VPC Verification Using AWS CLI
We can verify our VPC configuration by using AWS CLI. Example 1-1 shows the output for command aws ec2 describe-vpc in JSON format. This command lists all our VPC resources with their properties. The first one is the newest VPC NVKT-VPC-01, and the second one is the default VPC which I have named DFLT-VPC. The first VPC gets ordinal zero [0], and the second VPC gets number one [1]. Note that ordinal numbers are not shown in the output. VPC properties describe the VPC-specific CIDR Block, DHCP Options, VPC Identifier, Owner Id, CIDR Block Association, and Tags.
aws ec2 describe-vpcs
{
"Vpcs": [
{
"CidrBlock": "10.10.0.0/16",
"DhcpOptionsId": "dopt-09217361",
"State": "available",
"VpcId": "vpc-04ef72cc79a73f82e",
"OwnerId": "123456654321",
"InstanceTenancy": "default",
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0379c0e3e854f43ff",
"CidrBlock": "10.10.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": false,
"Tags":
[
{
"Key": "Name",
"Value": "NVKT-VPC-01"
}
]
},
{
"CidrBlock": "172.31.0.0/16",
"DhcpOptionsId": "dopt-09217361",
"State": "available",
"VpcId": "vpc-cfbac1a7",
"OwnerId": "123456654321",
"InstanceTenancy": "default",
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-89d487e1",
"CidrBlock": "172.31.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": true,
"Tags":
[
{
"Key": "Name",
"Value":
"DFLT-VPC"
}
]
}
]
Example 1-1: AWS CLI: Retrieve VPC Information.
We can use filters for retrieving information only from some specific resources. The command aws ec2 describe-vpcs --filters Name=tag:Name,Values=NVKT-VPC-01 shows VPCs where we have attached the Key/Value pair Name/NVKT-VPC-01.
aws ec2 describe-vpcs --filters
Name=tag:Name,Values=NVKT-VPC-01
{
"Vpcs": [
{
"CidrBlock":
"10.10.0.0/16",
"DhcpOptionsId":
"dopt-09217361",
"State":
"available",
"VpcId":
"vpc-04ef72cc79a73f82e",
"OwnerId":
"123456654321",
"InstanceTenancy":
"default",
"CidrBlockAssociationSet": [
{
"AssociationId":
"vpc-cidr-assoc-0379c0e3e854f43ff",
"CidrBlock":
"10.10.0.0/16",
"CidrBlockState":
{
"State":
"associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key":
"Name",
"Value":
"NVKT-VPC-01"
}
]
}
]
}
Example 1-2: AWS CLI: Retrieve VPC Information.
We can also query resource-specific information using the command aws ec2 describe-vpcs --query "Vpcs[0]". The zero within square brackets after the resource Vpcs identifies the ordinal number of a resource. In our example, VPC NVKT-VPC-01 is the first one, and it has an ordinal number zero.
aws ec2 describe-vpcs --query
"Vpcs[0]"
{
"CidrBlock":
"10.10.0.0/16",
"DhcpOptionsId":
"dopt-09217361",
"State": "available",
"VpcId":
"vpc-04ef72cc79a73f82e",
"OwnerId": "123456654321",
"InstanceTenancy":
"default",
"CidrBlockAssociationSet": [
{
"AssociationId":
"vpc-cidr-assoc-0379c0e3e854f43ff",
"CidrBlock":
"10.10.0.0/16",
"CidrBlockState": {
"State":
"associated"
}
}
],
"IsDefault": false,
"Tags": [
{
"Key": "Name",
"Value":
"NVKT-VPC-01"
}
]
}
Example 1-3: AWS CLI: Retrieve VPC Information.
If we want to see only some specific resource properties, we can add the properties after the resource, separated by a dot. Example 1-4 shows how we can see the CIDR Block Association for VPC NVKT-VPC-01 (ordinal zero).
aws ec2 describe-vpcs --query
"Vpcs[0].CidrBlockAssociationSet"
[
{
"AssociationId":
"vpc-cidr-assoc-0379c0e3e854f43ff",
"CidrBlock":
"10.10.0.0/16",
"CidrBlockState": {
"State":
"associated"
}
}
]
Example 1-4: AWS CLI: Retrieve CIDR (Properties) Association
to VPC (Resource).
We can change the output representation from the JSON to table by using the option --output table. The table output is a good choice when we create documentation about VPCs. Note that you can use this option with all other commands too.
aws ec2 describe-vpcs --query
"Vpcs[0].CidrBlockAssociationSet" --output table
------------------------------------------------------
| DescribeVpcs |
+-----------------------------------+----------------+
| AssociationId |
CidrBlock |
+-----------------------------------+----------------+
| vpc-cidr-assoc-0379c0e3e854f43ff | 10.10.0.0/16
|
+-----------------------------------+----------------+
|| CidrBlockState ||
|+------------------+-------------------------------+|
|| State
| associated ||
|+------------------+-------------------------------+|
Example 1-5: AWS CLI: Retrieve CIDR Association to VPC – Table
Output.
Hi, I read your whole blog. This is very nice. Good to know about the AWS and is very demanding in future. We are also providing various AWS Training & Certification Courses, anyone interested can AWS certification for making their career in this field.
ReplyDelete