TerraformでAWS VPC, subnet, SecurityGroup,NATインスタンスを作成するコード
実行環境
- Windows 10 Home (1919)
- Git Bash (git version 2.25.1.windows.1)
- AWS CLI (aws-cli/2.0.3 Python/3.7.5 Windows/10 botocore/2.0.0dev7)
- Terraform (v0.12.26)
作成する構成
まっさらな環境にVPCVPC, subnet, SecurityGroup,NATインスタンスを作成する。
NATで利用するAMI(amzn-ami-vpc-nat)は「amzn-ami-vpc-nat-2018.03.0.20191219.0-x86_64-ebs - ami-0744cc369a48918e2」。
SecurtyGroupは自宅からの接続のみを許可する。
main.tf
provider "aws" {
profile = "prj01-profile"
region = "us-west-2"
}
resource "aws_vpc" "prj01VPC" {
cidr_block = "10.10.0.0/16"
instance_tenancy = "default"
tags = {
Name = "prj01VPC"
CostGroup = "prj01"
}
}
resource "aws_subnet" "prj01PublicSubnet1a" {
vpc_id = aws_vpc.prj01VPC.id
cidr_block = "10.10.1.0/24"
availability_zone = "us-west-2a"
tags = {
Name = "prj01PublicSubnet1a"
CostGroup = "prj01"
}
}
resource "aws_internet_gateway" "prj01IGW" {
vpc_id = aws_vpc.prj01VPC.id
tags = {
Name = "prj01IGW"
CostGroup = "prj01"
}
}
resource "aws_route_table" "prj01PublicRoute" {
vpc_id = aws_vpc.prj01VPC.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.prj01IGW.id
}
}
resource "aws_route_table_association" "prj01public-a" {
subnet_id = aws_subnet.prj01PublicSubnet1a.id
route_table_id = aws_route_table.prj01PublicRoute.id
}
resource "aws_security_group" "prj01SGpublic" {
name = "prj01SGpublic"
description = "Prj01 Public Subnet SG"
vpc_id = aws_vpc.prj01VPC.id
ingress {
description = "TLS from home"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["xxx.xxx.xxx.xxx/32"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "prj01NAT" {
ami = "ami-0744cc369a48918e2"
instance_type = "t2.micro"
key_name = "prj01keypair"
subnet_id = aws_subnet.prj01PublicSubnet1a.id
vpc_security_group_ids = [aws_security_group.prj01SGpublic.id]
associate_public_ip_address = "true"
tags = {
Name = "prj01NAT"
CostGroup = "prj01"
}
}
output "prj01NAT-EIP" {
value = "${aws_instance.prj01NAT.public_ip}"
}
(自宅のグローバルIPだけ、xxxでマスク)
実行
前提
前提としてaws cliのprofileおよびkeypairは作成済み。
$ aws configure list --profile prj01-profile
Name Value Type Location
---- ----- ---- --------
profile prj01-profile manual --profile
access_key ****************FCES shared-credentials-file
secret_key ****************4Idw shared-credentials-file
region us-west-2 config-file ~/.aws/config
$ aws ec2 describe-key-pairs
{
"KeyPairs": [
{
"KeyPairId": "key-0ba9cb72d459cbeb4",
"KeyFingerprint": "e9:ec:b7:f9:3d:d0:6b:81:6d:aa:92:92:70:e5:0c:51:e7:5d:89:e7",
"KeyName": "prj01keypair",
"Tags": []
}
]
}
実行前の状態確認
$ aws ec2 describe-vpcs --region=us-west-2
{
"Vpcs": []
}
$ aws ec2 describe-subnets --region=us-west-2
{
"Subnets": []
}
$ aws ec2 describe-internet-gateways --region=us-west-2
{
"InternetGateways": []
}
$ aws ec2 describe-route-tables --region=us-west-2
{
"RouteTables": []
}
$ aws ec2 describe-security-groups --region=us-west-2
{
"SecurityGroups": [
{
"Description": "default group",
"GroupName": "default",
:(中略)
}
]
}
$ aws ec2 describe-instances --region=us-west-2
{
"Reservations": []
}
plan
$ ../terraform.exe plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.prj01NAT will be created
+ resource "aws_instance" "prj01NAT" {
+ ami = "ami-0744cc369a48918e2"
+ arn = (known after apply)
+ associate_public_ip_address = true
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = "prj01keypair"
+ network_interface_id = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags = {
+ "CostGroup" = "prj01"
+ "Name" = "prj01NAT"
}
+ tenancy = (known after apply)
+ volume_tags = (known after apply)
+ vpc_security_group_ids = (known after apply)
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ snapshot_id = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ metadata_options {
+ http_endpoint = (known after apply)
+ http_put_response_hop_limit = (known after apply)
+ http_tokens = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
+ root_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
}
# aws_internet_gateway.prj01IGW will be created
+ resource "aws_internet_gateway" "prj01IGW" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostGroup" = "prj01"
+ "Name" = "prj01IGW"
}
+ vpc_id = (known after apply)
}
# aws_route_table.prj01PublicRoute will be created
+ resource "aws_route_table" "prj01PublicRoute" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ cidr_block = "0.0.0.0/0"
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ instance_id = ""
+ ipv6_cidr_block = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_peering_connection_id = ""
},
]
+ vpc_id = (known after apply)
}
# aws_route_table_association.prj01public-a will be created
+ resource "aws_route_table_association" "prj01public-a" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# aws_security_group.prj01SGpublic will be created
+ resource "aws_security_group" "prj01SGpublic" {
+ arn = (known after apply)
+ description = "Prj01 Public Subnet SG"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "xxx.xxx.xxx.xxx/32",
]
+ description = "TLS from home"
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
]
+ name = "prj01SGpublic"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ vpc_id = (known after apply)
}
# aws_subnet.prj01PublicSubnet1a will be created
+ resource "aws_subnet" "prj01PublicSubnet1a" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-west-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.10.1.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "CostGroup" = "prj01"
+ "Name" = "prj01PublicSubnet1a"
}
+ vpc_id = (known after apply)
}
# aws_vpc.prj01VPC will be created
+ resource "aws_vpc" "prj01VPC" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "10.10.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostGroup" = "prj01"
+ "Name" = "prj01VPC"
}
}
Plan: 7 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
実行(apply)
$ ../terraform.exe apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.prj01NAT will be created
+ resource "aws_instance" "prj01NAT" {
+ ami = "ami-0744cc369a48918e2"
+ arn = (known after apply)
+ associate_public_ip_address = true
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = "prj01keypair"
+ network_interface_id = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags = {
+ "CostGroup" = "prj01"
+ "Name" = "prj01NAT"
}
+ tenancy = (known after apply)
+ volume_tags = (known after apply)
+ vpc_security_group_ids = (known after apply)
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ snapshot_id = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ metadata_options {
+ http_endpoint = (known after apply)
+ http_put_response_hop_limit = (known after apply)
+ http_tokens = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
+ root_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
}
# aws_internet_gateway.prj01IGW will be created
+ resource "aws_internet_gateway" "prj01IGW" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostGroup" = "prj01"
+ "Name" = "prj01IGW"
}
+ vpc_id = (known after apply)
}
# aws_route_table.prj01PublicRoute will be created
+ resource "aws_route_table" "prj01PublicRoute" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ cidr_block = "0.0.0.0/0"
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ instance_id = ""
+ ipv6_cidr_block = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_peering_connection_id = ""
},
]
+ vpc_id = (known after apply)
}
# aws_route_table_association.prj01public-a will be created
+ resource "aws_route_table_association" "prj01public-a" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# aws_security_group.prj01SGpublic will be created
+ resource "aws_security_group" "prj01SGpublic" {
+ arn = (known after apply)
+ description = "Prj01 Public Subnet SG"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "xxx.xxx.xxx.xxx/32",
]
+ description = "TLS from home"
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
]
+ name = "prj01SGpublic"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ vpc_id = (known after apply)
}
# aws_subnet.prj01PublicSubnet1a will be created
+ resource "aws_subnet" "prj01PublicSubnet1a" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-west-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.10.1.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "CostGroup" = "prj01"
+ "Name" = "prj01PublicSubnet1a"
}
+ vpc_id = (known after apply)
}
# aws_vpc.prj01VPC will be created
+ resource "aws_vpc" "prj01VPC" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "10.10.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostGroup" = "prj01"
+ "Name" = "prj01VPC"
}
}
Plan: 7 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_vpc.prj01VPC: Creating...
aws_vpc.prj01VPC: Creation complete after 9s [id=vpc-07f01f8953bec8054]
aws_internet_gateway.prj01IGW: Creating...
aws_subnet.prj01PublicSubnet1a: Creating...
aws_security_group.prj01SGpublic: Creating...
aws_subnet.prj01PublicSubnet1a: Creation complete after 4s [id=subnet-002a899cff16b1c1e]
aws_internet_gateway.prj01IGW: Creation complete after 4s [id=igw-0a3ed75c307556d56]
aws_route_table.prj01PublicRoute: Creating...
aws_security_group.prj01SGpublic: Creation complete after 6s [id=sg-011197b779f8fc187]
aws_instance.prj01NAT: Creating...
aws_route_table.prj01PublicRoute: Creation complete after 3s [id=rtb-0572913cf77f4d732]
aws_route_table_association.prj01public-a: Creating...
aws_route_table_association.prj01public-a: Creation complete after 0s [id=rtbassoc-00749569edc659d21]
aws_instance.prj01NAT: Still creating... [10s elapsed]
aws_instance.prj01NAT: Still creating... [20s elapsed]
aws_instance.prj01NAT: Creation complete after 28s [id=i-0ead2524f144ce254]
Apply complete! Resources: 7 added, 0 changed, 0 destroyed.
Outputs:
prj01NAT-EIP = 34.220.64.163
接続確認
$ ssh -i ../../key/prj01keypair.pem ec2-user@34.220.64.163
The authenticity of host '34.220.64.163 (34.220.64.163)' can't be established.
ECDSA key fingerprint is SHA256:fT4x/XtdVtiIkGYGJp4oy2F1w/lHhCYHfh0Czg1QP5c.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '34.220.64.163' (ECDSA) to the list of known hosts.
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2018.03-release-notes/
12 package(s) needed for security, out of 27 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-10-10-1-59 ~]$
無事接続できた。
作成されたものの状態確認
$ aws ec2 describe-vpcs --region=us-west-2
{
"Vpcs": [
{
"CidrBlock": "10.10.0.0/16",
"DhcpOptionsId": "dopt-0ebee8b328487036e",
"State": "available",
"VpcId": "vpc-07f01f8953bec8054",
"OwnerId": "679788997248",
"InstanceTenancy": "default",
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0c9db0dd4f6e7f945",
"CidrBlock": "10.10.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "CostGroup",
"Value": "prj01"
},
{
"Key": "Name",
"Value": "prj01VPC"
}
]
}
]
}
$ aws ec2 describe-subnets --region=us-west-2
{
"Subnets": [
{
"AvailabilityZone": "us-west-2a",
"AvailabilityZoneId": "usw2-az2",
"AvailableIpAddressCount": 250,
"CidrBlock": "10.10.1.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"State": "available",
"SubnetId": "subnet-002a899cff16b1c1e",
"VpcId": "vpc-07f01f8953bec8054",
"OwnerId": "679788997248",
"AssignIpv6AddressOnCreation": false,
"Ipv6CidrBlockAssociationSet": [],
"Tags": [
{
"Key": "CostGroup",
"Value": "prj01"
},
{
"Key": "Name",
"Value": "prj01PublicSubnet1a"
}
],
"SubnetArn": "arn:aws:ec2:us-west-2:679788997248:subnet/subnet-002a899cff16b1c1e"
}
]
}
$ aws ec2 describe-internet-gateways --region=us-west-2
{
"InternetGateways": [
{
"Attachments": [
{
"State": "available",
"VpcId": "vpc-07f01f8953bec8054"
}
],
"InternetGatewayId": "igw-0a3ed75c307556d56",
"OwnerId": "679788997248",
"Tags": [
{
"Key": "CostGroup",
"Value": "prj01"
},
{
"Key": "Name",
"Value": "prj01IGW"
}
]
}
]
}
$ aws ec2 describe-route-tables --region=us-west-2
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-0acb7861b8f970d0c",
"RouteTableId": "rtb-00e81b7edaf3874c0",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-00e81b7edaf3874c0",
"Routes": [
{
"DestinationCidrBlock": "10.10.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-07f01f8953bec8054",
"OwnerId": "679788997248"
},
{
"Associations": [
{
"Main": false,
"RouteTableAssociationId": "rtbassoc-00749569edc659d21",
"RouteTableId": "rtb-0572913cf77f4d732",
"SubnetId": "subnet-002a899cff16b1c1e",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0572913cf77f4d732",
"Routes": [
{
"DestinationCidrBlock": "10.10.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-0a3ed75c307556d56",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-07f01f8953bec8054",
"OwnerId": "679788997248"
}
]
}
$ aws ec2 describe-security-groups --region=us-west-2
{
"SecurityGroups": [
{
"Description": "default group",
"GroupName": "default",
"IpPermissions": [
{
"FromPort": 0,
"IpProtocol": "udp",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 65535,
"UserIdGroupPairs": [
{
"GroupId": "sg-f26ffcc2",
"GroupName": "default",
"UserId": "679788997248"
}
]
},
{
"FromPort": -1,
"IpProtocol": "icmp",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": -1,
"UserIdGroupPairs": [
{
"GroupId": "sg-f26ffcc2",
"GroupName": "default",
"UserId": "679788997248"
}
]
},
{
"FromPort": 0,
"IpProtocol": "tcp",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 65535,
"UserIdGroupPairs": [
{
"GroupId": "sg-f26ffcc2",
"GroupName": "default",
"UserId": "679788997248"
}
]
}
],
"OwnerId": "679788997248",
"GroupId": "sg-f26ffcc2",
"IpPermissionsEgress": []
},
{
"Description": "quick-start-1",
"GroupName": "quick-start-1",
"IpPermissions": [
{
"FromPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 22,
"UserIdGroupPairs": []
},
{
"FromPort": -1,
"IpProtocol": "icmp",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": -1,
"UserIdGroupPairs": []
}
],
"OwnerId": "679788997248",
"GroupId": "sg-486dfe78",
"IpPermissionsEgress": []
},
{
"Description": "Prj01 Public Subnet SG",
"GroupName": "prj01SGpublic",
"IpPermissions": [
{
"FromPort": 22,
"IpProtocol": "tcp",
"IpRanges": [
{
"CidrIp": "xxx.xxx.xxx.xxx/32",
"Description": "TLS from home"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"ToPort": 22,
"UserIdGroupPairs": []
}
],
"OwnerId": "679788997248",
"GroupId": "sg-011197b779f8fc187",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-07f01f8953bec8054"
},
{
"Description": "default VPC security group",
"GroupName": "default",
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": [
{
"GroupId": "sg-02a3b4125c3e94cd6",
"UserId": "679788997248"
}
]
}
],
"OwnerId": "679788997248",
"GroupId": "sg-02a3b4125c3e94cd6",
"IpPermissionsEgress": [
{
"IpProtocol": "-1",
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"Ipv6Ranges": [],
"PrefixListIds": [],
"UserIdGroupPairs": []
}
],
"VpcId": "vpc-07f01f8953bec8054"
}
]
}
$ aws ec2 describe-instances --region=us-west-2
{
"Reservations": [
{
"Groups": [],
"Instances": [
{
"AmiLaunchIndex": 0,
"ImageId": "ami-0744cc369a48918e2",
"InstanceId": "i-0ead2524f144ce254",
"InstanceType": "t2.micro",
"KeyName": "prj01keypair",
"LaunchTime": "2020-07-14T20:21:15+00:00",
"Monitoring": {
"State": "disabled"
},
"Placement": {
"AvailabilityZone": "us-west-2a",
"GroupName": "",
"Tenancy": "default"
},
"PrivateDnsName": "ip-10-10-1-59.us-west-2.compute.internal",
"PrivateIpAddress": "10.10.1.59",
"ProductCodes": [],
"PublicDnsName": "",
"PublicIpAddress": "34.220.64.163",
"State": {
"Code": 16,
"Name": "running"
},
"StateTransitionReason": "",
"SubnetId": "subnet-002a899cff16b1c1e",
"VpcId": "vpc-07f01f8953bec8054",
"Architecture": "x86_64",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"AttachTime": "2020-07-14T20:21:15+00:00",
"DeleteOnTermination": true,
"Status": "attached",
"VolumeId": "vol-01040fdbd785ac7b0"
}
}
],
"ClientToken": "D9FFD1E8-29B1-4BC9-BF89-0DB594B3460D",
"EbsOptimized": false,
"EnaSupport": true,
"Hypervisor": "xen",
"NetworkInterfaces": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "",
"PublicIp": "34.220.64.163"
},
"Attachment": {
"AttachTime": "2020-07-14T20:21:15+00:00",
"AttachmentId": "eni-attach-00044a8099cfdad43",
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Status": "attached"
},
"Description": "",
"Groups": [
{
"GroupName": "prj01SGpublic",
"GroupId": "sg-011197b779f8fc187"
}
],
"Ipv6Addresses": [],
"MacAddress": "06:0d:c9:db:e6:f2",
"NetworkInterfaceId": "eni-0d1d1ba4cb5fef465",
"OwnerId": "679788997248",
"PrivateIpAddress": "10.10.1.59",
"PrivateIpAddresses": [
{
"Association": {
"IpOwnerId": "amazon",
"PublicDnsName": "",
"PublicIp": "34.220.64.163"
},
"Primary": true,
"PrivateIpAddress": "10.10.1.59"
}
],
"SourceDestCheck": true,
"Status": "in-use",
"SubnetId": "subnet-002a899cff16b1c1e",
"VpcId": "vpc-07f01f8953bec8054",
"InterfaceType": "interface"
}
],
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SecurityGroups": [
{
"GroupName": "prj01SGpublic",
"GroupId": "sg-011197b779f8fc187"
}
],
"SourceDestCheck": true,
"Tags": [
{
"Key": "Name",
"Value": "prj01NAT"
},
{
"Key": "CostGroup",
"Value": "prj01"
}
],
"VirtualizationType": "hvm",
"CpuOptions": {
"CoreCount": 1,
"ThreadsPerCore": 1
},
"CapacityReservationSpecification": {
"CapacityReservationPreference": "open"
},
"HibernationOptions": {
"Configured": false
},
"MetadataOptions": {
"State": "applied",
"HttpTokens": "optional",
"HttpPutResponseHopLimit": 1,
"HttpEndpoint": "enabled"
}
}
],
"OwnerId": "679788997248",
"ReservationId": "r-0621a71842792f593"
}
]
}