AWS Cloud Automation Quickstart – Virtual Private Cloud (VPC), Resource Group, and Subnet

In this series, we shift clouds and walk through how to create a web server on AWS with all the networking and Instance configuration necessary through the AWS console. The first part is going to take us through creating an AWS VPC and getting organized with Resource Group tagging. Like the Azure web server tutorial, we will be showing you how to deploy the same Infrastructure as Code with Tuono using the same simple blueprint code we used in the previous deployment to Azure!

How to create a Resource Group in the AWS Portal

In AWS, resource groups are not required but we prefer to organize our infrastructure in a resource group. This gives you the ability to see all the related resources in one AWS Management Console tab. And, it avoids future sprawl removing the feeling of not knowing exactly what you have deployed in your cloud.

From the AWS Management Console search for ‘resource group’ and open the Resource Groups & Tag Editor and click “Create Resource Group”.

 1-AWS-find-resource-group.png

Let’s create a Tag based resource group that will group with a tag of walkthrough and a value of webserver. Add that tag pair, provide the resource group with a name and click “Create group”.

2-AWS-create-resource-group

How to create a Virtual Private Cloud in the AWS Console

A Virtual Private Cloud (VPC) is an AWS Virtual Network. Unfortunately, Amazon tends to pick names that do not have any indication as to what the service really is. Let’s navigate to the VPC dashboard by searching VPC in the AWS Management Console and Launching the VPC Wizard.

3-AWS-launchVPC

Select a VPC with a single Public Subnet.

4-AWS-selectVPC

Let’s give our VPC and subnet a name and create the VPC.

5-AWS-createVPC

The VPC wizard creates a subnet, routing table and internet gateway for the virtual network as well as a Network Access Control List and Security Group.

Unfortunately, you may not have known that AWS created multiple objects for the VPC as none of these objects show up in our resource group. Unfortunately the wizard does not have an option to add tags at creation time.

To keep the shop tidy let’s add our resource group Key walkthrough and Value webserver to each created object so we don’t lose track of them as we build out future infrastructure.

6-AWS-tags

Now we can keep track of our VPC network objects from our Resource Group.

7-AWS-resource-group-objects

How do I build a VPC with Tuono?

This code may look familiar to anyone who also reviewed the Azure web server quickstart. That is because it is the same code. Writing simple Infrastructure as Code with Tuono allows you to create it once and deploy to multiple clouds.

We select a region to deploy our infrastructure and create a resource group by specifying a folder name.

location:
  region:
    my-region:
      country: USA
      area: northwest
  folder:
    aws-walkthrough:
      region: my-region

Define the network range.

networking:
  network:
    vnet-walkthrough:
      range: 10.0.0.0/16
      scope: public

We then create a subnet that we will use for our web server.

subnet:
    subnet-walkthrough:
      range: 10.0.0.0/24
      network: vnet-walkthrough

With these pieces of a Tuono Blueprint we create a resource group, assign a Virtual Network and associate a specific subnet!

Our Tuono deployed Resource Group contains the following objects. We automatically tag all created resources so you can easily find Tuono created objects.

8-AWS-Tuono-resource-group-objects

You may notice that there are extra Network Access Control Lists when deploying a VPC with Tuono. We believe in control of network security and Secure by Default policies at every level we can. This allows us to fine-tune network access based on your requirements and avoids wide-open networks like the Cloud Providers default to. Access will not be open unless you allow it explicitly.

Our complete Blueprint currently looks like the following and when applied to an Environment through the Tuono portal or API it forms a groundwork of communication for future resources.

#
# This is an example blueprint that demonstrates the creation of a network
#
---
location:
  region:
    my-region:
      country: USA
      area: northwest
  folder:
    aws-walkthrough:
      region: my-region
      
networking:
  network:
    vnet-walkthrough:
      range: 10.0.0.0/16
      scope: public
      
  subnet:
    subnet-walkthrough:
      range: 10.0.0.0/24
      network: vnet-walkthrough

You can follow along with this series and start automating AWS by signing up for the free Tuono Community Edition. All of the code samples in this article can be put into a Blueprint and deployed into the cloud.

Deploy your first environment