Create AWS Site

Objective

This guide provides instructions on how to deploy Volterra sites in AWS. For more information on Volterra site, see Volterra Site.

You can deploy an AWS site in the following ways:

Note: Configuring site mesh group is not supported for the sites deployed from VoltConsole.

Using the instructions provided in this guide, you can deploy an ingress gateway site or ingress/egress gateway site. For more information, see Network Topology of a Site.


Design

AWS VPC site automates the deployment of Volterra sites in AWS. As part of the AWS VPC site configuration, users can indicate that new VPC, subnets, route tables need to be created or specify existing VPC and subnet information. In case user specifies existing VPC and subnet information, creation of VPC and subnet resources are skipped.

AWS VPC Site Deployment Types

A Volterra site can be deployed in 3 different modes. Those modes are:

  1. Ingress Gateway (One Interface): In this deployment mode, the Volterra site is attached to a single VPC and single Subnet. It can provide discovery of services & endpoints reachable from this subnet to any other site configured in the customer tenant.
  2. Ingress/Egress Gateway (Two Interfaces): In this deployment mode, the Volterra site is attached to a single VPC with at least two interfaces on different subnets. One subnet is labeled as Outside and the other as Inside. In this mode, the Volterra site provides security and connectivity for VMs & Subnets via default gateway through the Volterra Site Inside interface.
  3. VoltStack Cluster (One Interface): The VoltMesh deployment and configuration of this site is identical to Ingress Gateway (One Interface). The difference with this deployment is the Certified Hardware Type being aws-byol-voltstack-combo. This configures and deploys an instance type that allows the site to have Kubernetes Pods and VMs deployed using Volterra Virtual K8s.

Ingress Gateway (One Interface)

In this deployment mode, VoltMesh needs one interface attached. Services running on the node connect to the internet using this interface. Also, this interface is used to discover other services and virtual machines, and expose them to other Volterra sites in the same tenant. For example, in the below figure, TCP or HTTP services on the DevOps or Dev EC2 instances can be discovered and exposed via reverse proxy remotely.

As shown in the below figure, the interface is on the Outside subnet which is associated with the VPC main routing table whose default route is pointing to the internet gateway. That is how traffic coming from the outside interface can reach the internet, along with other subnets associated with this routing-table object. In case of other subnets (i.e. Dev & Devops), these are associated with the VPC main routing table. This means that any newly created subnet in this VPC is automatically associated with this routing table.

design ingr gw
Figure: AWS VPC Site Deployment - Ingress Gateway (One Interface)

Ingress/Egress Gateway (Two Interfaces)

In this deployment scenario the VoltMesh nodes need two interfaces attached. The first interface is the outside interface through which services running on the node can connect to the internet. The second interface is the inside interface which will become the default gateway IP address for all the application workloads & services present in the private subnets.

As shown in the below figure, the outside interface is on the outside subnet which is associated with the outside subnet route table whose default route is pointing to the internet gateway. That is how traffic coming from the outside interface can reach the internet. In case of inside subnets these are associated with the inside subnet route table which is also the main route table for this VPC. This means that any newly created subnet in this VPC is automatically associated with the inside subnet route table. This private subnet route table has a default route pointing to the inside IP address of the VoltMesh node (192.168.32.186).

design ingr egr gw
Figure: AWS VPC Site Deployment - Ingress / Egress Gateway (Two Interfaces) - Single AZ

Once the VoltMesh site comes online, the inside network of the node will be connected to the outside network through a forward proxy and SNAT enabled on the outside interface. Such that all traffic coming on the inside interface will be forwarded to the internet over the forward proxy and SNAT happening on the outside interface. Now all the workloads on private subnets can reach the internet through VoltMesh site.

VoltStack Cluster (One Interface)

This scenario is identical to Ingress Gateway (One Interface) in terms of how the site networking and forwarding/security is configured. In addition to that, the VoltStack (Volterra’s Distributed Application Management Platform) is also made available.

In this deployment scenario, the VoltMesh needs one interface attached. Services running on the node connect to the internet using this interface. Also, this interface is used to discover other services and virtual machines, and expose them to other Volterra sites in the same tenant. For example, in the below figure, TCP or HTTP services on the DevOps or Dev EC2 instances can be discovered and exposed via reverse proxy remotely.

If configured in a vK8s cluster, applications can be deployed onto this site’s VoltStack offering. The services/pods of the site's VoltStack can be exposed to other services & VMs on the VPC routing table; or made available externally via EIP or Volterra’s Application Delivery Network (ADN).

As shown in the below figure, the interface is on the Outside subnet which is associated with the VPC main routing table whose default route is pointing to the internet gateway. That is how traffic coming from the outside interface can reach the Internet, along with other subnets associated with this routing-table object. In case of other subnets (i.e. Dev & Devops), these are associated with the VPC main routing table. This means that any newly created subnet in this VPC is automatically associated with this routing table.

design vs clust
Figure: AWS VPC Site Deployment - VoltStack Cluster (One Interface)

Network Policies

The Volterra site can be your ingress/egress security policy enforcement point as all the traffic coming from private subnets will flow through Volterra Site. Traffic that does not match the type defined in network policy is denied by default.

You can specify the endpoint or subnet using the network policy. You can define the egress policy by adding the egress rules from the point of endpoint to deny or allow specific traffic patterns based on intent. You can also add ingress rules to deny or allow traffic coming towards the endpoint.

Forward Proxy Policy

Using a forward proxy policy, the user can specify allowed/denied TLS domains or HTTP URLs. The traffic from workloads on private subnets towards the Internet via the Volterra site is allowed or denied accordingly.

More details on how to configure this is captured in the rest of this document.


Prerequisites

The following prerequisites apply:


Deploy Using VoltConsole

The following video shows the AWS VPC site object creation and site deployment workflow using VoltConsole:

AWS VPC site object creation and deployment requires performing the following sequence of actions:

Phase Description
Create AWS VPC Object Create the VPC object in VoltConsole using the guided wizard.
Deploy Site Deploy the sites configured in the VPC object using automated or assisted method.

Create AWS VPC Site Object

The wizard to create the AWS VPC site object guides you through the steps for required configuration. This document covers each guided step and explains the required actions to be performed for each step.

Perform the following steps:

Step 1: Log into the VoltConsole and start AWS VPC site object creation.

Select Manage -> Site Management from the section tabs in the system namespace on the primary navigation. Select AWS VPC Site from the pages. Click Add AWS VPC Site. Enter a name for your VPC site object in the metadata section.

Step 2: Configure the VPC and site settings.

Go to Site Type Selection section and perform the following:

Step 2.1: Set region and configure VPC.
  • Select a region in the AWS Region drop-down field.
  • Select an option for the Select existing VPC or create new VPC field and configure as per the following guidelines:

    • For the New VPC Parameters option, select an option for the AWS VPC Name field. The Autogenerate VPC Name option is selected by default. If you select Choose VPC Nameoption, enter a VPC name in the Choose VPC Name field.
    • For the Existing VPC ID option, enter an existing VPC ID in the Existing VPC ID field.
  • Enter the CIDR in the Primary IPv4 CIDR block field.

vpc nodetype new
Figure: VPC and Node Type Configuration

Step 2.2: Set the node configuration.

Select an option for the Select Ingress Gateway or Ingress/Egress Gateway field and perform one of the following steps accordingly.

Configure Ingress Gateway

For the Ingress Gateway (One Interface) option, click Configure and perform configuration as per the following guidelines:

  • Select an option for the AWS AZ name field that matches the configured AWS Region.
  • Select New Subnet or Existing Subnet ID for the Select Existing Subnet or Create New field and enter a subnet address in the IPv4 Subnet or a subnet ID in Existing Subnet ID options accordingly. Ensure that the subnet is part of the CIDR block set in the previous step.

Note: The AWS Certified Hardware is set to aws-byol-voltmesh by default. You can add more than one node using the Add item option.

Configure Ingress/Egress Gateway

For the Ingress/Egress Gateway (Two Interface) option, click Configure to open the two-interface node configuration wizard and enter the configuration as per the following guidelines.

  • Select an option for the AWS AZ name field that matches the configured AWS Region.
  • Select an option for the Subnet Choices for Inside Interface field as per the following guidelines:

    • Select Use Reserved Subnet from Primary CIDR to use a subnet from primary CIDR.
    • Select Subnet for Inside Interface option to configure subnet for inside interface manually. Configure the subnet as per the following guidelines:
    • Select New Subnetor Existing Subnet ID for the Select Existing Subnet or Create New field in the Subnet for Inside Interface section. Enter a subnet address in the IPv4 Subnet or a subnet ID in Existing Subnet ID options accordingly.
  • Select New Subnetor Existing Subnet ID for the Select Existing Subnet or Create New field in the Workload Subnet section. Enter a subnet address in the IPv4 Subnet or a subnet ID in Existing Subnet ID options accordingly.
  • Select New Subnetor Existing Subnet ID for the Select Existing Subnet or Create New field in the Subnet for Outside Interface section. Enter a subnet address in the IPv4 Subnet or a subnet ID in Existing Subnet ID options accordingly.

    two int nodes
    Figure: Ingress/Egress Gateway Settings

Note: Workload subnet is the network where your application workloads are hosted.

Optional Configuration
  • In the Site Network Firewall section, optionally select Active Network Policies in the Manage Network Policy field. Select an existing network policy or click Create new network policy to create and apply a network policy. After creating the policy, click Continue to apply.
  • Optionally select Enable Forward Proxy with Allow All Policy or Enable Forward Proxy and Manage Policies in the Manage Forward Proxy Policy field. For the latter option, select an existing forward proxy policy or click Create new forward proxy policy to create and apply a forward proxy policy. After creating the policy, click Continue to apply.

    twoint nwf
    Figure: Network Firewall Configuration for Node

  • In the advanced options section, enable the Show Advanced Fields option.
  • Select Connect Global Networks for the Select Global Networks to Connect field. Click Configure. Select a connection type for the Select Network Connection Type field. Select a global network from the list of networks displayed in the Global Virtual Network field. You can also select Create new global vn to launch the global network creation wizard. Create a global network using the wizard and click Continue. Click Apply.
  • Select Manage Static Routes for the Manage Static Routes for Inside Network field and click Add item for the Static route list field. Perform one of the following steps:

    • Select Simple Static Route and enter a static route in the Simple Static Route field.
    • Select Custom Static Route and click Configure under the Custom Static Route option and perform the following steps:
    • In the Subnets section, select IPv4 or IPv6 option for the Version field. Enter a prefix and prefix length for your subnet. You can use the Add item option to set more subnets.
    • In the Nexthop section, select a next-hop type for the Type field. Select IPv4 or IPv6 for the Version field in the Address section and enter an IP address accordingly. Click Select interface object and select a network interface or click Add new network interface to create and apply a new network interface. Click Select interface object to apply the interface.
    • In the Attributes section, select supported attributes in the Attributes field. You can select more than one from this list.
    • Click Apply to add the custom route.
  • Select Manage Static Routes for the Manage Static Routes for Outside Network field and click Add item for the Static route list field. Follow the same procedure as that of managing the static routes for inside network.
  • Click Apply.

Note: The AWS Certified Hardware is set to aws-byol-multi-nic-voltmesh by default. You can add more than one node using the Add item option.

Voltstack Cluster (One Interface)

For the Voltstack Cluster (One Interface) option, click Configure to open the Voltstack cluster configuration wizard and enter the configuration as per the following guidelines.

  • Select an option for the AWS AZ name field that matches the configured AWS Region.
  • Select New Subnetor Existing Subnet ID for the Select Existing Subnet or Create New field in the Subnet for local Interface section. Enter a subnet address in the IPv4 Subnet or a subnet ID in Existing Subnet ID options accordingly.
  • Select New Subnetor Existing Subnet ID for the Select Existing Subnet or Create New field in the Subnet for Outside Interface section. Enter a subnet address in the IPv4 Subnet or a subnet ID in Existing Subnet ID options accordingly.
Optional Configuration
  • In the Site Network Firewall section, optionally select Active Network Policies in the Manage Network Policy field. Select an existing network policy or click Create new network policy to create and apply a network policy. After creating the policy, click Continue to apply.
  • Optionally select Enable Forward Proxy with Allow All Policy or Enable Forward Proxy and Manage Policies in the Manage Forward Proxy Policy field. For the latter option, select an existing forward proxy policy or click Create new forward proxy policy to create and apply a forward proxy policy. After creating the policy, click Continue to apply.
  • In the advanced options section, enable the Show Advanced Fields option.
  • Select Connect Global Networks for the Select Global Networks to Connect field. Click Configure. Select a connection type for the Select Network Connection Type field. Select a global network from the list of networks displayed in the Global Virtual Network field. You can also select Create new global vn to launch the global network creation wizard. Create a global network using the wizard and click Continue. Click Apply.
  • Select Manage Static Routes for the Manage Static Routes for Inside Network field and click Add item for the Static route list field. Perform one of the following steps:

    • Select Simple Static Route and enter a static route in the Simple Static Route field.
    • Select Custom Static Route and click Configure under the Custom Static Route option and perform the following steps:
    • In the Subnets section, select IPv4 or IPv6 option for the Version field. Enter a prefix and prefix length for your subnet. You can use the Add item option to set more subnets.
    • In the Nexthop section, select a next-hop type for the Type field. Select IPv4 or IPv6 for the Version field in the Address section and enter an IP address accordingly. Click Select interface object and select a network interface or click Add new network interface to create and apply a new network interface. Click Select interface object to apply the interface.
    • In the Attributes section, select supported attributes in the Attributes field. You can select more than one from this list.
    • Click Apply to add the custom route.
  • Select Manage Static Routes for the Manage Static Routes for Outside Network field and click Add item for the Static route list field. Follow the same procedure as that of managing the static routes for inside network.
  • Click Apply.

Note: The AWS Certified Hardware is set to aws-byol-voltstack-combo by default. You can add more than one node using the Add item option.

Step 2.3: Set the deployment type.

Select an option for the Select Automatic or Assisted Deployment field and perform further actions as per the following guidelines.

  • For the Automatic Deployment option, select an existing AWS credentials object or click Create new aws cred option to load new credential creation wizard. Create the new credentials as per the following guidelines:

    • Enter a name in the metadata section. Optionally set labels and enter a description.
    • Select AWS Programmatic Access Credentials in the Select Cloud Credential Type field. Enter the AWS access ID in the Access Key ID field and click Configure under the Secret Key field.
    • Select an option for the Secret Info. If you select Blindfold Secret, enter the secret in the Location field. If you select Clear Secret, enter the secret in the Clear Secret field in either ASCII or base64(binary) formats. Click Apply.
    • Click Continue to add the new credentials.

Note: Refer to the Cloud Credentials guide for more information. Ensure that the AWS credentials are applied with required access policies as per the Policy Requirements document.

  • For the Assisted Deployment option, obtain the AWS parameters after this VPC object is created in VoltConsole and perform the site deployment as per the instructions in the Deploy Site chapter.

    auto deployment
    Figure: Deployment Configuration

Step 3: Set the site node parameters.

Go to the Site Node Parameters section and perform the following:

  • Set the AWS instance type by selecting an option for the AWS Instance Type for Node field.
  • Enter your SSH key in the Public SSH key field.

    site node params new
    Figure: Site Node Parameters Configuration

Note: Enable the Show Advanced Fields option to set the worker node count. Enter the number of worker nodes in the Desired Worker Nodes Per AZ field. The number of worker nodes you set here will be created per the region in which you created nodes. For example, if you configure 3 nodes in 3 regions and set the Desired Worker Nodes Per AZ field as 3, 3 worker nodes per region get created and total number of worker nodes for this AWS VPC site will be 9.

Step 4: Complete the AWS VPC site object creation.

Click Save and Exit to complete creating the AWS VPC site.

Note: The Status field for the VPC object shows Generated.


Deploy Site

Creating the AWS VPC object in VoltConsole generates the terraform parameters. You can deploy the site using automatic or assisted deployment, depending on your AWS VPC site object configuration.

Automatic Deployment

Perform this procedure in case you created the VPC object with automatic deployment option.

  • Navigate to the created AWS VPC object using the Manage -> Site Management -> AWS VPC Site option. Find your AWS VPC object and click Apply under the Actions column. The Status field for your AWS VPC object changes to Applying.

Note: Optionally, you can perform terraform plan activity before the deployment. Find your AWS VPC site object and click ... -> Plan (Optional) to start the action of terraform plan. This creates the execution plan for terraform.

  • Wait for the apply to complete and the status to change to Applied.

Note: You can check the status for the apply action. Click ... -> Terraform Parameters for your AWS VPC site object and click the Apply Status tab.

  • Navigate to Sites -> Sites List. Find your site from the displayed list and verify that the status is ONLINE.

Note: It takes a few minutes for the site to be deployed and status to become ONLINE.

Assisted Deployment

Perform this procedure in case you created the VPC site object with assisted deployment option.

  • Download the terraform variables in case of assisted deployment. Navigate to the created AWS VPC site object using the Manage -> Site Management -> AWS VPC Site path.
  • Find your AWS VPC site object and click ... -> Terraform Parameters for it. Copy the parameters to a file in your local machine.
  • Download Volterra's volt-terraform container.
docker pull gcr.io/volterraio/volt-terraform
  • Run the terraform container.
docker run --entrypoint tail --name terraform-cli -d -it \
-w /terraform/templates \
-v ${HOME}/.ssh:/root/.ssh \
gcr.io/volterraio/volt-terraform:latest \
-f /dev/null
  • Copy the downloaded terraform variables file to the container. The following example copies to the /var/tmp folder on the container.
docker cp /Users/ted/Downloads/system-aws-vpc-a.json terraform-cli:/var/tmp
  • Download API certificate from the VoltConsole and copy it to the container
docker cp /Users/ted/Downloads/playground.console.api-creds.p12 terraform-cli:/var/tmp

Note: See the Generate API Certificate for information on API credentials.

  • Enter the terraform container.
docker exec -it terraform-cli sh
  • Configure AWS API access and secret key.
aws configure

Note: For more information, refer to AWS documentation.

  • Change to the VPC template directory.
cd /terraform/templates/views/assisted/aws-volt-node
  • Set the following environment variables required for the Volterra provider.
  • VOLT_API_P12_FILE: This is for the path to API certificate file.
  • VES_P12_PASSWORD: This variable is for API credentials password. This is the password which you set while downloading API certificate.
  • VOLT_API_URL: This is for the tenant URL.

The following is a sample. Change the values as per your setup.

export VOLT_API_P12_FILE="/var/tmp/playground.console.api-creds.p12"
export VES_P12_PASSWORD=<api_cred_password>
export VOLT_API_URL="https://playground.console.ves.volterra.io/api"
export TF_VAR_akar_api_url=$VOLT_API_URL
  • Deploy the nodes by executing the terraform commands.
terraform init
terraform apply -var-file=/var/tmp/system-aws-vpc-a.json

Note: The terraform init command downloads the terraform providers defined in the module. When the terraform apply command is executed, it prompts for user input to proceed. Enter yes to begin deploying the node(s) and wait for the deployment to complete.

  • Navigate to Sites -> Sites List. Find your site from the displayed list and verify that the status is ONLINE.

Note: It takes a few minutes for the site to be deployed and status to become ONLINE.


Delete VPC Site

Perform one of the following to delete the VPC site as per the type of deployment:

Automatic Deployment: Delete the VPC object from the VoltConsole in case of sites deployed using automatic deployment method.

Perform the following to delete the VPC object:

  • Navigate to the created AWS VPC object using the Manage -> Site Management -> AWS VPC Site option.
  • Find your AWS VPC object and click ... -> Delete.
  • Click Delete in the confirmation window.

Note: Deleting the VPC object deletes the sites and nodes from the VPC and deletes the VPC. In case the delete operation does not remove the object and returns any error, check the error from the status, fix the error, and re-attempt the delete operation. If the problem persists, contact technical support. You can check the status using the ... ->Terraform Parameters-> Apply status option.

Assisted Deployment: Delete the terraform deployment made in assisted mode and then delete the site in VoltConsole.
Step 1: Delete the terraform deployment.
  • Enter the terraform container.
docker exec -it terraform-cli sh
  • Change to the VPC template directory.
cd /terraform/templates/views/assisted/aws-volt-node
  • Set the environment variable needed for volterra provider
  • VOLT_API_P12_FILE: This is for the path to API certificate file.
  • VES_P12_PASSWORD: This variable is for API credentials password. This is the password which you set while downloading API certificate.
  • VOLT_API_URL: This is for the tenant URL.

The following is a sample. Change the values as per your setup.

export VOLT_API_P12_FILE="/var/tmp/playground.console.api-creds.p12"
export VES_P12_PASSWORD=<api_cred_password>
export VOLT_API_URL="https://playground.console.ves.volterra.io/api"
export TF_VAR_akar_api_url=$VOLT_API_URL
  • Destroy the site objects from AWS by executing the terraform commands.
terraform init
terraform destroy -var-file=/var/tmp/system-aws-vpc-a.json

Note: When the terraform destroy command is executed, it prompts for user input to proceed. Enter yes and wait for the destroy to complete.

Step 2: Delete the site from VoltConsole.

Perform the following to delete the VPC object:

  • Navigate to the created AWS VPC object using the Manage -> Site Management -> AWS VPC Site option.
  • Find your AWS VPC object and click ... -> Delete.
  • Click Delete in the confirmation window.

Deploy Using Vesctl

The vesctl is a configuration command line utility that allows users to create, debug and diagnose Volterra Services configuration. See vesctl repository for information on download and download the tool.

Create AWS VPC Site

The following is a prerequisite for deploying using the vesctl site aws_vpc command:

Create a Cloud Credential object and use --cloud-cred flag to refer it or set environment variable AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY so that site creation workflow creates a cloud credential object.

Note: When deleting the site, the cloud credential created through vesctl site aws_vpc command does not get deleted.

Ingress Gateway: Create ingress gateway site.
Single-Node Site:Create a single-node site.
  • Enter the following command to create single-node site with new vpc:
vesctl site aws_vpc create --gw-type ingress_gw --name aws-nyc01 --action apply --region us-east-2 --vpc-cidr 192.168.0.0/22 --outside-subnets 192.168.0.0/24 --action apply
  • Enter the following command to create single-node site with existing vpc and subnet-id:
vesctl site aws_vpc create --gw-type ingress_gw --name aws-nyc01 --action apply --region us-east-2 --vpc-id <vpc-xxxxx> --outside-subnet-ids <subnet-xxxxx> --action apply
Multi-Node Site:Create a multi-node site.
  • Enter the following command to create multi-node site with new vpc:
vesctl site aws_vpc create --gw-type ingress_gw --name aws-nyc01 --action apply --region us-east-2 \
--azs us-east-2a,us-east-2b,us-east-2c --vpc-cidr 192.168.0.0/22 \
--outside-subnets 192.168.0.0/25,192.168.1.0/25,192.168.2.0/25 --action apply
  • Enter the following command to create multi-node site with existing vpc and subnet-id:
vesctl site aws_vpc create --gw-type ingress_gw --name aws-nyc01 --action apply --region us-east-2 \
--azs us-east-2a,us-east-2b,us-east-2c --vpc-id <vpc-xxxxx> \
--outside-subnet-ids subnet-id1,subnet-id2,subnet-id3 --action apply
Ingress/Egress Gateway: Create ingress/egress gateway site.
Single-Node Site:Create a single-node site.
  • Enter the following command to create a single-node ingress/egress gateway site with new vpc:
vesctl site aws_vpc create --gw-type ingress_egress_gw --name aws-nyc01 --action apply --region us-east-2 --vpc-cidr 192.168.0.0/22 --outside-subnets 192.168.0.0/24 --inside-subnets 192.168.1.0/24 --action apply
  • Enter the following command to create a single-node ingress/egress gateway site with existing vpc and subnet-id:
vesctl site aws_vpc create --gw-type ingress_egress_gw --name aws-nyc01 --action apply --region us-east-2 --vpc-id <vpc-xxxxx> --outside-subnet-ids <subnet-xxxxx> --inside-subnet-ids <subnet-yyyyyy> --action apply
Multi-Node Site:Create a multi-node site.
  • Enter the following command to create a multi-node ingress/egress gateway site with new vpc:
vesctl site aws_vpc create --gw-type ingress_egress_gw --name aws-nyc01 --action apply --region us-east-2 \
--azs us-east-2a,us-east-2b,us-east-2c --vpc-cidr 192.168.0.0/22 \
--outside-subnets 192.168.0.0/25,192.168.1.0/25,192.168.2.0/25 \
--inside-subnets 192.168.0.128/25,192.168.1.128/25,192.168.2.128/25 --action apply
  • Enter the following command to create a multi-node ingress/egress gateway site with existing vpc and subnet-id:
vesctl site aws_vpc create --gw-type ingress_egress_gw --name aws-nyc01 --action apply --region us-east-2 \
--azs us-east-2a,us-east-2b,us-east-2c --vpc-id <vpc-xxxxx> \
--outside-subnet-ids subnet-id1,subnet-id2,subnet-id3 \
--inside-subnet-ids subnet-id4,subnet-id5,subnet-id6 --action apply

Note: Enter the vesctl site aws_vpc create --help command to view the command help.


Replace AWS VPC site

Replace Site: Replace the AWS VPC site using the aws_vpc replace command.
vesctl site aws_vpc replace --name aws-nyc01 --os-version <new-version> --software-version <new-version>

Note: Enter the vesctl site aws_vpc replace --help command to view the command help.


Delete AWS VPC site

Delete Site: Delete the AWS VPC site using the aws_vpc delete command.
vesctl site aws_vpc delete --name aws-nyc01

Note: Enter the vesctl site aws_vpc delete --help command to view the command help.


Concepts


API References