So far, i’ve discussed about how to configure vpc, subnets, natgateway, ec2 using terraform, in this post i’m going to discuss how to configure VPC, Subnets, Internet Gateway, NatGateway with AWS CDK using python as language. We don’t need to write any complex cloudformation scripts, we use AWS CDK to construct resources. For more information about AWS CDK, you may check here.
Pre-requisites:
You need to install aws cdk and python installed on your environment.
#Install AWS-CDK
npm install -g aws-cdk
# Check CDK Version
cdk --version
Once, you have aws cdk and python installed we can initialize new project. I’m using visual studio code in my example to create project, you can use any of your favorite IDE.
mkdir mycdkproject
cdk init --language python The above will create a cdk structure with python as language. Activate your virtual environment source .env/bin/activate or python -m venv .venv depending on your OS (Linux/MaC/Windows). Once you initialized then the structure would look like this
We have cdk structure ready, let us start importing required modules (aws_ec2, aws_ssm, core)
edit the requirements.txt file (
aws-cdk.core
aws-cdk.aws-ssm
aws-cdk.aws-ec2) and install them using python install -r requirements.txt
This will ensure you have required modules to start with.
Let us modify the mycdkproject_stack.py.
from aws_cdk import (
aws_ec2 as ec2,
aws_ssm as ssm,
core
)
class MycdkprojectStack(core.Stack):
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# The code that defines your stack goes here
env_name = self.node.try_get_context("env")
self.vpc = ec2.Vpc(self, 'demovpc',
cidr = '192.168.50.0/24',
max_azs = 2,
enable_dns_hostnames = True,
enable_dns_support = True,
subnet_configuration=[
ec2.SubnetConfiguration(
name = 'Public-Subent',
subnet_type = ec2.SubnetType.PUBLIC,
cidr_mask = 26
),
ec2.SubnetConfiguration(
name = 'Private-Subnet',
subnet_type = ec2.SubnetType.PRIVATE,
cidr_mask = 26
)
],
nat_gateways = 1,
)
priv_subnets = [subnet.subnet_id for subnet in self.vpc.private_subnets]
count = 1
for psub in priv_subnets:
ssm.StringParameter(self, 'private-subnet-'+ str(count),
string_value = psub,
parameter_name = '/'+env_name+'/private-subnet-'+str(count)
)
count += 1 The above script will create vpc, public, private subnets and nategateway.
Call this stack into your app.py as below
#!/usr/bin/env python3
from aws_cdk import core
from mycdkproject.mycdkproject_stack import MycdkprojectStack
app = core.App()
MycdkprojectStack(app, "mycdkproject")
app.synth()
let us run cdk ls to see if there any list of stacks
cdk ls
Synthesize an AWS CloudFormation template for the app, as follows.
cdk synthIf your app contained more than one stack, you’d need to specify which stack(s) to synthesize. But since it only contains one, the Toolkit knows you must mean that one.
The cdk synth command executes your app, which causes the resources defined in it to be translated to an AWS CloudFormation template. The displayed output of cdk synth is a YAML-format template; our app’s output is shown below. The template is also saved in the cdk.out directory in JSON format.
PS C:\Users\Ramasankar\mycdkproject> cdk synth
Resources:
demovpcF2DCF540:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 192.168.50.0/24
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: mycdkproject/demovpc
Metadata:
aws:cdk:path: mycdkproject/demovpc/Resource
demovpcPublicSubentSubnet1Subnet9D54A554:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 192.168.50.0/26
VpcId:
Ref: demovpcF2DCF540
AvailabilityZone:
Fn::Select:
- 0
- Fn::GetAZs: ""
MapPublicIpOnLaunch: true
Tags:
- Key: aws-cdk:subnet-name
Value: Public-Subent
- Key: aws-cdk:subnet-type
Value: Public
- Key: Name
Value: mycdkproject/demovpc/Public-SubentSubnet1
Metadata:
aws:cdk:path: mycdkproject/demovpc/Public-SubentSubnet1/Subnet
demovpcPublicSubentSubnet1RouteTable91CAF0D9:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: demovpcF2DCF540
Tags:
- Key: Name
Value: mycdkproject/demovpc/Public-SubentSubnet1
Metadata:
aws:cdk:path: mycdkproject/demovpc/Public-SubentSubnet1/RouteTable
demovpcPublicSubentSubnet1RouteTableAssociationB046656F:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId:
Ref: demovpcPublicSubentSubnet1RouteTable91CAF0D9
SubnetId:
Ref: demovpcPublicSubentSubnet1Subnet9D54A554
Metadata:
aws:cdk:path: mycdkproject/demovpc/Public-SubentSubnet1/RouteTableAssociation
demovpcPublicSubentSubnet1DefaultRouteD441EE14:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: demovpcPublicSubentSubnet1RouteTable91CAF0D9
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: demovpcIGW048842AE
DependsOn:
- demovpcVPCGW7D2E1CAC
Metadata:
aws:cdk:path: mycdkproject/demovpc/Public-SubentSubnet1/DefaultRoute
demovpcPublicSubentSubnet1EIPBD2741E1:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
Tags:
- Key: Name
Value: mycdkproject/demovpc/Public-SubentSubnet1
Metadata:
aws:cdk:path: mycdkproject/demovpc/Public-SubentSubnet1/EIP
demovpcPublicSubentSubnet1NATGateway89406216:
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- demovpcPublicSubentSubnet1EIPBD2741E1
- AllocationId
SubnetId:
Ref: demovpcPublicSubentSubnet1Subnet9D54A554
Tags:
- Key: Name
Value: mycdkproject/demovpc/Public-SubentSubnet1
Metadata:
aws:cdk:path: mycdkproject/demovpc/Public-SubentSubnet1/NATGateway
demovpcPublicSubentSubnet2Subnet1ECEB9DF:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 192.168.50.64/26
VpcId:
Ref: demovpcF2DCF540
AvailabilityZone:
Fn::Select:
- 1
- Fn::GetAZs: ""
MapPublicIpOnLaunch: true
Tags:
- Key: aws-cdk:subnet-name
Value: Public-Subent
- Key: aws-cdk:subnet-type
Value: Public
- Key: Name
Value: mycdkproject/demovpc/Public-SubentSubnet2
Metadata:
aws:cdk:path: mycdkproject/demovpc/Public-SubentSubnet2/Subnet
demovpcPublicSubentSubnet2RouteTable859486AD:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: demovpcF2DCF540
Tags:
- Key: Name
Value: mycdkproject/demovpc/Public-SubentSubnet2
Metadata:
aws:cdk:path: mycdkproject/demovpc/Public-SubentSubnet2/RouteTable
demovpcPublicSubentSubnet2RouteTableAssociation4812D27C:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId:
Ref: demovpcPublicSubentSubnet2RouteTable859486AD
SubnetId:
Ref: demovpcPublicSubentSubnet2Subnet1ECEB9DF
Metadata:
aws:cdk:path: mycdkproject/demovpc/Public-SubentSubnet2/RouteTableAssociation
demovpcPublicSubentSubnet2DefaultRoute41BC99C2:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: demovpcPublicSubentSubnet2RouteTable859486AD
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: demovpcIGW048842AE
DependsOn:
- demovpcVPCGW7D2E1CAC
Metadata:
aws:cdk:path: mycdkproject/demovpc/Public-SubentSubnet2/DefaultRoute
demovpcPrivateSubnetSubnet1Subnet7F486832:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 192.168.50.128/26
VpcId:
Ref: demovpcF2DCF540
AvailabilityZone:
Fn::Select:
- 0
- Fn::GetAZs: ""
MapPublicIpOnLaunch: false
Tags:
- Key: aws-cdk:subnet-name
Value: Private-Subnet
- Key: aws-cdk:subnet-type
Value: Private
- Key: Name
Value: mycdkproject/demovpc/Private-SubnetSubnet1
Metadata:
aws:cdk:path: mycdkproject/demovpc/Private-SubnetSubnet1/Subnet
demovpcPrivateSubnetSubnet1RouteTableDA716B65:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: demovpcF2DCF540
Tags:
- Key: Name
Value: mycdkproject/demovpc/Private-SubnetSubnet1
Metadata:
aws:cdk:path: mycdkproject/demovpc/Private-SubnetSubnet1/RouteTable
demovpcPrivateSubnetSubnet1RouteTableAssociation942BFC16:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId:
Ref: demovpcPrivateSubnetSubnet1RouteTableDA716B65
SubnetId:
Ref: demovpcPrivateSubnetSubnet1Subnet7F486832
Metadata:
aws:cdk:path: mycdkproject/demovpc/Private-SubnetSubnet1/RouteTableAssociation
demovpcPrivateSubnetSubnet1DefaultRouteDC8CEC57:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: demovpcPrivateSubnetSubnet1RouteTableDA716B65
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: demovpcPublicSubentSubnet1NATGateway89406216
Metadata:
aws:cdk:path: mycdkproject/demovpc/Private-SubnetSubnet1/DefaultRoute
demovpcPrivateSubnetSubnet2Subnet4FD8659B:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 192.168.50.192/26
VpcId:
Ref: demovpcF2DCF540
AvailabilityZone:
Fn::Select:
- 1
- Fn::GetAZs: ""
MapPublicIpOnLaunch: false
Tags:
- Key: aws-cdk:subnet-name
Value: Private-Subnet
- Key: aws-cdk:subnet-type
Value: Private
- Key: Name
Value: mycdkproject/demovpc/Private-SubnetSubnet2
Metadata:
aws:cdk:path: mycdkproject/demovpc/Private-SubnetSubnet2/Subnet
demovpcPrivateSubnetSubnet2RouteTable8983B828:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: demovpcF2DCF540
Tags:
- Key: Name
Value: mycdkproject/demovpc/Private-SubnetSubnet2
Metadata:
aws:cdk:path: mycdkproject/demovpc/Private-SubnetSubnet2/RouteTable
demovpcPrivateSubnetSubnet2RouteTableAssociationDCEDC16A:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId:
Ref: demovpcPrivateSubnetSubnet2RouteTable8983B828
SubnetId:
Ref: demovpcPrivateSubnetSubnet2Subnet4FD8659B
Metadata:
aws:cdk:path: mycdkproject/demovpc/Private-SubnetSubnet2/RouteTableAssociation
demovpcPrivateSubnetSubnet2DefaultRouteFFB48155:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: demovpcPrivateSubnetSubnet2RouteTable8983B828
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: demovpcPublicSubentSubnet1NATGateway89406216
Metadata:
aws:cdk:path: mycdkproject/demovpc/Private-SubnetSubnet2/DefaultRoute
demovpcIGW048842AE:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: mycdkproject/demovpc
Metadata:
aws:cdk:path: mycdkproject/demovpc/IGW
demovpcVPCGW7D2E1CAC:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId:
Ref: demovpcF2DCF540
InternetGatewayId:
Ref: demovpcIGW048842AE
Metadata:
aws:cdk:path: mycdkproject/demovpc/VPCGW
privatesubnet1ABCDFA53:
Type: AWS::SSM::Parameter
Properties:
Type: String
Value:
Ref: demovpcPrivateSubnetSubnet1Subnet7F486832
Name: /demo/private-subnet-1
Metadata:
aws:cdk:path: mycdkproject/private-subnet-1/Resource
privatesubnet2260E229D:
Type: AWS::SSM::Parameter
Properties:
Type: String
Value:
Ref: demovpcPrivateSubnetSubnet2Subnet4FD8659B
Name: /demo/private-subnet-2
Metadata:
aws:cdk:path: mycdkproject/private-subnet-2/Resource
CDKMetadata:
Type: AWS::CDK::Metadata
Properties:
Modules: aws-cdk=1.90.1,@aws-cdk/assets=1.90.0,@aws-cdk/aws-cloudwatch=1.90.0,@aws-cdk/aws-ec2=1.90.0,@aws-cdk/aws-events=1.90.0,@aws-cdk/aws-iam=1.90.0,@aws-cdk/aws-kms=1.90.0,@aws-cdk/aws-logs=1.90.0,@aws-cdk/aws-s3=1.90.0,@aws-cdk/aws-s3-assets=1.90.0,@aws-cdk/aws-ssm=1.90.0,@aws-cdk/cloud-assembly-schema=1.90.0,@aws-cdk/core=1.90.0,@aws-cdk/cx-api=1.90.0,@aws-cdk/region-info=1.90.0,jsii-runtime=Python/3.7.2
Metadata:
aws:cdk:path: mycdkproject/CDKMetadata/Default
Condition: CDKMetadataAvailable
Conditions:
CDKMetadataAvailable:
Fn::Or:
- Fn::Or:
- Fn::Equals:
- Ref: AWS::Region
- ap-east-1
- Fn::Equals:
- Ref: AWS::Region
- ap-northeast-1
- Fn::Equals:
- Ref: AWS::Region
- ap-northeast-2
- Fn::Equals:
- Ref: AWS::Region
- ap-south-1
- Fn::Equals:
- Ref: AWS::Region
- ap-southeast-1
- Fn::Equals:
- Ref: AWS::Region
- ap-southeast-2
- Fn::Equals:
- Ref: AWS::Region
- ca-central-1
- Fn::Equals:
- Ref: AWS::Region
- cn-north-1
- Fn::Equals:
- Ref: AWS::Region
- cn-northwest-1
- Fn::Equals:
- Ref: AWS::Region
- eu-central-1
- Fn::Or:
- Fn::Equals:
- Ref: AWS::Region
- eu-north-1
- Fn::Equals:
- Ref: AWS::Region
- eu-west-1
- Fn::Equals:
- Ref: AWS::Region
- eu-west-2
- Fn::Equals:
- Ref: AWS::Region
- eu-west-3
- Fn::Equals:
- Ref: AWS::Region
- me-south-1
- Fn::Equals:
- Ref: AWS::Region
- sa-east-1
- Fn::Equals:
- Ref: AWS::Region
- us-east-1
- Fn::Equals:
- Ref: AWS::Region
- us-east-2
- Fn::Equals:
- Ref: AWS::Region
- us-west-1
- Fn::Equals:
- Ref: AWS::Region
- us-west-2{
"Resources": {
"demovpcF2DCF540": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "192.168.50.0/24",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"InstanceTenancy": "default",
"Tags": [
{
"Key": "Name",
"Value": "mycdkproject/demovpc"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Resource"
}
},
"demovpcPublicSubentSubnet1Subnet9D54A554": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "192.168.50.0/26",
"VpcId": {
"Ref": "demovpcF2DCF540"
},
"AvailabilityZone": {
"Fn::Select": [
0,
{
"Fn::GetAZs": ""
}
]
},
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "Public-Subent"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
},
{
"Key": "Name",
"Value": "mycdkproject/demovpc/Public-SubentSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Public-SubentSubnet1/Subnet"
}
},
"demovpcPublicSubentSubnet1RouteTable91CAF0D9": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "demovpcF2DCF540"
},
"Tags": [
{
"Key": "Name",
"Value": "mycdkproject/demovpc/Public-SubentSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Public-SubentSubnet1/RouteTable"
}
},
"demovpcPublicSubentSubnet1RouteTableAssociationB046656F": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "demovpcPublicSubentSubnet1RouteTable91CAF0D9"
},
"SubnetId": {
"Ref": "demovpcPublicSubentSubnet1Subnet9D54A554"
}
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Public-SubentSubnet1/RouteTableAssociation"
}
},
"demovpcPublicSubentSubnet1DefaultRouteD441EE14": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "demovpcPublicSubentSubnet1RouteTable91CAF0D9"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "demovpcIGW048842AE"
}
},
"DependsOn": [
"demovpcVPCGW7D2E1CAC"
],
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Public-SubentSubnet1/DefaultRoute"
}
},
"demovpcPublicSubentSubnet1EIPBD2741E1": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc",
"Tags": [
{
"Key": "Name",
"Value": "mycdkproject/demovpc/Public-SubentSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Public-SubentSubnet1/EIP"
}
},
"demovpcPublicSubentSubnet1NATGateway89406216": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"demovpcPublicSubentSubnet1EIPBD2741E1",
"AllocationId"
]
},
"SubnetId": {
"Ref": "demovpcPublicSubentSubnet1Subnet9D54A554"
},
"Tags": [
{
"Key": "Name",
"Value": "mycdkproject/demovpc/Public-SubentSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Public-SubentSubnet1/NATGateway"
}
},
"demovpcPublicSubentSubnet2Subnet1ECEB9DF": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "192.168.50.64/26",
"VpcId": {
"Ref": "demovpcF2DCF540"
},
"AvailabilityZone": {
"Fn::Select": [
1,
{
"Fn::GetAZs": ""
}
]
},
"MapPublicIpOnLaunch": true,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "Public-Subent"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Public"
},
{
"Key": "Name",
"Value": "mycdkproject/demovpc/Public-SubentSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Public-SubentSubnet2/Subnet"
}
},
"demovpcPublicSubentSubnet2RouteTable859486AD": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "demovpcF2DCF540"
},
"Tags": [
{
"Key": "Name",
"Value": "mycdkproject/demovpc/Public-SubentSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Public-SubentSubnet2/RouteTable"
}
},
"demovpcPublicSubentSubnet2RouteTableAssociation4812D27C": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "demovpcPublicSubentSubnet2RouteTable859486AD"
},
"SubnetId": {
"Ref": "demovpcPublicSubentSubnet2Subnet1ECEB9DF"
}
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Public-SubentSubnet2/RouteTableAssociation"
}
},
"demovpcPublicSubentSubnet2DefaultRoute41BC99C2": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "demovpcPublicSubentSubnet2RouteTable859486AD"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "demovpcIGW048842AE"
}
},
"DependsOn": [
"demovpcVPCGW7D2E1CAC"
],
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Public-SubentSubnet2/DefaultRoute"
}
},
"demovpcPrivateSubnetSubnet1Subnet7F486832": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "192.168.50.128/26",
"VpcId": {
"Ref": "demovpcF2DCF540"
},
"AvailabilityZone": {
"Fn::Select": [
0,
{
"Fn::GetAZs": ""
}
]
},
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "Private-Subnet"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
},
{
"Key": "Name",
"Value": "mycdkproject/demovpc/Private-SubnetSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Private-SubnetSubnet1/Subnet"
}
},
"demovpcPrivateSubnetSubnet1RouteTableDA716B65": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "demovpcF2DCF540"
},
"Tags": [
{
"Key": "Name",
"Value": "mycdkproject/demovpc/Private-SubnetSubnet1"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Private-SubnetSubnet1/RouteTable"
}
},
"demovpcPrivateSubnetSubnet1RouteTableAssociation942BFC16": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "demovpcPrivateSubnetSubnet1RouteTableDA716B65"
},
"SubnetId": {
"Ref": "demovpcPrivateSubnetSubnet1Subnet7F486832"
}
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Private-SubnetSubnet1/RouteTableAssociation"
}
},
"demovpcPrivateSubnetSubnet1DefaultRouteDC8CEC57": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "demovpcPrivateSubnetSubnet1RouteTableDA716B65"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "demovpcPublicSubentSubnet1NATGateway89406216"
}
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Private-SubnetSubnet1/DefaultRoute"
}
},
"demovpcPrivateSubnetSubnet2Subnet4FD8659B": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "192.168.50.192/26",
"VpcId": {
"Ref": "demovpcF2DCF540"
},
"AvailabilityZone": {
"Fn::Select": [
1,
{
"Fn::GetAZs": ""
}
]
},
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "Private-Subnet"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
},
{
"Key": "Name",
"Value": "mycdkproject/demovpc/Private-SubnetSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Private-SubnetSubnet2/Subnet"
}
},
"demovpcPrivateSubnetSubnet2RouteTable8983B828": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "demovpcF2DCF540"
},
"Tags": [
{
"Key": "Name",
"Value": "mycdkproject/demovpc/Private-SubnetSubnet2"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Private-SubnetSubnet2/RouteTable"
}
},
"demovpcPrivateSubnetSubnet2RouteTableAssociationDCEDC16A": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "demovpcPrivateSubnetSubnet2RouteTable8983B828"
},
"SubnetId": {
"Ref": "demovpcPrivateSubnetSubnet2Subnet4FD8659B"
}
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Private-SubnetSubnet2/RouteTableAssociation"
}
},
"demovpcPrivateSubnetSubnet2DefaultRouteFFB48155": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "demovpcPrivateSubnetSubnet2RouteTable8983B828"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "demovpcPublicSubentSubnet1NATGateway89406216"
}
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/Private-SubnetSubnet2/DefaultRoute"
}
},
"demovpcIGW048842AE": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "mycdkproject/demovpc"
}
]
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/IGW"
}
},
"demovpcVPCGW7D2E1CAC": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "demovpcF2DCF540"
},
"InternetGatewayId": {
"Ref": "demovpcIGW048842AE"
}
},
"Metadata": {
"aws:cdk:path": "mycdkproject/demovpc/VPCGW"
}
},
"privatesubnet1ABCDFA53": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Type": "String",
"Value": {
"Ref": "demovpcPrivateSubnetSubnet1Subnet7F486832"
},
"Name": "/demo/private-subnet-1"
},
"Metadata": {
"aws:cdk:path": "mycdkproject/private-subnet-1/Resource"
}
},
"privatesubnet2260E229D": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Type": "String",
"Value": {
"Ref": "demovpcPrivateSubnetSubnet2Subnet4FD8659B"
},
"Name": "/demo/private-subnet-2"
},
"Metadata": {
"aws:cdk:path": "mycdkproject/private-subnet-2/Resource"
}
},
"CDKMetadata": {
"Type": "AWS::CDK::Metadata",
"Properties": {
"Modules": "aws-cdk=1.90.1,@aws-cdk/assets=1.90.0,@aws-cdk/aws-cloudwatch=1.90.0,@aws-cdk/aws-ec2=1.90.0,@aws-cdk/aws-events=1.90.0,@aws-cdk/aws-iam=1.90.0,@aws-cdk/aws-kms=1.90.0,@aws-cdk/aws-logs=1.90.0,@aws-cdk/aws-s3=1.90.0,@aws-cdk/aws-s3-assets=1.90.0,@aws-cdk/aws-ssm=1.90.0,@aws-cdk/cloud-assembly-schema=1.90.0,@aws-cdk/core=1.90.0,@aws-cdk/cx-api=1.90.0,@aws-cdk/region-info=1.90.0,jsii-runtime=Python/3.7.2"
},
"Metadata": {
"aws:cdk:path": "mycdkproject/CDKMetadata/Default"
},
"Condition": "CDKMetadataAvailable"
}
},
"Conditions": {
"CDKMetadataAvailable": {
"Fn::Or": [
{
"Fn::Or": [
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-east-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-northeast-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-northeast-2"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-south-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-southeast-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ap-southeast-2"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"ca-central-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"cn-north-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"cn-northwest-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-central-1"
]
}
]
},
{
"Fn::Or": [
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-north-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-west-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-west-2"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"eu-west-3"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"me-south-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"sa-east-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"us-east-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"us-east-2"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"us-west-1"
]
},
{
"Fn::Equals": [
{
"Ref": "AWS::Region"
},
"us-west-2"
]
}
]
}
]
}
}
}If you can see that templates are created under cdk.out. Now, let’s deploy.
cdk deploy --profile cdkprofile
PS C:\Users\Ramasankar\mycdkproject> cdk deploy --profile cdkprofile
mycdkproject: deploying...
mycdkproject: creating CloudFormation changeset...
0/25 | 6:20:17 PM | REVIEW_IN_PROGRESS | AWS::CloudFormation::Stack | mycdkproject User Initiated
0/25 | 6:20:23 PM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | mycdkproject User Initiated
0/25 | 6:20:28 PM | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
0/25 | 6:20:28 PM | CREATE_IN_PROGRESS | AWS::EC2::InternetGateway | demovpc/IGW (demovpcIGW048842AE)
0/25 | 6:20:28 PM | CREATE_IN_PROGRESS | AWS::EC2::EIP | demovpc/Public-SubentSubnet1/EIP (demovpcPublicSubentSubnet1EIPBD2741E1)
0/25 | 6:20:28 PM | CREATE_IN_PROGRESS | AWS::EC2::VPC | demovpc
(demovpcF2DCF540)
0/25 | 6:20:28 PM | CREATE_IN_PROGRESS | AWS::EC2::InternetGateway | demovpc/IGW (demovpcIGW048842AE) Resource creation Initiated
1/25 | 6:20:28 PM | CREATE_IN_PROGRESS | AWS::EC2::VPC | demovpc
(demovpcF2DCF540) Resource creation Initiated
1/25 | 6:20:29 PM | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata) Resource creation Initiated
1/25 | 6:20:30 PM | CREATE_COMPLETE | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
1/25 | 6:20:30 PM | CREATE_IN_PROGRESS | AWS::EC2::EIP | demovpc/Public-SubentSubnet1/EIP (demovpcPublicSubentSubnet1EIPBD2741E1) Resource creation Initiated
8/25 | 6:20:44 PM | CREATE_COMPLETE | AWS::EC2::InternetGateway | demovpc/IGW (demovpcIGW048842AE)
8/25 | 6:20:44 PM | CREATE_COMPLETE | AWS::EC2::VPC | demovpc
(demovpcF2DCF540)
8/25 | 6:20:46 PM | CREATE_IN_PROGRESS | AWS::EC2::RouteTable | demovpc/Public-SubentSubnet1/RouteTable (demovpcPublicSubentSubnet1RouteTable91CAF0D9)
8/25 | 6:20:46 PM | CREATE_COMPLETE | AWS::EC2::EIP | demovpc/Public-SubentSubnet1/EIP (demovpcPublicSubentSubnet1EIPBD2741E1)
8/25 | 6:20:46 PM | CREATE_IN_PROGRESS | AWS::EC2::RouteTable | demovpc/Private-SubnetSubnet1/RouteTable (demovpcPrivateSubnetSubnet1RouteTableDA716B65)
8/25 | 6:20:46 PM | CREATE_IN_PROGRESS | AWS::EC2::RouteTable | demovpc/Public-SubentSubnet2/RouteTable (demovpcPublicSubentSubnet2RouteTable859486AD)
8/25 | 6:20:46 PM | CREATE_IN_PROGRESS | AWS::EC2::RouteTable | demovpc/Private-SubnetSubnet2/RouteTable (demovpcPrivateSubnetSubnet2RouteTable8983B828)
8/25 | 6:20:46 PM | CREATE_IN_PROGRESS | AWS::EC2::VPCGatewayAttachment | demovpc/VPCGW (demovpcVPCGW7D2E1CAC)
8/25 | 6:20:46 PM | CREATE_IN_PROGRESS | AWS::EC2::RouteTable | demovpc/Private-SubnetSubnet1/RouteTable (demovpcPrivateSubnetSubnet1RouteTableDA716B65) Resource creation Initiated
8/25 | 6:20:46 PM | CREATE_IN_PROGRESS | AWS::EC2::RouteTable | demovpc/Public-SubentSubnet2/RouteTable (demovpcPublicSubentSubnet2RouteTable859486AD) Resource creation Initiated
8/25 | 6:20:47 PM | CREATE_IN_PROGRESS | AWS::EC2::Subnet | demovpc/Private-SubnetSubnet2/Subnet (demovpcPrivateSubnetSubnet2Subnet4FD8659B)
8/25 | 6:20:47 PM | CREATE_IN_PROGRESS | AWS::EC2::RouteTable | demovpc/Private-SubnetSubnet2/RouteTable (demovpcPrivateSubnetSubnet2RouteTable8983B828) Resource creation Initiated
8/25 | 6:20:47 PM | CREATE_IN_PROGRESS | AWS::EC2::RouteTable | demovpc/Public-SubentSubnet1/RouteTable (demovpcPublicSubentSubnet1RouteTable91CAF0D9) Resource creation Initiated
8/25 | 6:20:47 PM | CREATE_IN_PROGRESS | AWS::EC2::VPCGatewayAttachment | demovpc/VPCGW (demovpcVPCGW7D2E1CAC) Resource creation Initiated
8/25 | 6:20:47 PM | CREATE_IN_PROGRESS | AWS::EC2::Subnet | demovpc/Public-SubentSubnet2/Subnet (demovpcPublicSubentSubnet2Subnet1ECEB9DF)
8/25 | 6:20:47 PM | CREATE_IN_PROGRESS | AWS::EC2::Subnet | demovpc/Private-SubnetSubnet2/Subnet (demovpcPrivateSubnetSubnet2Subnet4FD8659B) Resource creation Initiated
8/25 | 6:20:47 PM | CREATE_IN_PROGRESS | AWS::EC2::Subnet | demovpc/Private-SubnetSubnet1/Subnet (demovpcPrivateSubnetSubnet1Subnet7F486832)
8/25 | 6:20:47 PM | CREATE_COMPLETE | AWS::EC2::RouteTable | demovpc/Private-SubnetSubnet1/RouteTable (demovpcPrivateSubnetSubnet1RouteTableDA716B65)
8/25 | 6:20:47 PM | CREATE_IN_PROGRESS | AWS::EC2::Subnet | demovpc/Public-SubentSubnet2/Subnet (demovpcPublicSubentSubnet2Subnet1ECEB9DF) Resource creation Initiated
8/25 | 6:20:47 PM | CREATE_IN_PROGRESS | AWS::EC2::Subnet | demovpc/Public-SubentSubnet1/Subnet (demovpcPublicSubentSubnet1Subnet9D54A554)
8/25 | 6:20:47 PM | CREATE_IN_PROGRESS | AWS::EC2::Subnet | demovpc/Private-SubnetSubnet1/Subnet (demovpcPrivateSubnetSubnet1Subnet7F486832) Resource creation Initiated
8/25 | 6:20:47 PM | CREATE_COMPLETE | AWS::EC2::RouteTable | demovpc/Public-SubentSubnet2/RouteTable (demovpcPublicSubentSubnet2RouteTable859486AD)
8/25 | 6:20:47 PM | CREATE_COMPLETE | AWS::EC2::RouteTable | demovpc/Private-SubnetSubnet2/RouteTable (demovpcPrivateSubnetSubnet2RouteTable8983B828)
8/25 | 6:20:47 PM | CREATE_COMPLETE | AWS::EC2::RouteTable | demovpc/Public-SubentSubnet1/RouteTable (demovpcPublicSubentSubnet1RouteTable91CAF0D9)
8/25 | 6:20:48 PM | CREATE_IN_PROGRESS | AWS::EC2::Subnet | demovpc/Public-SubentSubnet1/Subnet (demovpcPublicSubentSubnet1Subnet9D54A554) Resource creation Initiated
13/25 | 6:21:02 PM | CREATE_COMPLETE | AWS::EC2::VPCGatewayAttachment | demovpc/VPCGW (demovpcVPCGW7D2E1CAC)
13/25 | 6:21:03 PM | CREATE_COMPLETE | AWS::EC2::Subnet | demovpc/Private-SubnetSubnet2/Subnet (demovpcPrivateSubnetSubnet2Subnet4FD8659B)
13/25 | 6:21:03 PM | CREATE_COMPLETE | AWS::EC2::Subnet | demovpc/Public-SubentSubnet2/Subnet (demovpcPublicSubentSubnet2Subnet1ECEB9DF)
13/25 | 6:21:04 PM | CREATE_COMPLETE | AWS::EC2::Subnet | demovpc/Private-SubnetSubnet1/Subnet (demovpcPrivateSubnetSubnet1Subnet7F486832)
13/25 | 6:21:04 PM | CREATE_COMPLETE | AWS::EC2::Subnet | demovpc/Public-SubentSubnet1/Subnet (demovpcPublicSubentSubnet1Subnet9D54A554)
13/25 | 6:21:04 PM | CREATE_IN_PROGRESS | AWS::EC2::Route | demovpc/Public-SubentSubnet2/DefaultRoute (demovpcPublicSubentSubnet2DefaultRoute41BC99C2)
13/25 | 6:21:04 PM | CREATE_IN_PROGRESS | AWS::EC2::Route | demovpc/Public-SubentSubnet1/DefaultRoute (demovpcPublicSubentSubnet1DefaultRouteD441EE14)
13/25 | 6:21:04 PM | CREATE_IN_PROGRESS | AWS::EC2::Route | demovpc/Public-SubentSubnet2/DefaultRoute (demovpcPublicSubentSubnet2DefaultRoute41BC99C2) Resource creation Initiated
13/25 | 6:21:04 PM | CREATE_IN_PROGRESS | AWS::EC2::Route | demovpc/Public-SubentSubnet1/DefaultRoute (demovpcPublicSubentSubnet1DefaultRouteD441EE14) Resource creation Initiated
13/25 | 6:21:05 PM | CREATE_IN_PROGRESS | AWS::SSM::Parameter | private-subnet-2 (privatesubnet2260E229D)
13/25 | 6:21:05 PM | CREATE_IN_PROGRESS | AWS::EC2::SubnetRouteTableAssociation | demovpc/Private-SubnetSubnet2/RouteTableAssociation (demovpcPrivateSubnetSubnet2RouteTableAssociationDCEDC16A)
13/25 | 6:21:05 PM | CREATE_IN_PROGRESS | AWS::EC2::SubnetRouteTableAssociation | demovpc/Public-SubentSubnet2/RouteTableAssociation (demovpcPublicSubentSubnet2RouteTableAssociation4812D27C)
13/25 | 6:21:05 PM | CREATE_IN_PROGRESS | AWS::SSM::Parameter | private-subnet-1 (privatesubnet1ABCDFA53)
13/25 | 6:21:06 PM | CREATE_IN_PROGRESS | AWS::EC2::SubnetRouteTableAssociation | demovpc/Private-SubnetSubnet1/RouteTableAssociation (demovpcPrivateSubnetSubnet1RouteTableAssociation942BFC16)
13/25 | 6:21:06 PM | CREATE_IN_PROGRESS | AWS::EC2::SubnetRouteTableAssociation | demovpc/Private-SubnetSubnet2/RouteTableAssociation (demovpcPrivateSubnetSubnet2RouteTableAssociationDCEDC16A) Resource creation Initiated
13/25 | 6:21:06 PM | CREATE_IN_PROGRESS | AWS::EC2::NatGateway | demovpc/Public-SubentSubnet1/NATGateway (demovpcPublicSubentSubnet1NATGateway89406216)
13/25 | 6:21:06 PM | CREATE_IN_PROGRESS | AWS::EC2::SubnetRouteTableAssociation | demovpc/Public-SubentSubnet2/RouteTableAssociation (demovpcPublicSubentSubnet2RouteTableAssociation4812D27C) Resource creation Initiated
13/25 | 6:21:06 PM | CREATE_IN_PROGRESS | AWS::EC2::SubnetRouteTableAssociation | demovpc/Public-SubentSubnet1/RouteTableAssociation (demovpcPublicSubentSubnet1RouteTableAssociationB046656F)
15/25 | 6:21:06 PM | CREATE_IN_PROGRESS | AWS::EC2::NatGateway | demovpc/Public-SubentSubnet1/NATGateway (demovpcPublicSubentSubnet1NATGateway89406216) Resource creation Initiated
15/25 | 6:21:06 PM | CREATE_IN_PROGRESS | AWS::EC2::SubnetRouteTableAssociation | demovpc/Private-SubnetSubnet1/RouteTableAssociation (demovpcPrivateSubnetSubnet1RouteTableAssociation942BFC16) Resource creation Initiated
15/25 | 6:21:06 PM | CREATE_IN_PROGRESS | AWS::EC2::SubnetRouteTableAssociation | demovpc/Public-SubentSubnet1/RouteTableAssociation (demovpcPublicSubentSubnet1RouteTableAssociationB046656F) Resource creation Initiated
15/25 | 6:21:07 PM | CREATE_IN_PROGRESS | AWS::SSM::Parameter | private-subnet-2 (privatesubnet2260E229D) Resource creation Initiated
15/25 | 6:21:07 PM | CREATE_IN_PROGRESS | AWS::SSM::Parameter | private-subnet-1 (privatesubnet1ABCDFA53) Resource creation Initiated
15/25 | 6:21:07 PM | CREATE_COMPLETE | AWS::SSM::Parameter | private-subnet-2 (privatesubnet2260E229D)
15/25 | 6:21:08 PM | CREATE_COMPLETE | AWS::SSM::Parameter | private-subnet-1 (privatesubnet1ABCDFA53)
21/25 | 6:21:20 PM | CREATE_COMPLETE | AWS::EC2::Route | demovpc/Public-SubentSubnet2/DefaultRoute (demovpcPublicSubentSubnet2DefaultRoute41BC99C2)
21/25 | 6:21:20 PM | CREATE_COMPLETE | AWS::EC2::Route | demovpc/Public-SubentSubnet1/DefaultRoute (demovpcPublicSubentSubnet1DefaultRouteD441EE14)
21/25 | 6:21:21 PM | CREATE_COMPLETE | AWS::EC2::SubnetRouteTableAssociation | demovpc/Private-SubnetSubnet2/RouteTableAssociation (demovpcPrivateSubnetSubnet2RouteTableAssociationDCEDC16A)
21/25 | 6:21:21 PM | CREATE_COMPLETE | AWS::EC2::SubnetRouteTableAssociation | demovpc/Public-SubentSubnet2/RouteTableAssociation (demovpcPublicSubentSubnet2RouteTableAssociation4812D27C)
21/25 | 6:21:22 PM | CREATE_COMPLETE | AWS::EC2::SubnetRouteTableAssociation | demovpc/Private-SubnetSubnet1/RouteTableAssociation (demovpcPrivateSubnetSubnet1RouteTableAssociation942BFC16)
21/25 | 6:21:22 PM | CREATE_COMPLETE | AWS::EC2::SubnetRouteTableAssociation | demovpc/Public-SubentSubnet1/RouteTableAssociation (demovpcPublicSubentSubnet1RouteTableAssociationB046656F)
21/25 Currently in progress: mycdkproject, demovpcPublicSubentSubnet1NATGateway89406216
22/25 | 6:22:54 PM | CREATE_COMPLETE | AWS::EC2::NatGateway | demovpc/Public-SubentSubnet1/NATGateway (demovpcPublicSubentSubnet1NATGateway89406216)
22/25 | 6:22:56 PM | CREATE_IN_PROGRESS | AWS::EC2::Route | demovpc/Private-SubnetSubnet1/DefaultRoute (demovpcPrivateSubnetSubnet1DefaultRouteDC8CEC57)
22/25 | 6:22:56 PM | CREATE_IN_PROGRESS | AWS::EC2::Route | demovpc/Private-SubnetSubnet2/DefaultRoute (demovpcPrivateSubnetSubnet2DefaultRouteFFB48155)
22/25 | 6:22:56 PM | CREATE_IN_PROGRESS | AWS::EC2::Route | demovpc/Private-SubnetSubnet1/DefaultRoute (demovpcPrivateSubnetSubnet1DefaultRouteDC8CEC57) Resource creation Initiated
22/25 | 6:22:57 PM | CREATE_IN_PROGRESS | AWS::EC2::Route | demovpc/Private-SubnetSubnet2/DefaultRoute (demovpcPrivateSubnetSubnet2DefaultRouteFFB48155) Resource creation Initiated
25/25 | 6:23:12 PM | CREATE_COMPLETE | AWS::EC2::Route | demovpc/Private-SubnetSubnet1/DefaultRoute (demovpcPrivateSubnetSubnet1DefaultRouteDC8CEC57)
25/25 | 6:23:12 PM | CREATE_COMPLETE | AWS::EC2::Route | demovpc/Private-SubnetSubnet2/DefaultRoute (demovpcPrivateSubnetSubnet2DefaultRouteFFB48155)
25/25 | 6:23:14 PM | CREATE_COMPLETE | AWS::CloudFormation::Stack | mycdkproject
✅ mycdkproject
Oh, well how simple is that? Very minimal code and you don’t need to write large cloud formation templates. This is just a sample example, i’m going to upload full project in my github repository (https://github.com/sankar276/awscdkpython)
Hope you enjoyed the post.
Cheers
Ramasankar Molleti
Ramasankar Molleti Blog 
One thought on “AWS CDK (Python)- How to Configure VPC, Subnets, Internet gateway, NatGateway”