name SSHAccess --description "Security group for SSH access" --vpc-id vpc-0a87343e757ab2111 { "GroupId": "sg-0b58a2118aeb9a940" } [andy@home-pc ~]$ aws ec2 authorize-security-group-ingress --group-id sg-0b58a2118aeb9a940 --protocol tcp --port 22 --cidr 0.0.0.0/0

[andy@home-pc ~]$ aws ec2 create-security-group --group-name SSHAccess --description "Security group for SSH access" --vpc-id vpc-0a87343e757ab2111
{
    "GroupId": "sg-0b58a2118aeb9a940"
}
[andy@home-pc ~]$ aws ec2 authorize-security-group-ingress --group-id sg-0b58a2118aeb9a940 --protocol tcp --port 22 --cidr 0.0.0.0/0

You might instead want to allow all traffic from your trusted public IP (if its static).

[andy@home-pc ~]$ aws ec2 authorize-security-group-ingress --group-id sg-0b58a2118aeb9a940 --ip-permissions IpProtocol=-1,IpRanges='[{CidrIp=xxx.xxx.xxx.xxx/32,Description="Office IP"}]'

[andy@home-pc ~]$ aws ec2 authorize-security-group-ingress --group-id sg-0b58a2118aeb9a940 --ip-permissions IpProtocol=-1,IpRanges='[{CidrIp=xxx.xxx.xxx.xxx/32,Description="Office IP"}]'

The below creates a Ubuntu 18.04 EC2 instance.

[andy@home-pc ~]$ aws ec2 run-instances --image-id ami-013f17f36f8b1fefb --count 1 --instance-type t2.micro --key-name MyKeyPair --security-group-ids sg-0b58a2118aeb9a940 --subnet-id subnet-02611e07a2f707c9a

[andy@home-pc ~]$ aws ec2 run-instances --image-id ami-013f17f36f8b1fefb --count 1 --instance-type t2.micro --key-name MyKeyPair --security-group-ids sg-0b58a2118aeb9a940 --subnet-id subnet-02611e07a2f707c9a

Give it a tag:

[andy@home-pc ~]$ aws ec2 create-tags --resources i-0b6b2b8f83e0fc323 --tags "Key=Name,Value=My Server"

[andy@home-pc ~]$ aws ec2 create-tags --resources i-0b6b2b8f83e0fc323 --tags "Key=Name,Value=My Server"

Now you should be able to SSH in with the following:

[andy@home-pc ~]$ ssh -i MyKeyPair.pem ubuntu@3.231.165.41 -p22

[andy@home-pc ~]$ ssh -i MyKeyPair.pem ubuntu@3.231.165.41 -p22

Delete Everything

Should you want to delete everything, here’s how. First delete the EC2 instance we just created.

[andy@home-pc ~]$ aws ec2 terminate-instances --instance-ids i-0b6b2b8f83e0fc323

[andy@home-pc ~]$ aws ec2 terminate-instances --instance-ids i-0b6b2b8f83e0fc323

Delete Route Table Entry

List all custom route table entries.

[andy@home-pc ~]$ aws ec2 describe-route-tables

[andy@home-pc ~]$ aws ec2 describe-route-tables

List specific entry.

[andy@home-pc ~]$ aws ec2 describe-route-tables --route-table-id rtb-0e62d812fd11be287

[andy@home-pc ~]$ aws ec2 describe-route-tables --route-table-id rtb-0e62d812fd11be287

Before you can delete the route table, you need to disassociate it with the IGW.

[andy@home-pc ~]$ aws ec2 disassociate-route-table --association-id rtbassoc-0cbf9269ba3f8ce3c

[andy@home-pc ~]$ aws ec2 disassociate-route-table --association-id rtbassoc-0cbf9269ba3f8ce3c

Delete the subnet:

[andy@home-pc ~]$ aws ec2 delete-route-table --route-table-id rtb-0e62d812fd11be287

[andy@home-pc ~]$ aws ec2 delete-route-table --route-table-id rtb-0e62d812fd11be287

Delete Security Group

You can list all your security groups with this command.

[andy@home-pc ~]$ aws ec2 describe-security-groups

[andy@home-pc ~]$ aws ec2 describe-security-groups

To list just the security group you created earlier, you can use the --group-id argument.

[andy@home-pc ~]$ aws ec2 describe-security-groups --group-ids sg-0a6e0a86035612a1c

[andy@home-pc ~]$ aws ec2 describe-security-groups --group-ids sg-0a6e0a86035612a1c

To delete it:

[andy@home-pc ~]$ aws ec2 delete-security-group --group-id sg-0a6e0a86035612a1c

[andy@home-pc ~]$ aws ec2 delete-security-group --group-id sg-0a6e0a86035612a1c

Delete Subnet

To list all subnets:

[andy@home-pc ~]$ aws ec2 describe-subnets

[andy@home-pc ~]$ aws ec2 describe-subnets

To list a specific subnet based on the subnet ID.

[andy@home-pc ~]$ aws ec2 describe-subnets --subnet-id subnet-0ea2d3b7324925a94

[andy@home-pc ~]$ aws ec2 describe-subnets --subnet-id subnet-0ea2d3b7324925a94

To delete the subnet.

[andy@home-pc ~]$ aws ec2 delete-subnet --subnet-id subnet-0ea2d3b7324925a94

[andy@home-pc ~]$ aws ec2 delete-subnet --subnet-id subnet-0ea2d3b7324925a94

Delete Internet Gateway

To delete the internet gateway, you first need to detach it from the VPC. You can list all internet gateways with the following.

[andy@home-pc ~]$ aws ec2 describe-internet-gateways

[andy@home-pc ~]$ aws ec2 describe-internet-gateways

And to list specific internet gateway:

[andy@home-pc ~]$ aws ec2 describe-internet-gateways --internet-gateway-id igw-0ddf5b91a87afcd36

[andy@home-pc ~]$ aws ec2 describe-internet-gateways --internet-gateway-id igw-0ddf5b91a87afcd36

You also need to get the VPC ID. You can list all VPC’s with the following.

[andy@home-pc ~]$ aws ec2 describe-vpcs

[andy@home-pc ~]$ aws ec2 describe-vpcs

And again, specific instances with the --vpc-id parameter.

[andy@home-pc ~]$ aws ec2 describe-vpcs --vpc-id vpc-0a5c9f049d3fd3fc6

[andy@home-pc ~]$ aws ec2 describe-vpcs --vpc-id vpc-0a5c9f049d3fd3fc6

Now you can detach the internet gateway from the VPC with:

[andy@home-pc ~]$ aws ec2 detach-internet-gateway --internet-gateway-id igw-0ddf5b91a87afcd36 --vpc-id vpc-0a5c9f049d3fd3fc6

[andy@home-pc ~]$ aws ec2 detach-internet-gateway --internet-gateway-id igw-0ddf5b91a87afcd36 --vpc-id vpc-0a5c9f049d3fd3fc6

Finally you can delete internet gateway.

[andy@home-pc ~]$ aws ec2 delete-internet-gateway --internet-gateway-id igw-0ddf5b91a87afcd36

[andy@home-pc ~]$ aws ec2 delete-internet-gateway --internet-gateway-id igw-0ddf5b91a87afcd36

Delete VPC

You should now be able to delete your VPC.

[andy@home-pc ~]$ aws ec2 delete-vpc --vpc-id vpc-0a5c9f049d3fd3fc6

[andy@home-pc ~]$ aws ec2 delete-vpc --vpc-id vpc-0a5c9f049d3fd3fc6

pikedom.com

Notes to future me...