{VPC}例: AWS CLI を使用して IPv6 VPC とサブネットを作成

https://docs.aws.amazon.com/ja_jp/vpc/latest/userguide/vpc-subnets-commands-example-ipv6.html


-- 1. コマンド等のインストール

-- 1.1 aws cli version 2 インストール

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

aws --version


-- 2. VPC とサブネットを作成する

aws ec2 create-vpc \
--cidr-block 10.0.0.0/16 \
--amazon-provided-ipv6-cidr-block

aws ec2 describe-vpcs

aws ec2 describe-vpcs --vpc-id vpc-11111111111111111


aws ec2 create-subnet \
--vpc-id vpc-11111111111111111 \
--cidr-block 10.0.0.0/24 \
--ipv6-cidr-block 2001:db8:1234:1a00::/64

aws ec2 create-subnet \
--vpc-id vpc-11111111111111111 \
--cidr-block 10.0.1.0/24 \
--ipv6-cidr-block 2001:db8:1234:1a01::/64

aws ec2 describe-subnets

 

-- 3. パブリックサブネットを設定する

aws ec2 create-internet-gateway
aws ec2 describe-internet-gateways


aws ec2 attach-internet-gateway \
--vpc-id vpc-11111111111111111 \
--internet-gateway-id igw-11111111111111111


aws ec2 create-route-table --vpc-id vpc-11111111111111111

aws ec2 create-route \
--route-table-id rtb-11111111111111111 \
--destination-ipv6-cidr-block ::/0 \
--gateway-id igw-11111111111111111

aws ec2 describe-route-tables
aws ec2 describe-route-tables --route-table-id rtb-11111111111111111

aws ec2 describe-subnets \
--filters "Name=vpc-id,Values=vpc-11111111111111111" \
--query "Subnets[*].{id:SubnetId,IPv4CIDR:CidrBlock,IPv6CIDR:Ipv6CidrBlockAssociationSet[*].Ipv6CidrBlock}"

aws ec2 associate-route-table  \
--subnet-id subnet-11111111111111111 \
--route-table-id rtb-11111111111111111

 

-- 4. Egress-Only プライベートサブネットを設定する

aws ec2 create-egress-only-internet-gateway --vpc-id vpc-11111111111111111

aws ec2 describe-egress-only-internet-gateways

aws ec2 create-route-table --vpc-id vpc-11111111111111111

aws ec2 create-route \
--route-table-id rtb-22222222222222222 \
--destination-ipv6-cidr-block ::/0 \
--egress-only-internet-gateway-id eigw-11111111111111111

aws ec2 describe-subnets \
--filters "Name=vpc-id,Values=vpc-11111111111111111" \
--query "Subnets[*].{id:SubnetId,IPv4CIDR:CidrBlock,IPv6CIDR:Ipv6CidrBlockAssociationSet[*].Ipv6CidrBlock}"

aws ec2 associate-route-table \
--subnet-id subnet-22222222222222222 \
--route-table-id rtb-22222222222222222

 


-- 5. サブネットの IPv6 アドレス動作を変更する

aws ec2 modify-subnet-attribute \
--subnet-id subnet-11111111111111111 \
--assign-ipv6-address-on-creation

aws ec2 modify-subnet-attribute \
--subnet-id subnet-22222222222222222 \
--assign-ipv6-address-on-creation

 

-- 6. パブリックサブネット内にインスタンスを起動する

aws ec2 create-key-pair \
--key-name MyKeyPair \
--query "KeyMaterial" \
--output text > MyKeyPair.pem

aws ec2 describe-key-pairs
aws ec2 describe-key-pairs --key-name MyKeyPair

chmod 400 MyKeyPair.pem

 

aws ec2 create-security-group \
--group-name SSHAccess \
--description "Security group for SSH access" \
--vpc-id vpc-11111111111111111

aws ec2 authorize-security-group-ingress \
--group-id sg-11111111111111111 \
--ip-permissions '[{"IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "Ipv6Ranges": [{"CidrIpv6": "::/0"}]}]'

aws ec2 run-instances \
--image-id ami-0404778e217f54308 \
--instance-type t3.nano \
--key-name MyKeyPair \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=instance01}]' \
--instance-market-options '{"MarketType": "spot","SpotOptions": {"SpotInstanceType": "one-time"}}' \
--security-group-ids sg-11111111111111111 \
--subnet-id subnet-11111111111111111

 

ssh -i "MyKeyPair.pem" ec2-user@2001:db8:1234:1a00:123

 


-- 7. プライベートサブネット内にインスタンスを起動する

aws ec2 create-security-group \
--group-name SSHAccessRestricted \
--description "Security group for SSH access from bastion" \
--vpc-id vpc-11111111111111111

aws ec2 authorize-security-group-ingress \
--group-id sg-22222222222222222 \
--ip-permissions '[{"IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "Ipv6Ranges": [{"CidrIpv6": "2001:db8:1234:1a00::/64"}]}]'

aws ec2 authorize-security-group-ingress \
--group-id sg-22222222222222222 \
--ip-permissions '[{"IpProtocol": "58", "FromPort": -1, "ToPort": -1, "Ipv6Ranges": [{"CidrIpv6": "::/0"}]}]'

aws ec2 run-instances \
--image-id ami-0404778e217f54308 \
--instance-type t3.nano \
--key-name MyKeyPair \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=instance02}]' \
--instance-market-options '{"MarketType": "spot","SpotOptions": {"SpotInstanceType": "one-time"}}' \
--security-group-ids sg-22222222222222222 \
--subnet-id subnet-22222222222222222


eval `ssh-agent`
ssh-add MyKeyPair.pem
ssh -A ec2-user@2001:db8:1234:1a00:123

ssh ec2-user@2001:db8:1234:1a01:456

ping6 -n ietf.org

 


-- 8. クリーンアップ

-- EC2インスタンスの削除
aws ec2 describe-instances

aws ec2 terminate-instances --instance-ids i-11111111111111111
aws ec2 terminate-instances --instance-ids i-22222222222222222

-- キーペアの削除

aws ec2 describe-key-pairs

aws ec2 delete-key-pair --key-name MyKeyPair

 

-- セキュリティグループの削除

aws ec2 delete-security-group --group-id sg-11111111111111111
aws ec2 delete-security-group --group-id sg-22222222222222222

-- サブネットの削除

aws ec2 delete-subnet --subnet-id subnet-11111111111111111
aws ec2 delete-subnet --subnet-id subnet-22222222222222222


-- ルートテーブルの削除

aws ec2 delete-route-table --route-table-id rtb-11111111111111111
aws ec2 delete-route-table --route-table-id rtb-22222222222222222

-- インターネットゲートウェイの削除
aws ec2 detach-internet-gateway \
--internet-gateway-id igw-11111111111111111 \
--vpc-id vpc-11111111111111111

aws ec2 delete-internet-gateway --internet-gateway-id igw-11111111111111111


-- Egress-Only インターネットゲートウェイの削除
aws ec2 delete-egress-only-internet-gateway  --egress-only-internet-gateway-id eigw-11111111111111111

-- VPCの削除
aws ec2 delete-vpc --vpc-id vpc-11111111111111111
aws ec2 describe-vpcs