AWS CloudFomation (https://aws.amazon.com/cloudformation/), is one way in which we can use a text file to describe and launch the resource that we need. We can use CloudFormation to provision another VPC in the us-west-1 region: 

The CloudFormation template can be in YAML or JSON; we will use YAML for our first template for provisioning:

$ cat Chapter10_3_cloud_formation.yml
AWSTemplateFormatVersion: '2010-09-09'
Description: Create VPC in us-west-1
Resources:
  myVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: '10.1.0.0/16'
      EnableDnsSupport: 'false'
      EnableDnsHostnames: 'false'
      Tags:
        - Key: Name
          Value: 'mastering_python_networking_demo_2'

We can execute the template via the AWS CLI. Notice that we specify a region of us-west-1 in our execution: 

$ aws --region us-west-1 cloudformation create-stack --stack-name 'mpn-ch10-demo' --template-body file://Chapter10_3_cloud_formation.yml
{
    "StackId": "arn:aws:cloudformation:us-west-1:<skip>:stack/mpn-ch10-demo/<skip>"
}

We can verify the status via AWS CLI: 

$ aws --region us-west-1 cloudformation describe-stacks --stack-name mpn-ch10-demo
{
    "Stacks": [
        {
            "CreationTime": "2018-07-18T18:45:25.690Z",
            "Description": "Create VPC in us-west-1",
            "DisableRollback": false,
            "StackName": "mpn-ch10-demo",
            "RollbackConfiguration": {},
            "StackStatus": "CREATE_COMPLETE",
            "NotificationARNs": [],
            "Tags": [],
            "EnableTerminationProtection": false,
            "StackId": "arn:aws:cloudformation:us-west-1<skip>"
        }
    ]
}

For demonstration purposes, the last CloudFormation template created a VPC without any subnet. Let's delete that VPC and use the following template to create both the VPC as well as the subnet. Notice that we will not have the VPC-id before VPC creation, so we will use a special variable to reference the VPC-id in the subnet creation. This is the same technique we can use for other resources, such as the routing table and internet gateway:

$ cat Chapter10_4_cloud_formation_full.yml
AWSTemplateFormatVersion: '2010-09-09'
Description: Create subnet in us-west-1
Resources:
  myVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: '10.1.0.0/16'
      EnableDnsSupport: 'false'
      EnableDnsHostnames: 'false'
      Tags:
        - Key: Name
          Value: 'mastering_python_networking_demo_2'

  mySubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref myVPC
      CidrBlock: '10.1.0.0/24'
      AvailabilityZone: 'us-west-1a'
      Tags:
        - Key: Name
          Value: 'mpn_demo_subnet_1'

We can execute and verify the creation of the resources as follows: 

$ aws --region us-west-1 cloudformation create-stack --stack-name mpn-ch10-demo-2 --template-body file://Chapter10_4_cloud_formation_full.yml
{
    "StackId": "arn:aws:cloudformation:us-west-1:<skip>:stack/mpn-ch10-demo-2/<skip>"
}

$ aws --region us-west-1 cloudformation describe-stacks --stack-name mpn-ch10-demo-2
{
    "Stacks": [
        {
            "StackStatus": "CREATE_COMPLETE",
            ...
            "StackName": "mpn-ch10-demo-2",
            "DisableRollback": false
        }
    ]
}

We can also verify the VPC and subnet information from the AWS console. We will verify the VPC from the console first:

We can also take a look at the subnet: 

We now have two VPCs in the two coasts of the United States. They are currently behaving like two islands, each by themselves. This may or may not be your desired state of operation. If you would like the to VPC to be able to connect them to each other, we can use VPC peering (https://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/vpc-peering-basics.html) to allow direct communication. 

In the coming section, we will take a look at VPC security groups and the network access control list.