Create a VPC Using Anypoint Platform CLI

logo cloud active logo hybrid disabled logo server disabled logo pcf disabled

This section shows you how to create the same VPC set up in the VPC tutorial, using the Anypoint Platform CLI.

Log in to your organization and use the vpc create command to create the VPC:

cloudhub vpc create (1)
vpc-tutorial (2)
us-east-1 (3) (4)

In this example:

  1. The VPC is called vpc-tutorial

  2. Is bound to the us-east-1 region

    All VPCs need to be associated to a CloudHub region.

  3. The VPC size is In CIDR notation, this grants 256 IP addresses from to
    It is not possible to resize a VPC once created.
    Understanding how to size your VPC is crucial at this point. If you are not sure how to configure this, make sure to follow our VPC sizing guide.
    The CIDR Blocks chosen for the VPC should ideally come from a private IP space, and should not overlap with any other VPC’s CIDR Blocks or any CIDR Blocks in use in your corporate network.

  4. The VPC is set as default. This means that all environments in this region that are not associated to a VPC will be, by default, associated to this VPC.

In this example, we are not passing:

  • Environment information:
    Not setting a specific environment makes that every application deployed to US-EAST is associated to this VPC disregarding to which environment it is being deployed.

  • Business group information:
    By doing so, we are associating this VPC to the main organization.

When the operation succeeds, the CLI displays the details of the newly created VPC.

│ Name                         │ vpc-tutorial      │
│ Region                       │ us-east-1         │
│ CIDR Block                   │     │
│ Inherited                    │ No                │
│ Organization default         │ Yes               │
│ Special domains              │                   │
│ DNS Servers                  │                   │
│ Firewall rules               │                   │
│ Environments                 │                   │
│ Business groups              │                   │
│ Load balancers               │                   │

When the VPC is created, all inbound traffic is blocked by default. You need to create firewall rules to allow traffic to the VPC.
In order to do so, use the vpc firewall-rules add command:

cloudhub vpc firewall-rules add
vpc-tutorial (2) (3)
tcp (4)
  1. Set vpc-tutorial as the target VPC for this new firewall rule.

  2. Set the IP range to allow all possible IP addresses by setting
    In CIDR notation, this allows the range to

  3. Set the whitelisted protocol to tcp

  4. Allow the port number 8091

This example creates this firewall rule, because a CloudHub dedicated load balancer proxies, by default, all external communications to your workers through port 8091 (the default http.private port).
Setting this firewall rule allows a CloudHub dedicated load balancer to communicate to your workers using its default configurations.

Additionally, in order to properly receive requests from the load balancer, all applications that we deploy to the VPC must be listening on port 8091.

When you create a new firewall rule, the Anypoint Platform CLI shows you a success message:

VPC firewall modified successfully

You just created a private and isolated network in the US-EAST region and allowed inbound traffic to it through port 8091.
Learn how to associate a load balancer following the load balancer tutorial.

Update an Existing VPC

Although it is not possible to update certain values from your VPC through the Anypoint Platform CLI, you can use the Cloudhub API to programmatically manage and update your VPC:

  1. Log in to the CloudHub services passing your credentials through the endpoint.

  2. Use the organizations/{orgid}/vpcs/{vpcId} endpoint to update your VPC.

You can use the API Reference to understand how to interact with the API’s resources.

For example, to update the environments of your VPC you need to send a PUT request to the{orgid}/vpcs/{vpcId} endpoint with a JSON payload:

You can query your {orgid} using the account business-group describe command.

Your {vpcId} value is listed by running a cloudhub vpc describe-json command.

        "associatedEnvironments": [

<EnvironmentId> needs to be replaced by the Id of the environment to which you want to associate this VPC.
You can get the Ids for your environments running a account environment list command.

In this topic: