Launch ECS container using AWS CLI - Step 1 - Network Setup
Setup network infrastructure including new VPC (Virtual Private Cloud), public and private subnets, internet gateway, security group, and ssh access.
This is part of a multi-post thread involving these steps:
- Network Setup (this post)
- Launch EC2 Instance
- Create Docker Image
- Create Service
- Cleanup
Make sure you do this setup first:
Define names
# VPC
vpc="vpc-ecs"
# Subnets
subnet_1="subnet-ecs-1"
subnet_2="subnet-ecs-2"
# Internet Gateway
internet_gateway="igw-ecs"
# Route Table
route_table="rtb-ecs"
# Security Group
security_group="security-ecs"
# instance
instance="instance-ecs"
# SSH access key
key="aws-ecs-key"
Create VPC
# VPC
echo "Create a VPC (Virtual Private Cloud) ..."
aws ec2 create-vpc \
--cidr-block 10.0.0.0/16 \
--tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value='$vpc'}]'
vpc_id=$(aws ec2 describe-vpcs --filters Name=tag:Name,Values=$vpc | jq -r '.Vpcs[0].VpcId')
Create Subnets
Create 2 subnets in the VPC. First subnet will be our public interface. The second subnet will be private.
# Subnets
echo "Create subnet 1 ..."
aws ec2 create-subnet \
--vpc-id $vpc_id \
--cidr-block 10.0.0.0/24 \
--availability-zone us-west-2a \
--tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value='$subnet_1'}]'
subnet_1_id=$(aws ec2 describe-subnets --filters Name=tag:Name,Values=$subnet_1 | jq -r '.Subnets[0].SubnetId')
echo "Create subnet 2 ..."
aws ec2 create-subnet \
--vpc-id $vpc_id \
--cidr-block 10.0.1.0/24 \
--availability-zone us-west-2a \
--tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value='$subnet_2'}]'
subnet_2_id=$(aws ec2 describe-subnets --filters Name=tag:Name,Values=$subnet_2 | jq -r '.Subnets[0].SubnetId')
## Automatically assign Elastic IP address after launch to all instances in subnet 1
aws ec2 modify-subnet-attribute --subnet-id $subnet_1_id --map-public-ip-on-launch
Create Internet Gateway
Create an Internet gateway and attach it to the VPC. An internet gateway allows communication between your VPC and the Internet:
# Internet Gateway
echo "Create Internet Gateway ..."
aws ec2 create-internet-gateway \
--tag-specifications 'ResourceType=internet-gateway,Tags=[{Key=Name,Value='$internet_gateway'}]'
internet_gateway_id=$(aws ec2 describe-internet-gateways --filters Name=tag:Name,Values=$internet_gateway | jq -r '.InternetGateways[0].InternetGatewayId')
## Attach to VPC
aws ec2 attach-internet-gateway --vpc-id $vpc_id --internet-gateway-id $internet_gateway_id
Create Route Table
Create a route table, associate it with the public subnet, and add a route to allow all traffic to the Internet gateway.
# Route Table
echo "Create Route Table ..."
aws ec2 create-route-table \
--vpc-id $vpc_id \
--tag-specifications 'ResourceType=route-table,Tags=[{Key=Name,Value='$route_table'}]'
route_table_id=$(aws ec2 describe-route-tables --filters Name=tag:Name,Values=$route_table | jq -r '.RouteTables[0].RouteTableId')
## Associate with a subnet
aws ec2 associate-route-table --subnet-id $subnet_1_id --route-table-id $route_table_id
## Create a route in the route table that points all traffic (`0.0.0.0/0`) to the Internet gateway:
aws ec2 create-route \
--route-table-id $route_table_id \
--gateway-id $internet_gateway_id \
--destination-cidr-block 0.0.0.0/0
Create Security Group
A security group controls the traffic that is allowed to reach and leave the resources that it is associated with. For example, after you associate a security group with a VPC, it controls the inbound and outbound traffic for the instances in the VPC.
# Security Group
echo "Create a Security Group ..."
aws ec2 create-security-group \
--group-name $security_group \
--description "Security group for instance access" \
--vpc-id $vpc_id \
--tag-specifications 'ResourceType=security-group,Tags=[{Key=Name,Value='$security_group'}]'
Allow SSH Connections
This is done by adding an ingress rule to the Security Group: