Automate AWS VPC Setup with AWS PowerShell and CSV

This post is about how to automate the creation of the Amazon Virtual Private Cloud Network for use with Amazon EC2 Instances. We can accomplish this task by filling out a .csv file and running the accompanying script. This script accomplishes the following based on the information provided in the .csv file for each row of the file.

• Creates and Names a VPC
• Creates and Names a Subnet
• Creates and Names a Route Table
• Associates a Subnet to the Route Table
• Creates and Names a Internet Gateway
• Associates The Internet Gateway with the VCP
• Creates a Static Route to the Internet Gateway
• Enables DNS Support
• Builds a Security Group and Associates it with the VPC
• Adds a Inbound Firewall Rule for the security group based on the information provided in the .csv file.

The goal of the script is to accomplish automation of the wizard based build process within the AWS console, while allowing the .csv file to be used for pre-install documentation for customers wanting to setup a new AWS VPC.  First lets examine our .csv file, which can be downloaded from the zip file below that contains both our script and the .csv file.

CSV File for VPC Automation Script

AWSVPCSCRIPT

The file above shows that we are creating two VPCs with CIDR blocks of 192.168.16.0/20 and 192.168.32.0/20. Within these two VPCs, we have a single subnet range for each VPC, the region we want to create the VPC in, and Port/IP information for the security groups in each VPC. We also provide names for all of the components within the VPC.  Now let’s take a look at the actual script below and variables that will need to be edited.

User Required Modifications for VPC Automation Script

To login to AWS with PowerShell, the script will need the highlighted lines edited with the appropriate access key and secret key for your AWS environment and pointed to the appropriate location on your system where the .csv file is stored. The full script can be seen below.

AWS Script File

########## Build AWS VPC with 1 Public Subnet, Internet Gateway and Security Group for RDP Access from .csv file ##########
########## Terrance Levon Johnson ##########
########## 8-15-2018 ##########
########## Version 1.0 ##########



##### Imports AWS PowerShell Module #####

import-module AWSPowerShell

################################################### EDIT AccessKey,SecretKey and .csv file location For YOUR ENVIRONMENT ############################

##### Logs into to AWS with Credentials  #####
$AccessKey = "AAAAAAAAAAAAAAAAAAAA"
$SecretKey = "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"

##### Imports CSV FILE ##### 

$VPCCONFIGFILE = import-csv C:\Temp\VPC1.csv

set-awscredentials -AccessKey $AccessKey -SecretKey $SecretKey
################################################### EDIT AccessKey,SecretKey and .csv file location For YOUR ENVIRONMENT ############################


##### Script Loop Begins #####

foreach($VPC in $VPCCONFIGFILE)
{

##### Set-DefaultAWS Region #####

Set-DefaultAWSRegion -Region $VPC.Region

##### Creates NEW VPC #####

NEW-EC2VPC -CidrBlock $VPC.VPCIPV4CIDR -Region $VPC.Region

##### Builds Tag for VPC #####

$tagvpc = New-Object Amazon.EC2.Model.Tag
$tagvpc.Key = "Name"
$tagvpc.Value = $VPC.VPCNAME
$VPCPROD = get-ec2vpc -Region us-east-1 | where { $_.CidrBlock -eq $VPC.VPCIPV4CIDR }
$VPCPRODNAME = $VPCPROD.VpcId

##### Applies Tag Name for VPC #####

new-ec2tag -resource $VPCPROD.VpcId -tag $tagvpc

##### Build EC2 Public Subnet #####

New-EC2Subnet -VpcId $VPCPROD.VpcId -CidrBlock $VPC.PublicSubnet
$tagpublicsubnet = New-Object Amazon.EC2.Model.Tag
$tagpublicsubnet.Key = "Name"
$tagpublicsubnet.Value = $VPC.PublicSubnetName
$PublicSub = get-ec2subnet | where { $_.CidrBlock -eq $VPC.PublicSubnet }

##### Applies Tag Name for Public Subnet #####

new-ec2tag -resource $PublicSub.SubnetId -tag $tagpublicsubnet

##### Creates Route Table for Public Subnet #####

$PublicRouteTable = new-ec2routetable -VpcId $VPCPROD.VpcId
$PublicRouteTable.RouteTableID

$tagpublicrt = New-Object Amazon.EC2.Model.Tag
$tagpublicrt.Key = "Name"
$tagpublicrt.Value = $VPC.PublicSubnetRouteTableName

##### Applies Tag Name for Public Route Table #####

new-ec2tag -resource $PublicRouteTable.RouteTableId -tag $tagpublicrt

##### Associate Public Route Table with Public Subnet #####

Register-EC2RouteTable -RouteTableId $PublicRouteTable.RouteTableId -SubnetId $PublicSub.SubnetId

##### Create EC2 Internet Gateway #####

$PublicIGateway = New-EC2InternetGateway

##### Name EC2 Internet Gateway #####

$tagpublicIGW = New-Object Amazon.EC2.Model.Tag
$tagpublicIGW.Key = "Name"
$tagpublicIGW.Value = $VPC.InternetGatewayName

##### Applies Tag Name for EC2 Internet Gateway #####

new-ec2tag -resource $PublicIGateway.InternetgatewayID -tag $tagpublicIGW

##### Attach EC2 Internet Gateway to VPC #####

Add-EC2InternetGateway -InternetGatewayId $PublicIGateway.InternetgatewayID -VpcId $VPCPROD.VpcId

##### Create EC2 Static Route to Point to Internet Gateway #####

New-EC2Route -RouteTableId $PublicRouteTable.RouteTableID -DestinationCidrBlock 0.0.0.0/0 -GatewayId $PublicIGateway.InternetgatewayID

##### Enable DNS Support for VPC #####

get-ec2vpcattribute -VpcId $VPCPROD.VpcId -Attribute enableDnsSupport
get-ec2vpcattribute -VpcId $VPCPROD.VpcId -Attribute enableDnsHostnames

edit-ec2vpcattribute -VpcId $VPCPROD.VpcId -EnableDnsSupport $true
edit-ec2vpcattribute -VpcId $VPCPROD.VpcId -EnableDnsHostnames $true

##### Build Security Group for VPC #####

New-EC2SecurityGroup -GroupName $VPC.SecurityGroupName -Description $VPC.SecurityGroupDescrip -VpcId $VPCPROD.VpcId

##### Add Security Group Firewall Rules #####

$Rule1 = new-object Amazon.EC2.Model.IpPermission 
$Rule1.IpProtocol = $VPC.InboundProtocol 
$Rule1.FromPort = $VPC.SrcPort
$Rule1.ToPort = $VPC.DestPort
$Rule1.IpRanges.Add($VPC.IP) 

$SecurityGroup1 = Get-EC2SecurityGroup | where { $_.GroupName -eq $VPC.SecurityGroupName }

Grant-EC2SecurityGroupIngress -GroupId $SecurityGroup1.GroupId -IpPermissions @( $Rule1 )

}

AWS VPC Script Running Output

The screenshots below shows the output of the script when run.

AWS VPC and Security Group Information from the AWS Console

The screenshots below shows the VPC components that were created from the script within the AWS console.

Conclusion

So as we can see, this is just one example of how we can use PowerShell to automate AWS tasks from a .csv file. I hope you all found this post useful and as always, thanks for reading.