料金

VPC自体の料金は無料。AWSサイト間のVPN接続やAWS PrivateLink、NAT Gatewayは料金が発生する。

マルチAZ構成のVPCを作成する

vpc.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
AWSTemplateFormatVersion: '2010-09-09'
Description: MultiAZ VPC

# ------------------------------------------------------------ #
# Input Parameters
# ------------------------------------------------------------ #
Parameters:
  VpcCidrBlock:
    Description: Vpc CIDR block
    Type: String
    Default: 10.0.0.0/16
  PublicSubnetCidrBlockA:
    Description: Vpc CIDR block
    Type: String
    Default: 10.0.0.0/24
  PublicSubnetCidrBlockB:
    Description: Vpc CIDR block
    Type: String
    Default: 10.0.1.0/24

Resources:
# ------------------------------------------------------------ #
# VPC
# ------------------------------------------------------------ #
  VPC:
    Type: "AWS::EC2::VPC"
    Properties:
      CidrBlock: !Ref VpcCidrBlock
      EnableDnsSupport: 'true'
      EnableDnsHostnames: 'true'
      InstanceTenancy: default
      Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-VPC"

  InternetGateway:
    Type: "AWS::EC2::InternetGateway"
    Properties:
      Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-igw"
  AttachInternetGateway:
    Type: "AWS::EC2::VPCGatewayAttachment"
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
  PublicRouteTable:
    Type: "AWS::EC2::RouteTable"
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: !Sub "${AWS::StackName}-rtb"
  PublicRoute:
    Type: "AWS::EC2::Route"
    DependsOn: InternetGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: "0.0.0.0/0"
      GatewayId: !Ref InternetGateway

  PublicSubnetA:
    Type: "AWS::EC2::Subnet"
    Properties:
      VpcId: !Ref VPC
      CidrBlock: !Ref PublicSubnetCidrBlockA
      AvailabilityZone: !Select [ "0", !GetAZs { "Ref": "AWS::Region" } ]
      MapPublicIpOnLaunch: true
  PublicSubnetARouteTableAssociation:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      SubnetId: !Ref PublicSubnetA
      RouteTableId: !Ref PublicRouteTable

  PublicSubnetB:
    Type: "AWS::EC2::Subnet"
    Properties:
      VpcId: !Ref VPC
      CidrBlock: !Ref PublicSubnetCidrBlockB
      AvailabilityZone: !Select [ "1", !GetAZs { "Ref": "AWS::Region" } ]
      MapPublicIpOnLaunch: true
  PublicSubnetBRouteTableAssociation:
    Type: "AWS::EC2::SubnetRouteTableAssociation"
    Properties:
      SubnetId: !Ref PublicSubnetB
      RouteTableId: !Ref PublicRouteTable

# ------------------------------------------------------------ #
# Output Parameters
# ------------------------------------------------------------ #
Outputs:
  myVPC:
    Value: !Ref VPC
  myVPCCidrBlock:
    Value: !GetAtt VPC.CidrBlock
    Description: VPC CidrBlock

  myPublicSubnetA:
    Value: !Ref PublicSubnetA
  myPublicSubnetAAvailabilityZone:
    Value: !GetAtt PublicSubnetA.AvailabilityZone
    Description: PublicSubnetA AvailabilityZone
  # CidrBlocksプロパティはないので入力パラメータをそのまま表示
  myPublicSubnetACidrBlock:
    Value: !Ref PublicSubnetCidrBlockA
    Description: PublicSubnetA Ipv4CidrBlocks
  #myPublicSubnetAIpv6CidrBlock:
  #  Value: !GetAtt PublicSubnetA.Ipv6CidrBlocks
  #  Description: PublicSubnetA Ipv6CidrBlocks

  myPublicSubnetB:
    Value: !Ref PublicSubnetB
  myPublicSubnetBAvailabilityZone:
    Value: !GetAtt PublicSubnetB.AvailabilityZone
    Description: PublicSubnetB AvailabilityZone
  # CidrBlocksプロパティはないので入力パラメータをそのまま表示
  myPublicSubnetBCidrBlock:
    Value: !Ref PublicSubnetCidrBlockB
    Description: PublicSubnetB Ipv4CidrBlocks
  #myPublicSubnetBIpv6CidrBlock:
  #  Value: !GetAtt PublicSubnetB.Ipv6CidrBlocks
  #  Description: PublicSubnetB Ipv6CidrBlocks

動的にAvailabilityZoneを選択する

GetAZsでリージョンを指定してAvailabilityZoneの一覧を取得し、Selectでそのうち1つを選択する。

1
AvailabilityZone: !Select [ "1", !GetAZs { "Ref": "AWS::Region" } ]

parameters.json

使用するIPアドレス範囲を指定する。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[
    {
        "ParameterKey": "VpcCidrBlock",
        "ParameterValue": "192.168.0.0/16"
    },
    {
        "ParameterKey": "PublicSubnetCidrBlockA",
        "ParameterValue": "192.168.100.0/24"
    },
    {
        "ParameterKey": "PublicSubnetCidrBlockB",
        "ParameterValue": "192.168.200.0/24"
    }
]

VPCの作成

GetAZで選択されたAvailabilityZoneとして異なるap-northeast-1aap-northeast-1cのサブネットが作成されている。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
$ aws cloudformation describe-stacks | jq -r '.Stacks[].Outputs | sort_by(.OutputKey) | .[]'
{
  "OutputKey": "myPublicSubnetA",
  "OutputValue": "subnet-06d47dfd5fe6621a2"
}
{
  "OutputKey": "myPublicSubnetAAvailabilityZone",
  "OutputValue": "ap-northeast-1a",
  "Description": "PublicSubnetA AvailabilityZone"
}
{
  "OutputKey": "myPublicSubnetACidrBlock",
  "OutputValue": "192.168.100.0/24",
  "Description": "PublicSubnetA Ipv4CidrBlocks"
}
{
  "OutputKey": "myPublicSubnetB",
  "OutputValue": "subnet-07d0e41e7633178cf"
}
{
  "OutputKey": "myPublicSubnetBAvailabilityZone",
  "OutputValue": "ap-northeast-1c",
  "Description": "PublicSubnetB AvailabilityZone"
}
{
  "OutputKey": "myPublicSubnetBCidrBlock",
  "OutputValue": "192.168.200.0/24",
  "Description": "PublicSubnetB Ipv4CidrBlocks"
}
{
  "OutputKey": "myVPC",
  "OutputValue": "vpc-0cd9bbdf94a983c47"
}
{
  "OutputKey": "myVPCCidrBlock",
  "OutputValue": "192.168.0.0/16",
  "Description": "VPC CidrBlock"
}

利用可能なAvailabilityZone

aws-cliaws ec2 describe-availability-zonesで確認できる。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
$ aws ec2 describe-availability-zones
{
    "AvailabilityZones": [
        {
            "State": "available",
            "OptInStatus": "opt-in-not-required",
            "Messages": [],
            "RegionName": "ap-northeast-1",
            "ZoneName": "ap-northeast-1a",
            "ZoneId": "apne1-az4",
            "GroupName": "ap-northeast-1",
            "NetworkBorderGroup": "ap-northeast-1"
        },
        {
            "State": "available",
            "OptInStatus": "opt-in-not-required",
            "Messages": [],
            "RegionName": "ap-northeast-1",
            "ZoneName": "ap-northeast-1c",
            "ZoneId": "apne1-az1",
            "GroupName": "ap-northeast-1",
            "NetworkBorderGroup": "ap-northeast-1"
        },
        {
            "State": "available",
            "OptInStatus": "opt-in-not-required",
            "Messages": [],
            "RegionName": "ap-northeast-1",
            "ZoneName": "ap-northeast-1d",
            "ZoneId": "apne1-az2",
            "GroupName": "ap-northeast-1",
            "NetworkBorderGroup": "ap-northeast-1"
        }
    ]
}