How to create a VPC using Python Boto3 on Ubuntu

Boto3 is the Amazon Web Services (AWS) SDK for Python. It is the Python library that allows users or developers to create, configure, and manage AWS services and resources. Boto3 provides an API for AWS services that can be used to manage AWS services and resources such as EC2, RDS, S3, etc.

To learn more about Boto3, you can visit its official site here.

Before we continue, I assume that you are familiar with VPC. If not, you can click here to learn how to create a VPC from the AWS console.

In this article, we will see how to install the Boto3 library and use it to create a simple VPC together with its dependent components in AWS. We will create a public subnet in the VPC.

Pre-requisites

  1. AWS Account (Create if you don’t have one)
  2. Basic  understanding of VPC
  3. Basic understanding of Python
  4. Python available on the system

 What we will do

  1. Install Boto3
  2. Know the required method
  3. Create a VPC using Python Boto3

Install Boto3

Python comes by default in Ubuntu 18.04 Server, so you do not need to install it.

To check the Python version on your system, use the following command.

which python
/usr/bin/python --version

OR

python --version

Check Python version

If you do not have pip and you are using Ubuntu 18.04, execute the following command to first update the local repo.

sudo apt update

Update packages

 To install pip use the following command

sudo apt install python-pip

Install python Pip

To check the version of Pip installed, execute the following command.

pip --version

Check PIP version

Once you have python and pip, you can install Boto3.

Installing Boto3 is very simple and straight. To install Boto3 use the following command.

pip install boto3

Install Boto3 using pip

To check if the Boto3 is installed and to check its version, execute the following command.

pip show boto3

pip show boto3


Know the required methods

To create a VPC and its dependent components we will use the following methods.

  1. create_vpc
  2. create_route_table
  3. create_internet_gateway
  4. create_subnet
  5. associate_with_subnet

Now, let's see the methods with their list of acceptable parameters. We shall not use all parameters but you can give it a try if you want.

Request Syntax of  create_vpc method

response = client.create_vpc(
    CidrBlock='string',
    AmazonProvidedIpv6CidrBlock=True|False,
    Ipv6Pool='string',
    Ipv6CidrBlock='string',
    DryRun=True|False,
    InstanceTenancy='default'|'dedicated'|'host',
    Ipv6CidrBlockNetworkBorderGroup='string'
)
  1. CidrBlock: The IPv4 network range for the VPC, in CIDR notation. This is a mandatory field and a VPC can not be created without this.

Request Syntax of create_route_table method

route_table = ec2.create_route_table(
    DryRun=True|False,
    VpcId='string'
)
  1. VpcId: The ID of the VPC. This is a mandatory field and used to create a Route Table in the Specified VPC

Request Syntax of create_internet_gateway method

response = client.create_internet_gateway(
    DryRun=True|False
)

Every VPC has a single Internet Gateway. This will be attache with the VPC

Request Syntax of create_subnet method

subnet = ec2.create_subnet(
    AvailabilityZone='string',
    AvailabilityZoneId='string',
    CidrBlock='string',
    Ipv6CidrBlock='string',
    OutpostArn='string',
    VpcId='string',
    DryRun=True|False
)
  1. CidrBlock: The IPv4 network range for the subnet, in CIDR notation. This is used to Subdivide the VPC.
  2. VpcId: The ID of the VPC. 

Request Syntax of associate_with_subnet method

route_table_association = route_table.associate_with_subnet(
    DryRun=True|False,
    SubnetId='string',
    GatewayId='string'
)
  1. SubnetId: The ID of the subnet.
    Or
  2. GatewayId: The ID of the internet gateway or virtual private gateway.

Create a VPC using Python Boto3

To create a VPC, create "vpc.py" with the following block of code.

Make sure you change the value of "aws_access_key_id_value" and "aws_secret_access_key_value" with your own access_key_id and access_key_value respectively. Also change the value of "region_name". 

If you want you can change the values of CidrBlock for "create_vpc" and "create_subnet" or you can keep as is. 

vim vpc.py

import boto3

ec2 = boto3.resource('ec2', aws_access_key_id='ACCESS-KEY-OF-THE-AWS-ACCOUNT',
                     aws_secret_access_key='SECRETE-KEY-OF-THE-AWS-ACCOUNT',
                     region_name='AWS-Region')

vpc = ec2.create_vpc(CidrBlock='192.168.0.0/16')
# Assign a name to the VPC
vpc.create_tags(Tags=[{"Key": "Name", "Value": "my_vpc"}])
vpc.wait_until_available()
print(vpc.id)

# Create and Attach the Internet Gateway
ig = ec2.create_internet_gateway()
vpc.attach_internet_gateway(InternetGatewayId=ig.id)
print(ig.id)

# Create a route table and a public route to Internet Gateway
route_table = vpc.create_route_table()
route = route_table.create_route(
    DestinationCidrBlock='0.0.0.0/0',
    GatewayId=ig.id
)
print(route_table.id)

# Create a Subnet
subnet = ec2.create_subnet(CidrBlock='192.168.1.0/24', VpcId=vpc.id)
print(subnet.id)

# associate the route table with the subnet
route_table.associate_with_subnet(SubnetId=subnet.id)

Create AWS VPS using Boto3

Now, to create a VPC with the above specified configuration, execute the python script using the following command.

python vpc.py

Run Python script

You can verify if the VPC has been created from the AWS Console.

VPC created in AWS using Python

In the above screenshot, you can see that the VPC with the specified CIDR and Name has been created. You can check for components like Subnet, Internet Gateway, Route Table.

Conclusion

In this article, we saw how to create a VPC with Public Subnet. We created a Route Table, Internet Gateway, Subnet in the VPC. We saw how a subnet can be associated with the Route Table which has a Public route to an Internet Gateway.  You can now customize this code and create a VPC with multiple subnets, associate them with Route Table and have Public or Private Subnets as per your requirement. To create a Private Subnet, you would need to create a Nat Gateway and associate it with the Subnet. This association will then make the Subnet Private with an outgoing connection to the Internet.

Share this page:

0 Comment(s)