Getting Started with AWS using the AWS CLI

In a previous article I demonstrated how to get started with AWS by creating a public IPv4 VPC and subnet before creating a new EC2 instance. In this article, I’ll demonstrate how the same can be done using the AWS CLI.

This article assumes you have already installed and configured the AWS CLI. You can follow one of my previous guides depending on whether you use Ubuntu, CentOS or an Arch variant.

Create a VPC

[[email protected] ~]$ aws ec2 create-vpc --cidr-block

To give it a tag, use the VpcId from the above output with the create-tags command.

[[email protected] ~]$ aws ec2 create-tags --resources vpc-0a87343e757ab2111 --tags "Key=Name,Value=default-vpc"

Create a Subnet

[[email protected] ~]$ aws ec2 create-subnet --vpc-id vpc-0a87343e757ab2111 --cidr-block

Create the tag with:

[[email protected] ~]$ aws ec2 create-tags --resources subnet-02611e07a2f707c9a --tags "Key=Name,Value=subnet-000-pikedom"

Create an Internet Gateway

[[email protected] ~]$ aws ec2 create-internet-gateway

To give it a name, add a tag like so:

[[email protected] ~]$ aws ec2 create-tags --resources igw-08a69c59e92515b98 --tags "Key=Name,Value=default-internet-gw"

Attach the internet gateway to the VPC.

[[email protected] ~]$ aws ec2 attach-internet-gateway --vpc-id vpc-0a87343e757ab2111 --internet-gateway-id igw-08a69c59e92515b98

Add a Default Route to the Internet

[[email protected] ~]$ aws ec2 create-route-table --vpc-id vpc-0a87343e757ab2111

Give it a tag.

[[email protected] ~]$ aws ec2 create-tags --resources rtb-00ae80f48a64a935e --tags "Key=Name,Value=default-routing-table"

Then create a route the points all traffic the internet.

[[email protected] ~]$ aws ec2 create-route --route-table-id rtb-00ae80f48a64a935e --destination-cidr-block --gateway-id igw-08a69c59e92515b98
    "Return": true

Check everything looks okay with the following command.

[[email protected] ~]$ aws ec2 describe-route-tables --route-table-id rtb-00ae80f48a64a935e

Make the subnet public with:

[[email protected] ~]$ aws ec2 associate-route-table --subnet-id subnet-02611e07a2f707c9a --route-table-id rtb-00ae80f48a64a935e
    "AssociationId": "rtbassoc-04fb047967eb5878c",
    "AssociationState": {
        "State": "associated"

I also want all EC2 instances on this subnet to automatically have a public IP. You can do this with:

[[email protected] ~]$ aws ec2 modify-subnet-attribute --subnet-id subnet-02611e07a2f707c9a --map-public-ip-on-launch

Create an EC2 Instance

If you don’t already have a kaypair, create one like so.

[[email protected] ~]$ aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem

Restrict the permissions:

[[email protected] ~]$ chmod -v 600 MyKeyPair.pem
mode of 'MyKeyPair.pem' changed from 0644 (rw-r--r--) to 0600 (rw-------)

Create a security group to allow SSH access from anywhere:

[[email protected] ~]$ aws ec2 create-security-group --group-name SSHAccess --description "Security group for SSH access" --vpc-id vpc-0a87343e757ab2111
    "GroupId": "sg-0b58a2118aeb9a940"
[[email protected] ~]$ aws ec2 authorize-security-group-ingress --group-id sg-0b58a2118aeb9a940 --protocol tcp --port 22 --cidr

You might instead want to allow all traffic from your trusted public IP (if its static).

[[email protected] ~]$ aws ec2 authorize-security-group-ingress --group-id sg-0b58a2118aeb9a940 --ip-permissions IpProtocol=-1,IpRanges='[{,Description="Office IP"}]'

The below creates a Ubuntu 18.04 EC2 instance.

[[email protected] ~]$ aws ec2 run-instances --image-id ami-013f17f36f8b1fefb --count 1 --instance-type t2.micro --key-name MyKeyPair --security-group-ids sg-0b58a2118aeb9a940 --subnet-id subnet-02611e07a2f707c9a

Give it a tag:

[[email protected] ~]$ aws ec2 create-tags --resources i-0b6b2b8f83e0fc323 --tags "Key=Name,Value=My Server"

Now you should be able to SSH in with the following:

[[email protected] ~]$ ssh -i MyKeyPair.pem [email protected] -p22

Delete Everything

Should you want to delete everything, here’s how. First delete the EC2 instance we just created.

[[email protected] ~]$ aws ec2 terminate-instances --instance-ids i-0b6b2b8f83e0fc323

Delete Route Table Entry

List all custom route table entries.

[[email protected] ~]$ aws ec2 describe-route-tables

List specific entry.

[[email protected] ~]$ aws ec2 describe-route-tables --route-table-id rtb-0e62d812fd11be287

Before you can delete the route table, you need to disassociate it with the IGW.

[[email protected] ~]$ aws ec2 disassociate-route-table --association-id rtbassoc-0cbf9269ba3f8ce3c

Delete the subnet:

[[email protected] ~]$ aws ec2 delete-route-table --route-table-id rtb-0e62d812fd11be287

Delete Security Group

You can list all your security groups with this command.

[[email protected] ~]$ aws ec2 describe-security-groups

To list just the security group you created earlier, you can use the --group-id argument.

[[email protected] ~]$ aws ec2 describe-security-groups --group-ids sg-0a6e0a86035612a1c

To delete it:

[[email protected] ~]$ aws ec2 delete-security-group --group-id sg-0a6e0a86035612a1c

Delete Subnet

To list all subnets:

[[email protected] ~]$ aws ec2 describe-subnets

To list a specific subnet based on the subnet ID.

[[email protected] ~]$ aws ec2 describe-subnets --subnet-id subnet-0ea2d3b7324925a94

To delete the subnet.

[[email protected] ~]$ aws ec2 delete-subnet --subnet-id subnet-0ea2d3b7324925a94

Delete Internet Gateway

To delete the internet gateway, you first need to detach it from the VPC. You can list all internet gateways with the following.

[[email protected] ~]$ aws ec2 describe-internet-gateways

And to list specific internet gateway:

[[email protected] ~]$ aws ec2 describe-internet-gateways --internet-gateway-id igw-0ddf5b91a87afcd36

You also need to get the VPC ID. You can list all VPC’s with the following.

[[email protected] ~]$ aws ec2 describe-vpcs

And again, specific instances with the --vpc-id parameter.

[[email protected] ~]$ aws ec2 describe-vpcs --vpc-id vpc-0a5c9f049d3fd3fc6

Now you can detach the internet gateway from the VPC with:

[[email protected] ~]$ aws ec2 detach-internet-gateway --internet-gateway-id igw-0ddf5b91a87afcd36 --vpc-id vpc-0a5c9f049d3fd3fc6

Finally you can delete internet gateway.

[[email protected] ~]$ aws ec2 delete-internet-gateway --internet-gateway-id igw-0ddf5b91a87afcd36

Delete VPC

You should now be able to delete your VPC.

[[email protected] ~]$ aws ec2 delete-vpc --vpc-id vpc-0a5c9f049d3fd3fc6

Be the first to comment

Leave a Reply