料金

VPC自体の料金は無料。AWSサイト間のVPN接続やAWS PrivateLink、NAT Gatewayは料金が発生する。

マルチAZ構成のVPCを作成する

vpc.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
AWSTemplateFormatVersion: '2010-09-09'
Description: MultiAZ VPC

# ------------------------------------------------------------ #
# Input Parameters
# ------------------------------------------------------------ #
Parameters:
VpcCidrBlock:
Description: Vpc CIDR block
Type: String
Default: 10.0.0.0/16
PublicSubnetCidrBlockA:
Description: Vpc CIDR block
Type: String
Default: 10.0.0.0/24
PublicSubnetCidrBlockB:
Description: Vpc CIDR block
Type: String
Default: 10.0.1.0/24

Resources:
# ------------------------------------------------------------ #
# VPC
# ------------------------------------------------------------ #
VPC:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: !Ref VpcCidrBlock
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
InstanceTenancy: default
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-VPC"

InternetGateway:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-igw"
AttachInternetGateway:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicRouteTable:
Type: "AWS::EC2::RouteTable"
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-rtb"
PublicRoute:
Type: "AWS::EC2::Route"
DependsOn: InternetGateway
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: "0.0.0.0/0"
GatewayId: !Ref InternetGateway

PublicSubnetA:
Type: "AWS::EC2::Subnet"
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref PublicSubnetCidrBlockA
AvailabilityZone: !Select [ "0", !GetAZs { "Ref": "AWS::Region" } ]
MapPublicIpOnLaunch: true
PublicSubnetARouteTableAssociation:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
SubnetId: !Ref PublicSubnetA
RouteTableId: !Ref PublicRouteTable

PublicSubnetB:
Type: "AWS::EC2::Subnet"
Properties:
VpcId: !Ref VPC
CidrBlock: !Ref PublicSubnetCidrBlockB
AvailabilityZone: !Select [ "1", !GetAZs { "Ref": "AWS::Region" } ]
MapPublicIpOnLaunch: true
PublicSubnetBRouteTableAssociation:
Type: "AWS::EC2::SubnetRouteTableAssociation"
Properties:
SubnetId: !Ref PublicSubnetB
RouteTableId: !Ref PublicRouteTable

# ------------------------------------------------------------ #
# Output Parameters
# ------------------------------------------------------------ #
Outputs:
myVPC:
Value: !Ref VPC
myVPCCidrBlock:
Value: !GetAtt VPC.CidrBlock
Description: VPC CidrBlock

myPublicSubnetA:
Value: !Ref PublicSubnetA
myPublicSubnetAAvailabilityZone:
Value: !GetAtt PublicSubnetA.AvailabilityZone
Description: PublicSubnetA AvailabilityZone
# CidrBlocksプロパティはないので入力パラメータをそのまま表示
myPublicSubnetACidrBlock:
Value: !Ref PublicSubnetCidrBlockA
Description: PublicSubnetA Ipv4CidrBlocks
#myPublicSubnetAIpv6CidrBlock:
# Value: !GetAtt PublicSubnetA.Ipv6CidrBlocks
# Description: PublicSubnetA Ipv6CidrBlocks

myPublicSubnetB:
Value: !Ref PublicSubnetB
myPublicSubnetBAvailabilityZone:
Value: !GetAtt PublicSubnetB.AvailabilityZone
Description: PublicSubnetB AvailabilityZone
# CidrBlocksプロパティはないので入力パラメータをそのまま表示
myPublicSubnetBCidrBlock:
Value: !Ref PublicSubnetCidrBlockB
Description: PublicSubnetB Ipv4CidrBlocks
#myPublicSubnetBIpv6CidrBlock:
# Value: !GetAtt PublicSubnetB.Ipv6CidrBlocks
# Description: PublicSubnetB Ipv6CidrBlocks

動的にAvailabilityZoneを選択する

GetAZsでリージョンを指定してAvailabilityZoneの一覧を取得し、Selectでそのうち1つを選択する。

1
AvailabilityZone: !Select [ "1", !GetAZs { "Ref": "AWS::Region" } ]

parameters.json

使用するIPアドレス範囲を指定する。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[
{
"ParameterKey": "VpcCidrBlock",
"ParameterValue": "192.168.0.0/16"
},
{
"ParameterKey": "PublicSubnetCidrBlockA",
"ParameterValue": "192.168.100.0/24"
},
{
"ParameterKey": "PublicSubnetCidrBlockB",
"ParameterValue": "192.168.200.0/24"
}
]

VPCの作成

GetAZで選択されたAvailabilityZoneとして異なるap-northeast-1aap-northeast-1cのサブネットが作成されている。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
$ aws cloudformation describe-stacks | jq -r '.Stacks[].Outputs | sort_by(.OutputKey) | .[]'
{
"OutputKey": "myPublicSubnetA",
"OutputValue": "subnet-06d47dfd5fe6621a2"
}
{
"OutputKey": "myPublicSubnetAAvailabilityZone",
"OutputValue": "ap-northeast-1a",
"Description": "PublicSubnetA AvailabilityZone"
}
{
"OutputKey": "myPublicSubnetACidrBlock",
"OutputValue": "192.168.100.0/24",
"Description": "PublicSubnetA Ipv4CidrBlocks"
}
{
"OutputKey": "myPublicSubnetB",
"OutputValue": "subnet-07d0e41e7633178cf"
}
{
"OutputKey": "myPublicSubnetBAvailabilityZone",
"OutputValue": "ap-northeast-1c",
"Description": "PublicSubnetB AvailabilityZone"
}
{
"OutputKey": "myPublicSubnetBCidrBlock",
"OutputValue": "192.168.200.0/24",
"Description": "PublicSubnetB Ipv4CidrBlocks"
}
{
"OutputKey": "myVPC",
"OutputValue": "vpc-0cd9bbdf94a983c47"
}
{
"OutputKey": "myVPCCidrBlock",
"OutputValue": "192.168.0.0/16",
"Description": "VPC CidrBlock"
}

利用可能なAvailabilityZone

aws-cliaws ec2 describe-availability-zonesで確認できる。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
$ aws ec2 describe-availability-zones
{
"AvailabilityZones": [
{
"State": "available",
"OptInStatus": "opt-in-not-required",
"Messages": [],
"RegionName": "ap-northeast-1",
"ZoneName": "ap-northeast-1a",
"ZoneId": "apne1-az4",
"GroupName": "ap-northeast-1",
"NetworkBorderGroup": "ap-northeast-1"
},
{
"State": "available",
"OptInStatus": "opt-in-not-required",
"Messages": [],
"RegionName": "ap-northeast-1",
"ZoneName": "ap-northeast-1c",
"ZoneId": "apne1-az1",
"GroupName": "ap-northeast-1",
"NetworkBorderGroup": "ap-northeast-1"
},
{
"State": "available",
"OptInStatus": "opt-in-not-required",
"Messages": [],
"RegionName": "ap-northeast-1",
"ZoneName": "ap-northeast-1d",
"ZoneId": "apne1-az2",
"GroupName": "ap-northeast-1",
"NetworkBorderGroup": "ap-northeast-1"
}
]
}