Nav

Create a VPC Using Anypoint Platform CLI

logo cloud active logo hybrid disabled logo server disabled logo pcf disabled

This section shows you how to create the same VPC set up in the VPC tutorial, using the Anypoint Platform CLI.

Create a VPC

Log in to your organization and use the vpc create command to create the VPC:

cloudhub vpc create (1)
vpc-tutorial (2)
us-east-1 (3)
10.111.0.0/24 (4)
--default

In this example:

  1. The VPC is called vpc-tutorial

  2. Is bound to the us-east-1 region

    All VPCs need to be associated to a CloudHub region.

  3. The VPC size is 10.111.0.0/24. In CIDR notation, this grants 256 IP addresses from 10.111.0.0 to 10.111.0.255.
    It is not possible to resize a VPC once created.
    Understanding how to size your VPC is crucial at this point. If you are not sure how to configure this, make sure to follow our VPC sizing guide.
    The CIDR Blocks chosen for the VPC should ideally come from a private IP space, and should not overlap with any other VPC’s CIDR Blocks or any CIDR Blocks in use in your corporate network.

  4. The VPC is set as default. This means that all environments in this region that are not associated to a VPC will be, by default, associated to this VPC.

In this example, we are not passing:

  • Environment information:
    Not setting a specific environment makes that every application deployed to US-EAST is associated to this VPC disregarding the environment to which it is being deployed.

  • Business group information:
    By doing so, we are associating this VPC to the main organization.

When the operation succeeds, the CLI displays the details of the newly created VPC.


         
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
┌──────────────────────────────┬───────────────────┐
│ Name                         │ vpc-tutorial      │
├──────────────────────────────┼───────────────────┤
│ Region                       │ us-east-1         │
├──────────────────────────────┼───────────────────┤
│ CIDR Block                   │ 10.111.0.0/24     │
├──────────────────────────────┼───────────────────┤
│ Inherited                    │ No                │
├──────────────────────────────┼───────────────────┤
│ Organization default         │ Yes               │
├──────────────────────────────┼───────────────────┤
│ Special domains              │                   │
├──────────────────────────────┼───────────────────┤
│ DNS Servers                  │                   │
├──────────────────────────────┼───────────────────┤
│ Firewall rules               │                   │
├──────────────────────────────┼───────────────────┤
│ Environments                 │                   │
├──────────────────────────────┼───────────────────┤
│ Business groups              │                   │
├──────────────────────────────┼───────────────────┤
│ Load balancers               │                   │
└──────────────────────────────┴───────────────────┘

Create Firewall Rules

When the VPC is created, four firewall rules are set by default. You can review them using the vpc firewall-rules describe command:

cloudhub vpc firewall-rules describe vpc-tutorial

This command returns:


         
      
1
2
3
4
5
6
7
8
9
10
11
┌───────┬────────────────────┬──────────┬────────────┬──────────┐
│ Index │ CIDR Block         │ Protocol │ From port  │ To port  │
├───────┼────────────────────┼──────────┼────────────┼──────────┤
│ 0     │ 10.111.0.0/24      │ TCP      │ 8092       │          │
├───────┼────────────────────┼──────────┼────────────┼──────────┤
│ 1     │ 0.0.0.0/0          │ TCP      │ 8082       │          │
├───────┼────────────────────┼──────────┼────────────┼──────────┤
│ 2     │ 10.111.0.0/24      │ TCP      │ 8091       │          │
├───────┼────────────────────┼──────────┼────────────┼──────────┤
│ 3     │ 0.0.0.0/0          │ TCP      │ 8081       │          │
└───────┴────────────────────┴──────────┴────────────┴──────────┘

Rules 0 and 2 allow inbound connections from your local VPC from ports 8091 and 8092, while rules 1 and 3 allow traffic from any host to reach your workers through ports 8081 and 8082.

You can use the vpc firewall-rules delete command to remove any of the default rules or you can add new ones using the vpc firewall-rules add command.

Assume you want to enable TCP traffic through port 8090 inside your VPC. You need to run the following:

cloudhub vpc firewall-rules add
(1)
vpc-tutorial (2)
10.111.0.0/24 (3)
tcp (4)
8090
  1. Set vpc-tutorial as the target VPC for this new firewall rule.

  2. Set the IP range to allow all only hosts from insde your VPC by setting 10.111.0.0/24.
    In CIDR notation, this allows the range 10.111.0.0 to 10.111.0.255.

  3. Set the whitelisted protocol to tcp

  4. Allow the port number 8090

When you create a new firewall rule, the Anypoint Platform CLI shows you a success message:

VPC firewall modified successfully

Update an Existing VPC

Although it is not possible to update certain values from your VPC through the Anypoint Platform CLI, you can use the Cloudhub API to programmatically manage and update your VPC:

  1. Log in to the CloudHub services passing your credentials through the https://anypoint.mulesoft.com/accounts/login endpoint.

  2. Use the organizations/{orgid}/vpcs/{vpcId} endpoint to update your VPC.

You can use the API Reference to understand how to interact with the API’s resources.

For example, to update the environments of your VPC you need to send a PUT request to the anypoint.mulesoft.com/cloudhub/api/organizations/{orgid}/vpcs/{vpcId} endpoint with a JSON payload:

You can query your {orgid} using the account business-group describe command.

Your {vpcId} value is listed by running a cloudhub vpc describe-json command.


         
      
1
2
3
4
5
{
        "associatedEnvironments": [
                "<EnvironmentId>"
        ]
}

<EnvironmentId> needs to be replaced by the Id of the environment to which you want to associate this VPC.
You can get the Ids for your environments running a account environment list command.

See Also