翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。 # Amazon VPC Transit Gateway の開始方法 次のコード例は、以下の操作方法を示しています。 + Transit Gateway を作成する + VPCs をトランジットゲートウェイにアタッチする + トランジットゲートウェイと VPCsの間にルートを追加する + Transit Gateway をテストする + リソースをクリーンアップする ------ #### [ Bash ] **AWS CLI Bash スクリプトを使用する** GitHub には、その他のリソースもあります。[デベロッパーチュートリアルのサンプル](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/012-transitgateway-gettingstarted)レポジトリで用例一覧を検索し、設定と実行の方法を確認してください。 ``` #!/bin/bash # Amazon VPC Transit Gateway CLI Script # This script demonstrates how to create a transit gateway and connect two VPCs # Modified to work with older AWS CLI versions that don't support transit gateway wait commands # Security improved: Added input validation, error handling, and credential checks # Error handling set -euo pipefail LOG_FILE="transit-gateway-tutorial.log" exec > >(tee -a "$LOG_FILE") 2>&1 # Security: Check for required AWS credentials if ! aws sts get-caller-identity &>/dev/null; then echo "ERROR: AWS credentials not configured or invalid. Please configure AWS credentials." exit 1 fi # Function to validate AWS CLI output validate_aws_output() { local output=$1 local context=$2 if [ -z "$output" ] || [ "$output" = "None" ]; then echo "ERROR: Failed to retrieve $context from AWS API" return 1 fi } # Function to validate CIDR blocks validate_cidr() { local cidr=$1 if ! [[ "$cidr" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$ ]]; then echo "ERROR: Invalid CIDR block format: $cidr" return 1 fi } # Function to wait for transit gateway to be available wait_for_tgw() { local tgw_id=$1 local max_attempts=60 local attempt=0 echo "Waiting for Transit Gateway $tgw_id to become available..." while [ $attempt -lt $max_attempts ]; do status=$(aws ec2 describe-transit-gateways \ --transit-gateway-ids "$tgw_id" \ --query "TransitGateways[0].State" \ --output text 2>/dev/null || echo "failed") echo "Current status: $status" if [ "$status" = "available" ]; then echo "Transit Gateway is now available" return 0 fi if [ "$status" = "failed" ]; then echo "ERROR: Transit Gateway creation failed" return 1 fi echo "Waiting for transit gateway to become available. Current state: $status" sleep 10 ((attempt++)) done echo "ERROR: Timeout waiting for transit gateway to become available" return 1 } # Function to wait for transit gateway attachment to be available wait_for_tgw_attachment() { local attachment_id=$1 local max_attempts=60 local attempt=0 echo "Waiting for Transit Gateway Attachment $attachment_id to become available..." while [ $attempt -lt $max_attempts ]; do status=$(aws ec2 describe-transit-gateway-vpc-attachments \ --transit-gateway-attachment-ids "$attachment_id" \ --query "TransitGatewayVpcAttachments[0].State" \ --output text 2>/dev/null || echo "failed") echo "Current status: $status" if [ "$status" = "available" ]; then echo "Transit Gateway Attachment is now available" return 0 fi if [ "$status" = "failed" ]; then echo "ERROR: Transit Gateway Attachment creation failed" return 1 fi echo "Waiting for transit gateway attachment to become available. Current state: $status" sleep 10 ((attempt++)) done echo "ERROR: Timeout waiting for transit gateway attachment to become available" return 1 } # Function to wait for transit gateway attachment to be deleted wait_for_tgw_attachment_deleted() { local attachment_id=$1 local max_attempts=60 local attempt=0 echo "Waiting for Transit Gateway Attachment $attachment_id to be deleted..." while [ $attempt -lt $max_attempts ]; do count=$(aws ec2 describe-transit-gateway-vpc-attachments \ --filters "Name=transit-gateway-attachment-id,Values=$attachment_id" \ --query "length(TransitGatewayVpcAttachments)" \ --output text 2>/dev/null || echo "0") if [ "$count" = "0" ]; then echo "Transit Gateway Attachment has been deleted" return 0 fi status=$(aws ec2 describe-transit-gateway-vpc-attachments \ --transit-gateway-attachment-ids "$attachment_id" \ --query "TransitGatewayVpcAttachments[0].State" \ --output text 2>/dev/null || echo "deleted") if [ "$status" = "deleted" ] || [ "$status" = "deleting" ]; then echo "Transit Gateway Attachment is being deleted. Current state: $status" fi echo "Waiting for transit gateway attachment to be deleted. Current state: $status" sleep 10 ((attempt++)) done echo "WARNING: Timeout waiting for transit gateway attachment to be deleted" return 0 } # Function to clean up resources cleanup() { local exit_code=$? echo "Error occurred (exit code: $exit_code). Cleaning up resources..." # Delete resources in reverse order if [ -n "${TGW_ATTACHMENT_1_ID:-}" ]; then echo "Deleting Transit Gateway VPC Attachment 1: $TGW_ATTACHMENT_1_ID" aws ec2 delete-transit-gateway-vpc-attachment \ --transit-gateway-attachment-id "$TGW_ATTACHMENT_1_ID" &>/dev/null || true wait_for_tgw_attachment_deleted "$TGW_ATTACHMENT_1_ID" || true fi if [ -n "${TGW_ATTACHMENT_2_ID:-}" ]; then echo "Deleting Transit Gateway VPC Attachment 2: $TGW_ATTACHMENT_2_ID" aws ec2 delete-transit-gateway-vpc-attachment \ --transit-gateway-attachment-id "$TGW_ATTACHMENT_2_ID" &>/dev/null || true wait_for_tgw_attachment_deleted "$TGW_ATTACHMENT_2_ID" || true fi if [ -n "${TGW_ID:-}" ]; then echo "Deleting Transit Gateway: $TGW_ID" aws ec2 delete-transit-gateway --transit-gateway-id "$TGW_ID" &>/dev/null || true fi exit "$exit_code" } # Set up trap for error handling trap cleanup EXIT echo "=== Amazon VPC Transit Gateway Tutorial ===" echo "This script will create a transit gateway and connect two VPCs" echo "" # Get a valid availability zone dynamically echo "Getting available AZ in current region..." AZ=$(aws ec2 describe-availability-zones \ --query "AvailabilityZones[0].ZoneName" \ --output text) validate_aws_output "$AZ" "availability zone" || exit 1 echo "Using availability zone: $AZ" # Check if VPCs exist echo "Checking for existing VPCs..." VPC1_ID=$(aws ec2 describe-vpcs \ --filters "Name=tag:Name,Values=VPC1" \ --query "Vpcs[0].VpcId" \ --output text) VPC2_ID=$(aws ec2 describe-vpcs \ --filters "Name=tag:Name,Values=VPC2" \ --query "Vpcs[0].VpcId" \ --output text) if [ "$VPC1_ID" = "None" ] || [ -z "$VPC1_ID" ]; then echo "Creating VPC1..." VPC1_ID=$(aws ec2 create-vpc \ --cidr-block 10.1.0.0/16 \ --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=VPC1},{Key=project,Value=doc-smith},{Key=tutorial,Value=transitgateway-gettingstarted}]' \ --query Vpc.VpcId \ --output text) validate_aws_output "$VPC1_ID" "VPC1" || exit 1 echo "Created VPC1: $VPC1_ID" # Create a subnet in VPC1 echo "Creating subnet in VPC1..." SUBNET1_ID=$(aws ec2 create-subnet \ --vpc-id "$VPC1_ID" \ --cidr-block 10.1.0.0/24 \ --availability-zone "$AZ" \ --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=VPC1-Subnet},{Key=project,Value=doc-smith},{Key=tutorial,Value=transitgateway-gettingstarted}]' \ --query Subnet.SubnetId \ --output text) validate_aws_output "$SUBNET1_ID" "VPC1 subnet" || exit 1 echo "Created subnet in VPC1: $SUBNET1_ID" else echo "Using existing VPC1: $VPC1_ID" SUBNET1_ID=$(aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$VPC1_ID" \ --query "Subnets[0].SubnetId" \ --output text) if [ "$SUBNET1_ID" = "None" ] || [ -z "$SUBNET1_ID" ]; then echo "Creating subnet in VPC1..." SUBNET1_ID=$(aws ec2 create-subnet \ --vpc-id "$VPC1_ID" \ --cidr-block 10.1.0.0/24 \ --availability-zone "$AZ" \ --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=VPC1-Subnet},{Key=project,Value=doc-smith},{Key=tutorial,Value=transitgateway-gettingstarted}]' \ --query Subnet.SubnetId \ --output text) validate_aws_output "$SUBNET1_ID" "VPC1 subnet" || exit 1 echo "Created subnet in VPC1: $SUBNET1_ID" else echo "Using existing subnet in VPC1: $SUBNET1_ID" fi fi if [ "$VPC2_ID" = "None" ] || [ -z "$VPC2_ID" ]; then echo "Creating VPC2..." VPC2_ID=$(aws ec2 create-vpc \ --cidr-block 10.2.0.0/16 \ --tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=VPC2},{Key=project,Value=doc-smith},{Key=tutorial,Value=transitgateway-gettingstarted}]' \ --query Vpc.VpcId \ --output text) validate_aws_output "$VPC2_ID" "VPC2" || exit 1 echo "Created VPC2: $VPC2_ID" # Create a subnet in VPC2 echo "Creating subnet in VPC2..." SUBNET2_ID=$(aws ec2 create-subnet \ --vpc-id "$VPC2_ID" \ --cidr-block 10.2.0.0/24 \ --availability-zone "$AZ" \ --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=VPC2-Subnet},{Key=project,Value=doc-smith},{Key=tutorial,Value=transitgateway-gettingstarted}]' \ --query Subnet.SubnetId \ --output text) validate_aws_output "$SUBNET2_ID" "VPC2 subnet" || exit 1 echo "Created subnet in VPC2: $SUBNET2_ID" else echo "Using existing VPC2: $VPC2_ID" SUBNET2_ID=$(aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$VPC2_ID" \ --query "Subnets[0].SubnetId" \ --output text) if [ "$SUBNET2_ID" = "None" ] || [ -z "$SUBNET2_ID" ]; then echo "Creating subnet in VPC2..." SUBNET2_ID=$(aws ec2 create-subnet \ --vpc-id "$VPC2_ID" \ --cidr-block 10.2.0.0/24 \ --availability-zone "$AZ" \ --tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=VPC2-Subnet},{Key=project,Value=doc-smith},{Key=tutorial,Value=transitgateway-gettingstarted}]' \ --query Subnet.SubnetId \ --output text) validate_aws_output "$SUBNET2_ID" "VPC2 subnet" || exit 1 echo "Created subnet in VPC2: $SUBNET2_ID" else echo "Using existing subnet in VPC2: $SUBNET2_ID" fi fi # Get route tables for each VPC RTB1_ID=$(aws ec2 describe-route-tables \ --filters "Name=vpc-id,Values=$VPC1_ID" \ --query "RouteTables[0].RouteTableId" \ --output text) validate_aws_output "$RTB1_ID" "VPC1 route table" || exit 1 RTB2_ID=$(aws ec2 describe-route-tables \ --filters "Name=vpc-id,Values=$VPC2_ID" \ --query "RouteTables[0].RouteTableId" \ --output text) validate_aws_output "$RTB2_ID" "VPC2 route table" || exit 1 echo "Route table for VPC1: $RTB1_ID" echo "Route table for VPC2: $RTB2_ID" # Step 1: Create the transit gateway echo "Creating Transit Gateway..." TGW_ID=$(aws ec2 create-transit-gateway \ --description "My Transit Gateway" \ --options "AmazonSideAsn=64512,AutoAcceptSharedAttachments=disable,DefaultRouteTableAssociation=enable,DefaultRouteTablePropagation=enable,VpnEcmpSupport=enable,DnsSupport=enable,MulticastSupport=disable" \ --tag-specifications 'ResourceType=transit-gateway,Tags=[{Key=Name,Value=MyTransitGateway},{Key=project,Value=doc-smith},{Key=tutorial,Value=transitgateway-gettingstarted}]' \ --query TransitGateway.TransitGatewayId \ --output text) validate_aws_output "$TGW_ID" "Transit Gateway" || exit 1 echo "Created Transit Gateway: $TGW_ID" # Wait for the transit gateway to become available wait_for_tgw "$TGW_ID" || exit 1 # Step 2: Attach VPCs to the transit gateway echo "Attaching VPC1 to Transit Gateway..." TGW_ATTACHMENT_1_ID=$(aws ec2 create-transit-gateway-vpc-attachment \ --transit-gateway-id "$TGW_ID" \ --vpc-id "$VPC1_ID" \ --subnet-ids "$SUBNET1_ID" \ --tag-specifications 'ResourceType=transit-gateway-attachment,Tags=[{Key=Name,Value=VPC1-Attachment},{Key=project,Value=doc-smith},{Key=tutorial,Value=transitgateway-gettingstarted}]' \ --query TransitGatewayVpcAttachment.TransitGatewayAttachmentId \ --output text) validate_aws_output "$TGW_ATTACHMENT_1_ID" "Transit Gateway VPC1 Attachment" || exit 1 echo "Created Transit Gateway VPC Attachment for VPC1: $TGW_ATTACHMENT_1_ID" echo "Attaching VPC2 to Transit Gateway..." TGW_ATTACHMENT_2_ID=$(aws ec2 create-transit-gateway-vpc-attachment \ --transit-gateway-id "$TGW_ID" \ --vpc-id "$VPC2_ID" \ --subnet-ids "$SUBNET2_ID" \ --tag-specifications 'ResourceType=transit-gateway-attachment,Tags=[{Key=Name,Value=VPC2-Attachment},{Key=project,Value=doc-smith},{Key=tutorial,Value=transitgateway-gettingstarted}]' \ --query TransitGatewayVpcAttachment.TransitGatewayAttachmentId \ --output text) validate_aws_output "$TGW_ATTACHMENT_2_ID" "Transit Gateway VPC2 Attachment" || exit 1 echo "Created Transit Gateway VPC Attachment for VPC2: $TGW_ATTACHMENT_2_ID" # Wait for the attachments to become available wait_for_tgw_attachment "$TGW_ATTACHMENT_1_ID" || exit 1 wait_for_tgw_attachment "$TGW_ATTACHMENT_2_ID" || exit 1 # Step 3: Add routes between the transit gateway and VPCs echo "Adding route from VPC1 to VPC2 via Transit Gateway..." validate_cidr "10.2.0.0/16" || exit 1 aws ec2 create-route \ --route-table-id "$RTB1_ID" \ --destination-cidr-block 10.2.0.0/16 \ --transit-gateway-id "$TGW_ID" || exit 1 echo "Adding route from VPC2 to VPC1 via Transit Gateway..." validate_cidr "10.1.0.0/16" || exit 1 aws ec2 create-route \ --route-table-id "$RTB2_ID" \ --destination-cidr-block 10.1.0.0/16 \ --transit-gateway-id "$TGW_ID" || exit 1 echo "Routes added successfully" # Step 4: Display information for testing echo "" echo "=== Transit Gateway Setup Complete ===" echo "Transit Gateway ID: $TGW_ID" echo "VPC1 ID: $VPC1_ID" echo "VPC2 ID: $VPC2_ID" echo "" echo "To test connectivity:" echo "1. Launch an EC2 instance in each VPC" echo "2. Configure security groups to allow ICMP traffic" echo "3. Connect to one instance and ping the other instance's private IP" echo "" echo "Viewing created resources..." echo "" echo "=== Resources Created ===" echo "Transit Gateway: $TGW_ID" echo "VPC1: $VPC1_ID" echo "VPC2: $VPC2_ID" echo "Subnet in VPC1: $SUBNET1_ID" echo "Subnet in VPC2: $SUBNET2_ID" echo "Transit Gateway Attachment for VPC1: $TGW_ATTACHMENT_1_ID" echo "Transit Gateway Attachment for VPC2: $TGW_ATTACHMENT_2_ID" echo "" echo "Starting cleanup..." # Delete routes echo "Deleting routes..." aws ec2 delete-route --route-table-id "$RTB1_ID" --destination-cidr-block 10.2.0.0/16 || true aws ec2 delete-route --route-table-id "$RTB2_ID" --destination-cidr-block 10.1.0.0/16 || true # Delete transit gateway attachments echo "Deleting Transit Gateway VPC Attachment for VPC1: $TGW_ATTACHMENT_1_ID" aws ec2 delete-transit-gateway-vpc-attachment \ --transit-gateway-attachment-id "$TGW_ATTACHMENT_1_ID" || true echo "Deleting Transit Gateway VPC Attachment for VPC2: $TGW_ATTACHMENT_2_ID" aws ec2 delete-transit-gateway-vpc-attachment \ --transit-gateway-attachment-id "$TGW_ATTACHMENT_2_ID" || true # Wait for attachments to be deleted wait_for_tgw_attachment_deleted "$TGW_ATTACHMENT_1_ID" || true wait_for_tgw_attachment_deleted "$TGW_ATTACHMENT_2_ID" || true # Delete transit gateway echo "Deleting Transit Gateway: $TGW_ID" aws ec2 delete-transit-gateway --transit-gateway-id "$TGW_ID" || true echo "Cleanup completed successfully" echo "Tutorial completed. See $LOG_FILE for detailed logs." ``` + API の詳細については、*AWS CLI コマンドリファレンス*の以下のトピックを参照してください。 + [CreateRoute](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateRoute) + [CreateSubnet](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateSubnet) + [CreateTransitGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateTransitGateway) + [CreateTransitGatewayVpcAttachment](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateTransitGatewayVpcAttachment) + [CreateVpc](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/CreateVpc) + [DeleteRoute](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteRoute) + [DeleteTransitGateway](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteTransitGateway) + [DeleteTransitGatewayVpcAttachment](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DeleteTransitGatewayVpcAttachment) + [DescribeAvailabilityZones](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeAvailabilityZones) + [DescribeRouteTables](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeRouteTables) + [DescribeSubnets](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeSubnets) + [DescribeTransitGatewayAttachments](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeTransitGatewayAttachments) + [DescribeTransitGatewayVpcAttachments](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeTransitGatewayVpcAttachments) + [DescribeTransitGateways](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeTransitGateways) + [DescribeVpcs](https://docs.aws.amazon.com/goto/aws-cli/ec2-2016-11-15/DescribeVpcs) ------ AWS SDK 開発者ガイドとコード例の完全なリストについては、「」を参照してください[AWS SDK を使用して Amazon EC2 リソースを作成する](sdk-general-information-section.md)。このトピックには、使用開始方法に関する情報と、以前の SDK バージョンの詳細も含まれています。