Infrastucture as Code using Python 3: part 1 creating and managing VPCs
In my endeavours to see a valid, up to date tutorial on using and managing VPCs using Python3 and Boto3 I failed to find much out there.
The key parts to a working VPC
The key parts for a practical and working VPC is the following:
- Reasonable Internet Gateway
- Route Table
- Any peering connections
Full example
Here is a full example snippet of creating a VPC from scratch below:
import boto3
# create a session
session = boto3.Session(profile_name='<your_profile_name>')
# get the client for EC2
ec2 = session.client('ec2')
# create a VPC
vpc = ec2.create_vpc(CidrBlock='10.0.0.0/16')
vpc_id = vpc['Vpc']['VpcId']
# create a route table
route_table = ec2.create_route_table(VpcId=vpc_id)
route_table_id = route_table['RouteTable']['RouteTableId']
# create an internet gateway
internet_gateway = ec2.create_internet_gateway()
internet_gateway_id = internet_gateway['InternetGateway']['InternetGatewayId']
# attach the internet gateway to the VPC
ec2.attach_internet_gateway(InternetGatewayId=internet_gateway_id, VpcId=vpc_id)
# create a default route to the internet gateway
ec2.create_route(RouteTableId=route_table_id, DestinationCidrBlock='0.0.0.0/0', GatewayId=internet_gateway_id)
Creating a peering connection
It’s possible to also create any applicable peering connections to any other VPCs as required. More info is Available Here)
Here is a sample of some code to create a simple peering connection in AWS, using the ‘Values’ section to change to the VPC name:
import boto3
# create a client object for EC2
ec2 = boto3.client('ec2')
# get the ID of the requester VPC
requester_vpc_id = ec2.describe_vpcs(Filters=[{'Name': 'tag:Name', 'Values': ['requester-vpc']}])['Vpcs'][0]['VpcId']
# get the ID of the accepter Vpc
accepter_vpc_id = ec2.describe_vpcs(Filters=[{'Name': 'tag:Name', 'Values': ['accepter-vpc']}])['Vpcs'][0]['VpcId']
# create the VPC peering connection
response = ec2.create_vpc_peering_connection(
PeerVpcId=accepter_vpc_id,
VpcId=requester_vpc_id,
PeerRegion='us-west-2'
)
# get the VPC peering connection ID
peering_connection_id = response['VpcPeeringConnection']['VpcPeeringConnectionId']
# accept the VPC peering connection
ec2.accept_vpc_peering_connection(VpcPeeringConnectionId=peering_connection_id)
In the code here, two VPCs with names “requester-vpc” and “accepter-vpc” are selected, and a VPC peering connection is created between them. The create_vpc_peering_connection boto3 method is used to initiate the VPC peering connection, and the accept_vpc_peering_connection boto3 method is used to accept it.
VPC endpoints
VPC endpoints in AWS allow you to access AWS services from within your VPC without the need for a public internet connection or a NAT gateway.
Here is a code sample of this using boto3 again:
import boto3
# Connect to the VPC endpoint
vpc = boto3.client('ec2')
# Create a VPC endpoint
response = vpc.create_vpc_endpoint(
VpcId='vpc-12345678',
ServiceName='com.amazonaws.us-west-2.s3',
PolicyDocument='{"Version": "2012-10-17","Statement": [{"Action": "*","Effect": "Allow","Resource": "*","Principal": "*"}]}',
RouteTableIds=['rtb-12345678']
)
# Get the endpoint ID
endpoint_id = response['VpcEndpoint']['VpcEndpointId']
# Wait for the endpoint to become available
vpc.get_waiter('vpc_endpoint_available').wait(VpcEndpointIds=[endpoint_id])
# Create a route table
response = vpc.create_route_table(VpcId='vpc-12345678')
# Get the route table ID
route_table_id = response['RouteTable']['RouteTableId']
# Create a route
vpc.create_route(
DestinationCidrBlock='0.0.0.0/0',
RouteTableId=route_table_id,
VpcEndpointId=endpoint_id
)
In the above code, we created the VPC endpoint to S3 in US-WEST-2 and created the relevant route table, which we discussed the importance of above.
Conclusion
In conclusion this tutorial was designed to show you a brief introduction into creating VPCs with Boto3 and the AWS SDK in Python. I hope you have been able to copy and paste the concepts here to use in your own projects.
For more tutorials please check out the tag links below: