In [1]:
# pip install boto3 
import secret, time, boto3 # see https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html 

from operator import itemgetter 
class EC2:
    def __init__(self, region_name): 
        aws_access_key_id     = secret.aws_access_key_id
        aws_secret_access_key = secret.aws_secret_access_key   
        session = boto3.Session(region_name           = region_name          , 
                                aws_access_key_id     = aws_access_key_id    , 
                                aws_secret_access_key = aws_secret_access_key)
        self.client   = session.client('ec2')
        self.resource = session.resource('ec2')
        self.availability_zone = ''
    
    def choose_first_availability_zone(self):
        self.availability_zone = [i['ZoneName'] for i in self.client.describe_availability_zones()['AvailabilityZones']][0]
        
    def create_key_pair(self, KeyName): # ssh key pair
        self.resource.create_key_pair(KeyName=KeyName)
        
    def get_image_id_of_latest_ubuntu_20_04(self):
        ubuntu_20_04_images = self.client.describe_images(    
            Filters=[
                { 'Name': 'architecture', 'Values': [ 'x86_64', ] },
                { 'Name': 'image-type', 'Values': [ 'machine', ] },
                { 'Name': 'state', 'Values': [ 'available', ] }, 
                { 'Name': 'name', 'Values': [ 'ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-????????', ] },]
        )['Images']
        return sorted(ubuntu_20_04_images, key=itemgetter('CreationDate'), reverse=True)[0]['ImageId']

ec2 = EC2(region_name='us-east-2')
ec2.choose_first_availability_zone()

# Play with Virtual Private Cloud (VPC)
* Create VPC (a routing table and a security group are created automaticlly)
* Create Subnet in VPC
* Create Internet Gateway and attach it to the VPC
* Create a rule that routes outbound traffic of the subnet to internet through the gateway 
* Create a security group and allow inbound traffic to the subnet
![Structure](https://docs.aws.amazon.com/vpc/latest/userguide/images/case-1.png)

### Create a VPC

In [2]:
tag_key_of_vpc = 'myVPC'

myVPC = ec2.resource.create_vpc(  
    CidrBlock='192.168.0.0/16',  
    TagSpecifications=[
        {
            'ResourceType': 'vpc',
            'Tags': [
                {
                    'Key': tag_key_of_vpc, # No necessarily unique
                    'Value': 'Full name is Virtual Private Cloud' 
}, ] }, ] ) 
VpcId = myVPC.id

### Create a subnet inside the VPC

In [3]:
tag_key_of_subset = 'mySubnet'

mySubnet = myVPC.create_subnet(
    CidrBlock='192.168.1.0/24',  
    AvailabilityZone=ec2.availability_zone,
    TagSpecifications=[
        {
            'ResourceType': 'subnet',
            'Tags': [
                {
                    'Key': 'mySubnet',
                    'Value': 'Um'
}, ] }, ] ) 
SubnetId = mySubnet.id 

## Create an internet gateway (IG) outside the VPC and attach it to the VPC

In [4]:
tag_key_of_ig = 'myIG'

myIG = ec2.resource.create_internet_gateway(  
    TagSpecifications=[
        {
            'ResourceType': 'internet-gateway',
            'Tags': [
                {
                    'Key': tag_key_of_ig,
                    'Value': 'Why I need this jerk!'
}, ] }, ] )
igwId=myIG.id

_ = myIG.attach_to_vpc(VpcId=VpcId) # Gateway of VPC not subnet

## OK, our instance has a subnet to use, but the subnet does not have the IG. No Internet Gateway, No Internet Connection. Let's manipulate the route table and give the subnet the IG

In [5]:
# Get route table id
main_table_id = ec2.client.describe_route_tables(
    Filters=[{'Name': 'association.main', 'Values': ['true']}, {'Name': 'vpc-id', 'Values': [VpcId]}]
)['RouteTables'][0]['RouteTableId']

# Get table
routeTable = ec2.resource.RouteTable(main_table_id)

routeTable.create_route(
    DestinationCidrBlock='0.0.0.0/0', 
    GatewayId=igwId,
)

ec2.Route(route_table_id='rtb-040a8953c50f8f9df', destination_cidr_block='0.0.0.0/0')

### Security Group (SG) / Firewall Rule allows the inbound connection

In [6]:
GroupName = 'my_sec_grp'

mySG = myVPC.create_security_group( Description='FuckGreatFirewall', GroupName=GroupName )
GroupId = mySG.id

_ = mySG.authorize_ingress(IpPermissions=[               # create new one
                         {'IpProtocol': 'tcp',
                          'FromPort': 22,
                          'ToPort': 22,
                          'IpRanges': [{'CidrIp': '0.0.0.0/0'}]}
]) 

### SSH Key Pair

In [7]:
myKeyPair = ec2.resource.create_key_pair(KeyName='my_keypair_at_Ohio')

KeyName = myKeyPair.key_name

### Create an instance in the subnet

In [8]:
ImageId = ec2.get_image_id_of_latest_ubuntu_20_04() 

In [9]:
instanceInfo = ec2.resource.create_instances(  
    KeyName=KeyName,              # ssh key
    ImageId=ImageId,  
    InstanceType='t2.micro',
    MaxCount=1, MinCount=1,
    EbsOptimized=False,   
    NetworkInterfaces=[
        {    
            'AssociatePublicIpAddress': True,
            'DeleteOnTermination': True, 
            'DeviceIndex': 0, 
            'SubnetId': SubnetId, 
            'Groups': [
                GroupId, # security group
            ],
        }, 
    ] 
)

### IP and private key for SSH connection

In [10]:
myInstance = ec2.resource.Instance(instanceInfo[0].instance_id)
myInstance.wait_until_running()
print('Public IP:', myInstance.public_ip_address) 
print('SSH private key:')
print(myKeyPair.key_material)

Public IP: 3.22.41.66
SSH private key:
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAoYffIb3Lz0i8lRnD9YxMLzQH4oimAHmajKhaRU4fwP/75lAw
66M2Q+hwMkxSebIEno/F8/AIQTai3/GTJRw6P7Al9U7CMB27kKu9b4EEWGJ0/qrk
kXuq9MdaaG8rQELHUxNODxBkODCczcx+KEIv2B1Rt7U/oSvVzmzBa7KfXFzAIz+j
RiEYZNSYxLgcXXWRjUj8B+kLOaoJEr0W567UKCRFzP6Yw9TyEvsbqSNxV0kCyRIy
2IcJ7tCXvfqmOqMENtZiYHFDRYkjaZtlyROS9B/N9iG8BaT1XlhUacT13JW18Srw
kRvn0sQzShQRhWFjDa8L0KaJ0vcaFtfTJb0XJwIDAQABAoIBAHaV2lDaFrMxkgjg
JoWxHwkUaKl9amk03SpgOg1hQlydUWAPBSso4iDOlvfGIlJnR47kvA3O7TB7HO3N
WxpGc9jnx6Yk0NkkKtwVyPgAPqFofr2r1iucH7CeXhgHbTg7DjxGEutqPDkoLyXC
9+c0WA2P0LtOm80F8mweWY1oUCgsXirTnmfRUsO7TW7nnLBiNjtuZPGPCx9GbsdQ
pCAFtY0GWlCQ/0UTGxOAdUuxBaQjSfi4e1g8w+nrOHx5BJUNx8H4+KyFZFvFAMxf
43B43QWdlo145BgNOA8cKmxA3xUv/UKopxEmLi0FPwo8SDnshq1EnddruU4gUFvI
M4ywv1ECgYEA6N3J89Uxfuby/rQ/BFHB1JAf2wM0D+DkE8cSEHLjHY8VOY2qBQfz
4nS4QrUdK8vb3ct4ZVS4EcRlYvY53Tl02FHRJv7115zVJFn2zODLeCRj7zDKQ0FP
YRJhxXSeQwz6Uzn7YaOruCwoaDcpbGDn591RslA29nAB0qCIccTOKdkCgYEAsZPj
uUQwe9VP+cuS2qd9lGz

# Delete everything we just created !!!

In [11]:
myInstance.terminate()
myInstance.wait_until_terminated() 
myIG.detach_from_vpc(VpcId=myVPC.vpc_id) # detach internet gateway
myIG.delete()                            # delete igw
mySubnet.delete()                        # subnet
mySG.delete()                            # security group 
myVPC.delete()                           # vpc
_ = myKeyPair.delete()