あめがえるのITブログ

頑張りすぎない。ほどほどに頑張るブログ。

aws cdk(typescript)でVPC他を作ってみた

aws cdkを少しでも覚えたいのでとりあえずなにかを作ってみた。

やること

aws cdk(TypeScript)でVPCを作成する。

実践!

1.プロジェクト作成
1-1.PowerShellで下記を実行

> cdk init app --language typescript
PS C:\typescript> cdk init app --language typescript
Applying project template app for typescript
# Welcome to your CDK TypeScript project

This is a blank project for CDK development with TypeScript.

The `cdk.json` file tells the CDK Toolkit how to execute your app.       

## Useful commands

* `npm run build`   compile typescript to js
* `npm run watch`   watch for changes and compile
* `npm run test`    perform the jest unit tests
* `npx cdk deploy`  deploy this stack to your default AWS account/region 
* `npx cdk diff`    compare deployed stack with current state
* `npx cdk synth`   emits the synthesized CloudFormation template        

Initializing a new git repository...
Executing npm install...
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
✅ All done!


2.コード作成
2-1.lib/typescript-stack.tsを開き、下記を入力
※importの2行と、export classからsuperまでの3行は必ず使う文言なのでおまじないとして覚える。

import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
// import * as sqs from 'aws-cdk-lib/aws-sqs';
import { Vpc } from 'aws-cdk-lib/aws-ec2';

export class TypescriptStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    new Vpc(this, 'Vpc');
  }
}


3.作成
3-1.PowerShellで下記を実行

> cdk bootstrap --profile <Profile名>
PS C:\typescript> cdk bootstrap --profile testvault
 ⏳  Bootstrapping environment aws://xxxxxxxxxxxx/ap-northeast-1...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.
 ✅  Environment aws://xxxxxxxxxxxx/ap-northeast-1 bootstrapped (no changes).

3-2.PowerShellで下記を実行

> cdk deploy --profile <Profile名>
PS C:\typescript> cdk deploy --profile testvault

✨  Synthesis time: 6.25s

TypescriptStack:  start: Building ee7de53d64cc9d6248fa6aa550f92358f6c907b5efd6f3298aeab1b5e7ea358a:current_account-current_region
TypescriptStack:  success: Built ee7de53d64cc9d6248fa6aa550f92358f6c907b5efd6f3298aeab1b5e7ea358a:current_account-current_region
TypescriptStack:  start: Building 6c8accc9ce1df3c3e70991c10bcf3807d91862f3f1de732b98e7f54e2b9555dc:current_account-current_region
TypescriptStack:  success: Built 6c8accc9ce1df3c3e70991c10bcf3807d91862f3f1de732b98e7f54e2b9555dc:current_account-current_region
TypescriptStack:  start: Publishing ee7de53d64cc9d6248fa6aa550f92358f6c907b5efd6f3298aeab1b5e7ea358a:current_account-current_region
TypescriptStack:  start: Publishing 6c8accc9ce1df3c3e70991c10bcf3807d91862f3f1de732b98e7f54e2b9555dc:current_account-current_region
TypescriptStack:  success: Published 6c8accc9ce1df3c3e70991c10bcf3807d91862f3f1de732b98e7f54e2b9555dc:current_account-current_region
TypescriptStack:  success: Published ee7de53d64cc9d6248fa6aa550f92358f6c907b5efd6f3298aeab1b5e7ea358a:current_account-current_region
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).        
Please confirm you intend to make the following modifications:

IAM Statement Changes
┌───┬─────────────┬────────┬─────────────┬─────────────┬───────────────┐
│   │ Resource    │ Effect │ Action      │ Principal   │ Condition     │ 
├───┼─────────────┼────────┼─────────────┼─────────────┼───────────────┤ 
│ + │ ${Custom::V │ Allow  │ sts:AssumeR │ Service:lam │               │ 
│   │ pcRestrictD │        │ ole         │ bda.amazona │               │ 
│   │ efaultSGCus │        │             │ ws.com      │               │ 
│   │ tomResource │        │             │             │               │ 
│   │ Provider/Ro │        │             │             │               │ 
│   │ le.Arn}     │        │             │             │               │ 
├───┼─────────────┼────────┼─────────────┼─────────────┼───────────────┤ 
│ + │ arn:${AWS:: │ Allow  │ ec2:Authori │ AWS:${Custo │               │ 
│   │ Partition}: │        │ zeSecurityG │ m::VpcRestr │               │ 
│   │ ec2:${AWS:: │        │ roupEgress  │ ictDefaultS │               │ 
│   │ Region}:${A │        │ ec2:Authori │ GCustomReso │               │ 
│   │ WS::Account │        │ zeSecurityG │ urceProvide │               │ 
│   │ Id}:securit │        │ roupIngress │ r/Role}     │               │ 
│   │ y-group/${V │        │ ec2:RevokeS │             │               │ 
│   │ pc8378EB38. │        │ ecurityGrou │             │               │ 
│   │ DefaultSecu │        │ pEgress     │             │               │ 
│   │ rityGroup}  │        │ ec2:RevokeS │             │               │ 
│   │             │        │ ecurityGrou │             │               │ 
│   │             │        │ pIngress    │             │               │ 
└───┴─────────────┴────────┴─────────────┴─────────────┴───────────────┘ 
IAM Policy Changes
┌───┬────────────────────────────────┬─────────────────────────────────┐
│   │ Resource                       │ Managed Policy ARN              │ 
├───┼────────────────────────────────┼─────────────────────────────────┤ 
│ + │ ${Custom::VpcRestrictDefaultSG │ {"Fn::Sub":"arn:${AWS::Partitio │ 
│   │ CustomResourceProvider/Role}   │ n}:iam::aws:policy/service-role │ 
│   │                                │ /AWSLambdaBasicExecutionRole"}  │ 
└───┴────────────────────────────────┴─────────────────────────────────┘ 
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Do you wish to deploy these changes (y/n)? y
TypescriptStack: deploying... [1/1]
TypescriptStack: creating CloudFormation changeset...
TypescriptStack |  0/28 | 21:10:22 | CREATE_IN_PROGRESS   | AWS::EC2::VPC                         | Vpc (Vpc8378EB38) Resource creation Initiated 
TypescriptStack |  0/28 | 21:10:22 | CREATE_IN_PROGRESS   | AWS::EC2::InternetGateway             | Vpc/IGW (VpcIGWD7BA715C) Eventual consistency check initiated
TypescriptStack |  0/28 | 21:10:22 | CREATE_IN_PROGRESS   | AWS::EC2::EIP                         | Vpc/PublicSubnet2/EIP (VpcPublicSubnet2EIP3C605A87) Eventual consistency check initiated
TypescriptStack |  0/28 | 21:10:23 | CREATE_IN_PROGRESS   | AWS::EC2::EIP                         | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669) Eventual consistency check initiated
TypescriptStack |  0/28 | 21:10:10 | REVIEW_IN_PROGRESS   | AWS::CloudFormation::Stack            | TypescriptStack User Initiated
TypescriptStack |  0/28 | 21:10:17 | CREATE_IN_PROGRESS   | AWS::CloudFormation::Stack            | TypescriptStack User Initiated
TypescriptStack |  0/28 | 21:10:20 | CREATE_IN_PROGRESS   | AWS::CDK::Metadata                    | CDKMetadata/Default (CDKMetadata)
TypescriptStack |  0/28 | 21:10:20 | CREATE_IN_PROGRESS   | AWS::EC2::EIP                         | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669)
TypescriptStack |  0/28 | 21:10:20 | CREATE_IN_PROGRESS   | AWS::EC2::InternetGateway             | Vpc/IGW (VpcIGWD7BA715C)
TypescriptStack |  0/28 | 21:10:21 | CREATE_IN_PROGRESS   | AWS::EC2::VPC                         | Vpc (Vpc8378EB38)
TypescriptStack |  0/28 | 21:10:21 | CREATE_IN_PROGRESS   | AWS::EC2::EIP                         | Vpc/PublicSubnet2/EIP (VpcPublicSubnet2EIP3C605A87)
TypescriptStack |  0/28 | 21:10:22 | CREATE_IN_PROGRESS   | AWS::EC2::InternetGateway             | Vpc/IGW (VpcIGWD7BA715C) Resource creation Initiated
TypescriptStack |  0/28 | 21:10:22 | CREATE_IN_PROGRESS   | AWS::CDK::Metadata                    | CDKMetadata/Default (CDKMetadata) Resource creation Initiated
TypescriptStack |  1/28 | 21:10:22 | CREATE_COMPLETE      | AWS::CDK::Metadata                    | CDKMetadata/Default (CDKMetadata)
TypescriptStack |  1/28 | 21:10:22 | CREATE_IN_PROGRESS   | AWS::EC2::EIP                         | Vpc/PublicSubnet2/EIP (VpcPublicSubnet2EIP3C605A87) Resource creation Initiated
TypescriptStack |  1/28 | 21:10:22 | CREATE_IN_PROGRESS   | AWS::EC2::EIP                         | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:33 | CREATE_COMPLETE      | AWS::EC2::VPC                         | Vpc (Vpc8378EB38)
TypescriptStack |  2/28 | 21:10:34 | CREATE_IN_PROGRESS   | AWS::EC2::VPCGatewayAttachment        | Vpc/VPCGW (VpcVPCGWBF912B6E)
TypescriptStack |  2/28 | 21:10:34 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet1/RouteTable (VpcPrivateSubnet1RouteTableB2C5B500)
TypescriptStack |  2/28 | 21:10:34 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PublicSubnet1/RouteTable (VpcPublicSubnet1RouteTable6C95E38E)
TypescriptStack |  2/28 | 21:10:34 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet2/RouteTable (VpcPrivateSubnet2RouteTableA678073B)
TypescriptStack |  2/28 | 21:10:34 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PublicSubnet2/RouteTable (VpcPublicSubnet2RouteTable94F7E489)
TypescriptStack |  2/28 | 21:10:34 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PrivateSubnet2/Subnet (VpcPrivateSubnet2Subnet3788AAA1)
TypescriptStack |  2/28 | 21:10:34 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PublicSubnet2/Subnet (VpcPublicSubnet2Subnet691E08A3)
TypescriptStack |  2/28 | 21:10:34 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PrivateSubnet1/Subnet (VpcPrivateSubnet1Subnet536B997A)
TypescriptStack |  2/28 | 21:10:34 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PublicSubnet1/Subnet (VpcPublicSubnet1Subnet5C2D37C4)
TypescriptStack |  2/28 | 21:10:35 | CREATE_IN_PROGRESS   | AWS::IAM::Role                        | Custom::VpcRestrictDefaultSGCustomResourceProvider/Role (CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0) 
TypescriptStack |  2/28 | 21:10:35 | CREATE_IN_PROGRESS   | AWS::EC2::VPCGatewayAttachment        | Vpc/VPCGW (VpcVPCGWBF912B6E) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:35 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet1/RouteTable (VpcPrivateSubnet1RouteTableB2C5B500) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:35 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PublicSubnet2/Subnet (VpcPublicSubnet2Subnet691E08A3) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:35 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PrivateSubnet2/Subnet (VpcPrivateSubnet2Subnet3788AAA1) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:35 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet2/RouteTable (VpcPrivateSubnet2RouteTableA678073B) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:35 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PublicSubnet2/RouteTable (VpcPublicSubnet2RouteTable94F7E489) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:35 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PublicSubnet1/RouteTable (VpcPublicSubnet1RouteTable6C95E38E) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:35 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PrivateSubnet1/Subnet (VpcPrivateSubnet1Subnet536B997A) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:35 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PublicSubnet1/Subnet (VpcPublicSubnet1Subnet5C2D37C4) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:36 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet2/RouteTable (VpcPrivateSubnet2RouteTableA678073B) Eventual consistency check initiated
TypescriptStack |  2/28 | 21:10:36 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet1/RouteTable (VpcPrivateSubnet1RouteTableB2C5B500) Eventual consistency check initiated
TypescriptStack |  2/28 | 21:10:36 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PublicSubnet2/RouteTable (VpcPublicSubnet2RouteTable94F7E489) Eventual consistency check initiated
TypescriptStack |  2/28 | 21:10:36 | CREATE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PublicSubnet1/RouteTable (VpcPublicSubnet1RouteTable6C95E38E) Eventual consistency check initiated
TypescriptStack |  2/28 | 21:10:36 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PrivateSubnet2/Subnet (VpcPrivateSubnet2Subnet3788AAA1) Eventual consistency check initiated
TypescriptStack |  2/28 | 21:10:36 | CREATE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PrivateSubnet1/Subnet (VpcPrivateSubnet1Subnet536B997A) Eventual consistency check initiated
TypescriptStack |  2/28 | 21:10:36 | CREATE_IN_PROGRESS   | AWS::IAM::Role                        | Custom::VpcRestrictDefaultSGCustomResourceProvider/Role (CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0) Resource creation Initiated
TypescriptStack |  2/28 | 21:10:36 | CREATE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PrivateSubnet2/RouteTableAssociation (VpcPrivateSubnet2RouteTableAssociationA89CAD56)
TypescriptStack |  3/28 | 21:10:36 | CREATE_COMPLETE      | AWS::EC2::VPCGatewayAttachment        | Vpc/VPCGW (VpcVPCGWBF912B6E)
TypescriptStack |  3/28 | 21:10:36 | CREATE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PrivateSubnet1/RouteTableAssociation (VpcPrivateSubnet1RouteTableAssociation70C59FA6)
TypescriptStack |  4/28 | 21:10:37 | CREATE_COMPLETE      | AWS::EC2::InternetGateway             | Vpc/IGW (VpcIGWD7BA715C)
TypescriptStack |  5/28 | 21:10:37 | CREATE_COMPLETE      | AWS::EC2::EIP                         | Vpc/PublicSubnet2/EIP (VpcPublicSubnet2EIP3C605A87)
TypescriptStack |  6/28 | 21:10:37 | CREATE_COMPLETE      | AWS::EC2::EIP                         | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669)
TypescriptStack |  7/28 | 21:10:38 | CREATE_COMPLETE      | AWS::EC2::Subnet                      | Vpc/PrivateSubnet2/Subnet (VpcPrivateSubnet2Subnet3788AAA1)
TypescriptStack |  7/28 | 21:10:38 | CREATE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PrivateSubnet2/RouteTableAssociation (VpcPrivateSubnet2RouteTableAssociationA89CAD56) Resource creation Initiated  
TypescriptStack |  7/28 | 21:10:38 | CREATE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PrivateSubnet1/RouteTableAssociation (VpcPrivateSubnet1RouteTableAssociation70C59FA6) Resource creation Initiated  
TypescriptStack |  8/28 | 21:10:38 | CREATE_COMPLETE      | AWS::EC2::Subnet                      | Vpc/PublicSubnet2/Subnet (VpcPublicSubnet2Subnet691E08A3)
TypescriptStack |  9/28 | 21:10:38 | CREATE_COMPLETE      | AWS::EC2::Subnet                      | Vpc/PrivateSubnet1/Subnet (VpcPrivateSubnet1Subnet536B997A)
TypescriptStack | 10/28 | 21:10:38 | CREATE_COMPLETE      | AWS::EC2::SubnetRouteTableAssociation | Vpc/PrivateSubnet2/RouteTableAssociation (VpcPrivateSubnet2RouteTableAssociationA89CAD56)
TypescriptStack | 11/28 | 21:10:38 | CREATE_COMPLETE      | AWS::EC2::SubnetRouteTableAssociation | Vpc/PrivateSubnet1/RouteTableAssociation (VpcPrivateSubnet1RouteTableAssociation70C59FA6)
TypescriptStack | 12/28 | 21:10:39 | CREATE_COMPLETE      | AWS::EC2::Subnet                      | Vpc/PublicSubnet1/Subnet (VpcPublicSubnet1Subnet5C2D37C4)
TypescriptStack | 12/28 | 21:10:39 | CREATE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PublicSubnet2/RouteTableAssociation (VpcPublicSubnet2RouteTableAssociationDD5762D8)
TypescriptStack | 12/28 | 21:10:39 | CREATE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PublicSubnet1/RouteTableAssociation (VpcPublicSubnet1RouteTableAssociation97140677)
TypescriptStack | 12/28 | 21:10:40 | CREATE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PublicSubnet2/RouteTableAssociation (VpcPublicSubnet2RouteTableAssociationDD5762D8) Resource creation Initiated    
TypescriptStack | 13/28 | 21:10:40 | CREATE_COMPLETE      | AWS::EC2::SubnetRouteTableAssociation | Vpc/PublicSubnet2/RouteTableAssociation (VpcPublicSubnet2RouteTableAssociationDD5762D8)
TypescriptStack | 13/28 | 21:10:41 | CREATE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PublicSubnet1/RouteTableAssociation (VpcPublicSubnet1RouteTableAssociation97140677) Resource creation Initiated    
TypescriptStack | 14/28 | 21:10:41 | CREATE_COMPLETE      | AWS::EC2::SubnetRouteTableAssociation | Vpc/PublicSubnet1/RouteTableAssociation (VpcPublicSubnet1RouteTableAssociation97140677)
TypescriptStack | 15/28 | 21:10:46 | CREATE_COMPLETE      | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet1/RouteTable (VpcPrivateSubnet1RouteTableB2C5B500)
TypescriptStack | 16/28 | 21:10:46 | CREATE_COMPLETE      | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet2/RouteTable (VpcPrivateSubnet2RouteTableA678073B)
TypescriptStack | 17/28 | 21:10:46 | CREATE_COMPLETE      | AWS::EC2::RouteTable                  | Vpc/PublicSubnet2/RouteTable (VpcPublicSubnet2RouteTable94F7E489)
TypescriptStack | 18/28 | 21:10:46 | CREATE_COMPLETE      | AWS::EC2::RouteTable                  | Vpc/PublicSubnet1/RouteTable (VpcPublicSubnet1RouteTable6C95E38E)
TypescriptStack | 18/28 | 21:10:46 | CREATE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PublicSubnet2/DefaultRoute (VpcPublicSubnet2DefaultRoute97F91067)
TypescriptStack | 18/28 | 21:10:46 | CREATE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PublicSubnet1/DefaultRoute (VpcPublicSubnet1DefaultRoute3DA9E72A)
TypescriptStack | 18/28 | 21:10:47 | CREATE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PublicSubnet2/DefaultRoute (VpcPublicSubnet2DefaultRoute97F91067) Resource creation Initiated
TypescriptStack | 18/28 | 21:10:48 | CREATE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PublicSubnet1/DefaultRoute (VpcPublicSubnet1DefaultRoute3DA9E72A) Resource creation Initiated
TypescriptStack | 19/28 | 21:10:48 | CREATE_COMPLETE      | AWS::EC2::Route                       | Vpc/PublicSubnet2/DefaultRoute (VpcPublicSubnet2DefaultRoute97F91067)
TypescriptStack | 20/28 | 21:10:48 | CREATE_COMPLETE      | AWS::EC2::Route                       | Vpc/PublicSubnet1/DefaultRoute (VpcPublicSubnet1DefaultRoute3DA9E72A)
TypescriptStack | 20/28 | 21:10:49 | CREATE_IN_PROGRESS   | AWS::EC2::NatGateway                  | Vpc/PublicSubnet2/NATGateway (VpcPublicSubnet2NATGateway9182C01D)
TypescriptStack | 20/28 | 21:10:49 | CREATE_IN_PROGRESS   | AWS::EC2::NatGateway                  | Vpc/PublicSubnet1/NATGateway (VpcPublicSubnet1NATGateway4D7517AA)
TypescriptStack | 20/28 | 21:10:50 | CREATE_IN_PROGRESS   | AWS::EC2::NatGateway                  | Vpc/PublicSubnet2/NATGateway (VpcPublicSubnet2NATGateway9182C01D) Resource creation Initiated
TypescriptStack | 20/28 | 21:10:50 | CREATE_IN_PROGRESS   | AWS::EC2::NatGateway                  | Vpc/PublicSubnet1/NATGateway (VpcPublicSubnet1NATGateway4D7517AA) Resource creation Initiated
TypescriptStack | 21/28 | 21:10:53 | CREATE_COMPLETE      | AWS::IAM::Role                        | Custom::VpcRestrictDefaultSGCustomResourceProvider/Role (CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0) 
TypescriptStack | 21/28 | 21:10:54 | CREATE_IN_PROGRESS   | AWS::Lambda::Function                 | Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler (CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E)
TypescriptStack | 21/28 | 21:10:56 | CREATE_IN_PROGRESS   | AWS::Lambda::Function                 | Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler (CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E) Resource creation Initiated
TypescriptStack | 21/28 | 21:10:56 | CREATE_IN_PROGRESS   | AWS::Lambda::Function                 | Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler (CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E) Eventual consistency check initiated
TypescriptStack | 21/28 | 21:10:59 | CREATE_IN_PROGRESS   | AWS::EC2::NatGateway                  | Vpc/PublicSubnet2/NATGateway (VpcPublicSubnet2NATGateway9182C01D) Eventual consistency check initiated
TypescriptStack | 21/28 | 21:10:59 | CREATE_IN_PROGRESS   | AWS::EC2::NatGateway                  | Vpc/PublicSubnet1/NATGateway (VpcPublicSubnet1NATGateway4D7517AA) Eventual consistency check initiated
TypescriptStack | 22/28 | 21:11:01 | CREATE_COMPLETE      | AWS::Lambda::Function                 | Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler (CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E)
TypescriptStack | 22/28 | 21:11:02 | CREATE_IN_PROGRESS   | Custom::VpcRestrictDefaultSG          | Vpc/RestrictDefaultSecurityGroupCustomResource/Default (VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE)
TypescriptStack | 22/28 | 21:11:12 | CREATE_IN_PROGRESS   | Custom::VpcRestrictDefaultSG          | Vpc/RestrictDefaultSecurityGroupCustomResource/Default (VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE) Resource creation Initiated
TypescriptStack | 23/28 | 21:11:12 | CREATE_COMPLETE      | Custom::VpcRestrictDefaultSG          | Vpc/RestrictDefaultSecurityGroupCustomResource/Default (VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE)
23/28 Currently in progress: TypescriptStack, VpcPublicSubnet2NATGateway9182C01D, VpcPublicSubnet1NATGateway4D7517AA
TypescriptStack | 24/28 | 21:12:30 | CREATE_COMPLETE      | AWS::EC2::NatGateway                  | Vpc/PublicSubnet2/NATGateway (VpcPublicSubnet2NATGateway9182C01D)
TypescriptStack | 24/28 | 21:12:31 | CREATE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PrivateSubnet2/DefaultRoute (VpcPrivateSubnet2DefaultRoute060D2087)
TypescriptStack | 24/28 | 21:12:32 | CREATE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PrivateSubnet2/DefaultRoute (VpcPrivateSubnet2DefaultRoute060D2087) Resource creation Initiated
TypescriptStack | 25/28 | 21:12:32 | CREATE_COMPLETE      | AWS::EC2::Route                       | Vpc/PrivateSubnet2/DefaultRoute (VpcPrivateSubnet2DefaultRoute060D2087)
TypescriptStack | 26/28 | 21:12:41 | CREATE_COMPLETE      | AWS::EC2::NatGateway                  | Vpc/PublicSubnet1/NATGateway (VpcPublicSubnet1NATGateway4D7517AA)
TypescriptStack | 26/28 | 21:12:41 | CREATE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PrivateSubnet1/DefaultRoute (VpcPrivateSubnet1DefaultRouteBE02A9ED)
TypescriptStack | 26/28 | 21:12:43 | CREATE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PrivateSubnet1/DefaultRoute (VpcPrivateSubnet1DefaultRouteBE02A9ED) Resource creation Initiated
TypescriptStack | 27/28 | 21:12:43 | CREATE_COMPLETE      | AWS::EC2::Route                       | Vpc/PrivateSubnet1/DefaultRoute (VpcPrivateSubnet1DefaultRouteBE02A9ED)
TypescriptStack | 28/28 | 21:12:44 | CREATE_COMPLETE      | AWS::CloudFormation::Stack            | TypescriptStack

 ✅  TypescriptStack

✨  Deployment time: 159.7s

Stack ARN:
arn:aws:cloudformation:ap-northeast-1:xxxxxxxxxxxx:stack/TypescriptStack/aa941280-4e6c-11ef-91cc-06379fe07e43

✨  Total time: 165.94s


4.確認
4-1.Powershellで下記を実行

Unable to locate credentials. You can configure credentials by running "aws configure".
PS C:\typescript> aws ec2 describe-vpcs --profile testvault
{
    "Vpcs": [
        {
            "CidrBlock": "10.0.0.0/16",
            "DhcpOptionsId": "dopt-88aca5ec",
            "State": "available",
            "VpcId": "vpc-0d2edd272e6645f19",
            "OwnerId": "xxxxxxxxxxxx",
            "InstanceTenancy": "default",
            "CidrBlockAssociationSet": [
                {
                    "AssociationId": "vpc-cidr-assoc-09ef88e14bf656e37", 
                    "CidrBlock": "10.0.0.0/16",
                    "CidrBlockState": {
                        "State": "associated"
                    }
                }
            ],
            "IsDefault": false,
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "TypescriptStack/Vpc"
                },
                {
                    "Key": "aws:cloudformation:stack-name",
                    "Value": "TypescriptStack"
                },
                {
                    "Key": "aws:cloudformation:logical-id",
                    "Value": "Vpc8378EB38"
                },
                {
                    "Key": "aws:cloudformation:stack-id",
                    "Value": "arn:aws:cloudformation:ap-northeast-1:xxxxxxxxxxxx:stack/TypescriptStack/aa941280-4e6c-11ef-91cc-06379fe07e43"      
                }
            ]
        }
    ]
}

VPC以外にもいろいろなリソースが作成されている。

VPCクラスを指定した場合デフォルトの設定では、次のようなリソースが作成されます:

3つのアベイラビリティゾーンにわたる3つのパブリックサブネット。 3つのアベイラビリティゾーンにわたる3つのプライベートサブネット。 パブリックサブネットごとに1つのNATゲートウェイ。 それぞれのサブネット用のルートテーブル。


5.削除
5-1.PowerShellで下記を実行

> cdk destroy --profile <Profile名>
PS C:\typescript> cdk destroy --profile testvault          
Are you sure you want to delete: TypescriptStack (y/n)? y
TypescriptStack: destroying... [1/1]
TypescriptStack |   0 | 21:24:49 | DELETE_IN_PROGRESS   | AWS::CloudFormation::Stack            | TypescriptStack User Initiated
TypescriptStack |   0 | 21:24:51 | DELETE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PrivateSubnet1/DefaultRoute (VpcPrivateSubnet1DefaultRouteBE02A9ED)
TypescriptStack |   0 | 21:24:51 | DELETE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PrivateSubnet2/DefaultRoute (VpcPrivateSubnet2DefaultRoute060D2087)
TypescriptStack |   0 | 21:24:51 | DELETE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PrivateSubnet2/RouteTableAssociation (VpcPrivateSubnet2RouteTableAssociationA89CAD56)
TypescriptStack |   0 | 21:24:51 | DELETE_IN_PROGRESS   | Custom::VpcRestrictDefaultSG          | Vpc/RestrictDefaultSecurityGroupCustomResource/Default (VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE)
TypescriptStack |   0 | 21:24:51 | DELETE_IN_PROGRESS   | AWS::CDK::Metadata                    | CDKMetadata/Default (CDKMetadata)
TypescriptStack |   0 | 21:24:51 | DELETE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PrivateSubnet1/RouteTableAssociation (VpcPrivateSubnet1RouteTableAssociation70C59FA6)
TypescriptStack |   1 | 21:24:52 | DELETE_COMPLETE      | AWS::CDK::Metadata                    | CDKMetadata/Default (CDKMetadata)
TypescriptStack |   2 | 21:24:52 | DELETE_COMPLETE      | AWS::EC2::Route                       | Vpc/PrivateSubnet1/DefaultRoute (VpcPrivateSubnet1DefaultRouteBE02A9ED)
TypescriptStack |   3 | 21:24:53 | DELETE_COMPLETE      | AWS::EC2::Route                       | Vpc/PrivateSubnet2/DefaultRoute (VpcPrivateSubnet2DefaultRoute060D2087)
TypescriptStack |   3 | 21:24:53 | DELETE_IN_PROGRESS   | AWS::EC2::NatGateway                  | Vpc/PublicSubnet1/NATGateway (VpcPublicSubnet1NATGateway4D7517AA)
TypescriptStack |   3 | 21:24:53 | DELETE_IN_PROGRESS   | AWS::EC2::NatGateway                  | Vpc/PublicSubnet2/NATGateway (VpcPublicSubnet2NATGateway9182C01D)
TypescriptStack |   4 | 21:25:01 | DELETE_COMPLETE      | Custom::VpcRestrictDefaultSG          | Vpc/RestrictDefaultSecurityGroupCustomResource/Default (VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE)
TypescriptStack |   4 | 21:25:01 | DELETE_IN_PROGRESS   | AWS::Lambda::Function                 | Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler (CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E)
TypescriptStack |   5 | 21:25:05 | DELETE_COMPLETE      | AWS::Lambda::Function                 | Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler (CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E)
TypescriptStack |   5 | 21:25:05 | DELETE_IN_PROGRESS   | AWS::IAM::Role                        | Custom::VpcRestrictDefaultSGCustomResourceProvider/Role (CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0)   
TypescriptStack |   6 | 21:25:07 | DELETE_COMPLETE      | AWS::EC2::SubnetRouteTableAssociation | Vpc/PrivateSubnet2/RouteTableAssociation (VpcPrivateSubnet2RouteTableAssociationA89CAD56)
TypescriptStack |   7 | 21:25:08 | DELETE_COMPLETE      | AWS::EC2::SubnetRouteTableAssociation | Vpc/PrivateSubnet1/RouteTableAssociation (VpcPrivateSubnet1RouteTableAssociation70C59FA6)
TypescriptStack |   7 | 21:25:08 | DELETE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PrivateSubnet2/Subnet (VpcPrivateSubnet2Subnet3788AAA1)
TypescriptStack |   7 | 21:25:08 | DELETE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet2/RouteTable (VpcPrivateSubnet2RouteTableA678073B)
TypescriptStack |   7 | 21:25:08 | DELETE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet1/RouteTable (VpcPrivateSubnet1RouteTableB2C5B500)
TypescriptStack |   7 | 21:25:08 | DELETE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PrivateSubnet1/Subnet (VpcPrivateSubnet1Subnet536B997A)
TypescriptStack |   8 | 21:25:09 | DELETE_COMPLETE      | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet2/RouteTable (VpcPrivateSubnet2RouteTableA678073B)
TypescriptStack |   9 | 21:25:10 | DELETE_COMPLETE      | AWS::EC2::RouteTable                  | Vpc/PrivateSubnet1/RouteTable (VpcPrivateSubnet1RouteTableB2C5B500)
TypescriptStack |  10 | 21:25:10 | DELETE_COMPLETE      | AWS::EC2::Subnet                      | Vpc/PrivateSubnet2/Subnet (VpcPrivateSubnet2Subnet3788AAA1)
TypescriptStack |  11 | 21:25:10 | DELETE_COMPLETE      | AWS::EC2::Subnet                      | Vpc/PrivateSubnet1/Subnet (VpcPrivateSubnet1Subnet536B997A)
TypescriptStack |  12 | 21:25:20 | DELETE_COMPLETE      | AWS::IAM::Role                        | Custom::VpcRestrictDefaultSGCustomResourceProvider/Role (CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0)   
TypescriptStack |  13 | 21:25:31 | DELETE_COMPLETE      | AWS::EC2::NatGateway                  | Vpc/PublicSubnet1/NATGateway (VpcPublicSubnet1NATGateway4D7517AA)
TypescriptStack |  13 | 21:25:32 | DELETE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PublicSubnet1/RouteTableAssociation (VpcPublicSubnet1RouteTableAssociation97140677)
TypescriptStack |  13 | 21:25:32 | DELETE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PublicSubnet1/DefaultRoute (VpcPublicSubnet1DefaultRoute3DA9E72A)
TypescriptStack |  13 | 21:25:32 | DELETE_IN_PROGRESS   | AWS::EC2::EIP                         | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669)
TypescriptStack |  14 | 21:25:33 | DELETE_COMPLETE      | AWS::EC2::Route                       | Vpc/PublicSubnet1/DefaultRoute (VpcPublicSubnet1DefaultRoute3DA9E72A)
TypescriptStack |  15 | 21:25:33 | DELETE_COMPLETE      | AWS::EC2::EIP                         | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669)
TypescriptStack |  16 | 21:25:48 | DELETE_COMPLETE      | AWS::EC2::SubnetRouteTableAssociation | Vpc/PublicSubnet1/RouteTableAssociation (VpcPublicSubnet1RouteTableAssociation97140677)
TypescriptStack |  16 | 21:25:48 | DELETE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PublicSubnet1/RouteTable (VpcPublicSubnet1RouteTable6C95E38E)
TypescriptStack |  16 | 21:25:48 | DELETE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PublicSubnet1/Subnet (VpcPublicSubnet1Subnet5C2D37C4)
TypescriptStack |  17 | 21:25:50 | DELETE_COMPLETE      | AWS::EC2::RouteTable                  | Vpc/PublicSubnet1/RouteTable (VpcPublicSubnet1RouteTable6C95E38E)
TypescriptStack |  18 | 21:25:50 | DELETE_COMPLETE      | AWS::EC2::Subnet                      | Vpc/PublicSubnet1/Subnet (VpcPublicSubnet1Subnet5C2D37C4)
TypescriptStack |  19 | 21:25:57 | DELETE_COMPLETE      | AWS::EC2::NatGateway                  | Vpc/PublicSubnet2/NATGateway (VpcPublicSubnet2NATGateway9182C01D)
TypescriptStack |  19 | 21:25:57 | DELETE_IN_PROGRESS   | AWS::EC2::SubnetRouteTableAssociation | Vpc/PublicSubnet2/RouteTableAssociation (VpcPublicSubnet2RouteTableAssociationDD5762D8)
TypescriptStack |  19 | 21:25:57 | DELETE_IN_PROGRESS   | AWS::EC2::Route                       | Vpc/PublicSubnet2/DefaultRoute (VpcPublicSubnet2DefaultRoute97F91067)
TypescriptStack |  19 | 21:25:57 | DELETE_IN_PROGRESS   | AWS::EC2::EIP                         | Vpc/PublicSubnet2/EIP (VpcPublicSubnet2EIP3C605A87)
TypescriptStack |  20 | 21:25:59 | DELETE_COMPLETE      | AWS::EC2::Route                       | Vpc/PublicSubnet2/DefaultRoute (VpcPublicSubnet2DefaultRoute97F91067)
TypescriptStack |  21 | 21:25:59 | DELETE_COMPLETE      | AWS::EC2::EIP                         | Vpc/PublicSubnet2/EIP (VpcPublicSubnet2EIP3C605A87)
TypescriptStack |  21 | 21:25:59 | DELETE_IN_PROGRESS   | AWS::EC2::VPCGatewayAttachment        | Vpc/VPCGW (VpcVPCGWBF912B6E)
TypescriptStack |  22 | 21:26:00 | DELETE_COMPLETE      | AWS::EC2::VPCGatewayAttachment        | Vpc/VPCGW (VpcVPCGWBF912B6E)
TypescriptStack |  22 | 21:26:01 | DELETE_IN_PROGRESS   | AWS::EC2::InternetGateway             | Vpc/IGW (VpcIGWD7BA715C)
TypescriptStack |  23 | 21:26:02 | DELETE_COMPLETE      | AWS::EC2::InternetGateway             | Vpc/IGW (VpcIGWD7BA715C)
TypescriptStack |  24 | 21:26:14 | DELETE_COMPLETE      | AWS::EC2::SubnetRouteTableAssociation | Vpc/PublicSubnet2/RouteTableAssociation (VpcPublicSubnet2RouteTableAssociationDD5762D8)
TypescriptStack |  24 | 21:26:14 | DELETE_IN_PROGRESS   | AWS::EC2::Subnet                      | Vpc/PublicSubnet2/Subnet (VpcPublicSubnet2Subnet691E08A3)
TypescriptStack |  24 | 21:26:14 | DELETE_IN_PROGRESS   | AWS::EC2::RouteTable                  | Vpc/PublicSubnet2/RouteTable (VpcPublicSubnet2RouteTable94F7E489)

 ✅  TypescriptStack: destroyed



感想

ちょっとわかってきた(´ω`)