Created
September 22, 2022 00:13
[AWS CLI Routing & ACLs] #aws #vpc #acl #tutorial
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create internet gateways, route tables, and corresponding ACLs in AWS VPC to secure our network. | |
# create internet gateway | |
aws ec2 create-internet-gateway | |
# attach internet gateway to a vpc | |
aws ec2 attach-internet-gateway --internet-gateway-id igw-06604b3e --vpc-id vpc-ad6bd2f7 | |
# create a route table | |
aws ec2 create-route-table --vpc-id vpc-ad6bd2f7 | |
# create a route rule so that all of the internet will be available | |
aws ec2 create-route --route-table-id rtb-79c2bb62 --gateway-id igw-06604b3e --destination-cidr-block 0.0.0.0/0 | |
# describe subnets | |
aws ec2 describe-subnets | |
# associate route table with a non-default subnet | |
aws ec2 associate-route-table --route-table-id rtb-79c2bb62 --subnet-id subnet-d5c3bf59 | |
# describe network ACLs | |
aws ec2 describe-network-acls | |
# delete default ingress rule allowing all incoming traffic | |
aws ec2 delete-network-acl-entry --network-acl-id acl-e11740f9 --rule-number 100 --ingress | |
# create a new ingress rule that allows incoming TCP traffic through port 80 | |
aws ec2 create-network-acl-entry --network-acl-id acl-e11740f9 --protocol tcp --rule-action allow --rule-number 100 --ingress --cidr-block 0.0.0.0/0 --port-range From=80,To=80 | |
# delete default egress rule allowing all outgoing traffic | |
aws ec2 delete-network-acl-entry --network-acl-id acl-e11740f9 --rule-number 100 --egress | |
# create a new egress rule that allows outgoing TCP traffic over port 80 | |
aws ec2 create-network-acl-entry --network-acl-id acl-e11740f9 --protocol tcp --rule-action allow --rule-number 100 --egress --cidr-block 0.0.0.0/0 --port-range From=80,To=80 | |
# create a new ingress & egress rules allowing incoming & outgoing HTTPS traffic over port 443 | |
aws ec2 create-network-acl-entry --network-acl-id acl-e11740f9 --protocol tcp --rule-action allow --rule-number 101 --ingress --cidr-block 0.0.0.0/0 --port-range From=443,To=443 | |
aws ec2 create-network-acl-entry --network-acl-id acl-e11740f9 --protocol tcp --rule-action allow --rule-number 101 --egress --cidr-block 0.0.0.0/0 --port-range From=443,To=443 | |
# create a new ingress rule that allows incoming SSH traffic over port 22 from IPs in the /32 cidr range so we can configure our VPC in the future | |
aws ec2 create-network-acl-entry --network-acl-id acl-e11740f9 --protocol tcp --rule-action allow --rule-number 102 --ingress --cidr-block 0.0.0.0/32 --port-range From=22,To=22 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment