Skip to content

Instantly share code, notes, and snippets.

@kudosqujo
Created September 22, 2022 00:13
[AWS CLI Routing & ACLs] #aws #vpc #acl #tutorial
# Create internet gateways, route tables, and corresponding ACLs in AWS VPC to secure our network.
# create internet gateway
aws ec2 create-internet-gateway
# attach internet gateway to a vpc
aws ec2 attach-internet-gateway --internet-gateway-id igw-06604b3e --vpc-id vpc-ad6bd2f7
# create a route table
aws ec2 create-route-table --vpc-id vpc-ad6bd2f7
# create a route rule so that all of the internet will be available
aws ec2 create-route --route-table-id rtb-79c2bb62 --gateway-id igw-06604b3e --destination-cidr-block 0.0.0.0/0
# describe subnets
aws ec2 describe-subnets
# associate route table with a non-default subnet
aws ec2 associate-route-table --route-table-id rtb-79c2bb62 --subnet-id subnet-d5c3bf59
# describe network ACLs
aws ec2 describe-network-acls
# delete default ingress rule allowing all incoming traffic
aws ec2 delete-network-acl-entry --network-acl-id acl-e11740f9 --rule-number 100 --ingress
# create a new ingress rule that allows incoming TCP traffic through port 80
aws ec2 create-network-acl-entry --network-acl-id acl-e11740f9 --protocol tcp --rule-action allow --rule-number 100 --ingress --cidr-block 0.0.0.0/0 --port-range From=80,To=80
# delete default egress rule allowing all outgoing traffic
aws ec2 delete-network-acl-entry --network-acl-id acl-e11740f9 --rule-number 100 --egress
# create a new egress rule that allows outgoing TCP traffic over port 80
aws ec2 create-network-acl-entry --network-acl-id acl-e11740f9 --protocol tcp --rule-action allow --rule-number 100 --egress --cidr-block 0.0.0.0/0 --port-range From=80,To=80
# create a new ingress & egress rules allowing incoming & outgoing HTTPS traffic over port 443
aws ec2 create-network-acl-entry --network-acl-id acl-e11740f9 --protocol tcp --rule-action allow --rule-number 101 --ingress --cidr-block 0.0.0.0/0 --port-range From=443,To=443
aws ec2 create-network-acl-entry --network-acl-id acl-e11740f9 --protocol tcp --rule-action allow --rule-number 101 --egress --cidr-block 0.0.0.0/0 --port-range From=443,To=443
# create a new ingress rule that allows incoming SSH traffic over port 22 from IPs in the /32 cidr range so we can configure our VPC in the future
aws ec2 create-network-acl-entry --network-acl-id acl-e11740f9 --protocol tcp --rule-action allow --rule-number 102 --ingress --cidr-block 0.0.0.0/32 --port-range From=22,To=22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment