Criamos uma VPC na região Norte da Virginia(us-east-1) e, além disso, criamos quatro subnets, duas publicas e duas privadas, em duas zonas de disponibilidade(us-east-1a e us-east-1b).
Definimos o tenancy da VPC como default pois no modo dedicated cada instância EC2 dentro desta VPC recebe um hardware de rede dedicado e aumenta o custo.
The tenancy of the VPC into which you launch the instance can also determine the instance's tenancy. A VPC can have a tenancy of either
defaultordedicated. If you launch an instance into a VPC that has a tenancy ofdefault, the instance runs on shared tenancy hardware by default, unless you specify a different tenancy for the instance. If you launch an instance into a VPC that has a tenancy ofdedicated, the instance runs as a Dedicated Instance by default, unless you specify a different tenancy for the instance.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html#dedicated-howitworks
Quando uma VPC é criada os mesmos recursos encontrados em uma VPC default também são criados.
When you create a default VPC, it is created with the standard components of a default VPC, including a default subnet in each Availability Zone. You cannot specify your own components. The subnet CIDR blocks of your new default VPC may not map to the same Availability Zones as your previous default VPC.
- Create a VPC with a size
/16IPv4 CIDR block (172.31.0.0/16). This provides up to 65,536 private IPv4 addresses.- Create a size
/20default subnet in each Availability Zone. This provides up to 4,096 addresses per subnet, a few of which are reserved for our use.- Create an internet gateway and connect it to your default VPC.
- Add a route to the main route table that points all traffic (
0.0.0.0/0) to the internet gateway.- Create a default security group and associate it with your default VPC.
- Create a default network access control list (ACL) and associate it with your default VPC.
- Associate the default DHCP options set for your AWS account with your default VPC.
https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#default-vpc-components
<aside> 💡 E se criar as subnets depois? elas ainda serão associadas ao Network ACL da VPC?
Parece que sim, provisionei(terraform) duas subnets em sa-east-1a(public e private) junto da VPC, depois adicionei duas subnets em sa-east-1b(public e private) na mesma VPC e ambas foram mapeadas no Network ACL.
</aside>
Tornamos uma subnet pública quando ativamos sua propriedade Enable auto-assign public IPv4 address.
Auto-assign IP settings: Enables you to configure the auto-assign IP settings to automatically request a public IPv4 or IPv6 address for a new network interface in this subnet.
https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html#subnet-settings
# <https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc>
resource "aws_vpc" "custom-vpc" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"
tags = {
Name = "custom-vpc"
Course = "AWS Certified Solutions Architect Professional SAP-C01 2022"
Class = "3. [HOL] Create a Custom VPC with Subnets"
}
}
# <https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#example-usage>
resource "aws_subnet" "public-us-east-1a" {
vpc_id = aws_vpc.custom-vpc.id
cidr_block = "10.0.0.0/20"
availability_zone = "us-east-1a"
map_public_ip_on_launch = true
tags = {
Name = "public-us-east-1a"
Course = "AWS Certified Solutions Architect Professional SAP-C01 2022"
Class = "3. [HOL] Create a Custom VPC with Subnets"
}
}
resource "aws_subnet" "private-us-east-1a" {
vpc_id = aws_vpc.custom-vpc.id
cidr_block = "10.0.32.0/20"
availability_zone = "us-east-1a"
map_public_ip_on_launch = false
tags = {
Name = "private-us-east-1a"
Course = "AWS Certified Solutions Architect Professional SAP-C01 2022"
Class = "3. [HOL] Create a Custom VPC with Subnets"
}
}