1. Public Internet Access for EC2-AI Compute Instances


    In order to provide public internet access to EC2 instances, you'll need to ensure that each instance has a public IP address and is located within a subnet that is associated with an internet gateway. Additionally, security groups and network access control lists (ACLs) should be configured to allow the appropriate inbound and outbound traffic.

    Here is a Pulumi program that sets up an Amazon EC2 instance with public internet access:

    1. VPC: It is a virtual network dedicated to your AWS account. It is isolated from other virtual networks in the AWS cloud.
    2. Internet Gateway: A horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet.
    3. Subnet: A range of IP addresses in your VPC. A subnet could be public or private. In this case, it will be public, meaning that instances launched into it receive a public IP address.
    4. Route Table: A set of rules, called routes, that determine where network traffic is directed.
    5. Security Group: Acts as a virtual firewall for your instance to control inbound and outbound traffic.
    import pulumi import pulumi_aws as aws # Create a VPC to launch our instances into. vpc = aws.ec2.Vpc("vpc", cidr_block="") # Create an Internet Gateway for giving public access to our instances. internet_gateway = aws.ec2.InternetGateway("internet-gateway", vpc_id=vpc.id) # Create a subnet to launch our instances into. subnet = aws.ec2.Subnet("subnet", vpc_id=vpc.id, cidr_block="", map_public_ip_on_launch=True) # Ensure that instances get a public IP address. # Create a Route Table for public traffic to go out of the Internet Gateway route_table = aws.ec2.RouteTable("route-table", vpc_id=vpc.id, routes=[aws.ec2.RouteTableRouteArgs( cidr_block="", gateway_id=internet_gateway.id, )]) # Associate our Route Table with our subnet route_table_association = aws.ec2.RouteTableAssociation("route-table-association", route_table_id=route_table.id, subnet_id=subnet.id) # Security Group to allow TCP(22: SSH, 80, 443: HTTP/HTTPS, and ICMP - Ping) security_group = aws.ec2.SecurityGroup("security-group", vpc_id=vpc.id, description="Allow SSH, HTTP, HTTPS and ICMP", ingress=[ aws.ec2.SecurityGroupIngressArgs( protocol="tcp", from_port=22, to_port=22, cidr_blocks=[""], ), aws.ec2.SecurityGroupIngressArgs( protocol="tcp", from_port=80, to_port=80, cidr_blocks=[""], ), aws.ec2.SecurityGroupIngressArgs( protocol="tcp", from_port=443, to_port=443, cidr_blocks=[""], ), aws.ec2.SecurityGroupIngressArgs( protocol="icmp", from_port=-1, to_port=-1, cidr_blocks=[""], # For ping ), ], egress=[ aws.ec2.SecurityGroupEgressArgs( protocol="-1", from_port=0, to_port=0, cidr_blocks=[""], ), ]) # Launch an EC2 instance with the above configuration. instance = aws.ec2.Instance("instance", ami="ami-0c55b159cbfafe1f0", # The AMI to use (Amazon Linux 2), should be replaced with a relevant one. instance_type="t2.micro", # The type of instance to use subnet_id=subnet.id, # Tell the instance to launch in our public subnet vpc_security_group_ids=[security_group.id], # Reference the security group we defined earlier tags={ "Name": "Pulumi-EC2-AI", }) # Export the public IP address of the instance. pulumi.export("publicIP", instance.public_ip)

    Notice we've essentially created a virtual data center in the AWS cloud with its networking configured similar to a traditional data center. This program provisions infrastructure with the following resources:

    • VPC: Establishes a virtual network in which we can deploy AWS resources.
    • Internet Gateway: Connects the VPC to the internet, allowing EC2 instances in the VPC to access the internet.
    • Subnet: Each instance launched in this public subnet is assigned a public IP address.
    • Route Table: Directs outbound traffic from the subnet to the internet gateway.
    • Security Group: Acts as a virtual firewall to control inbound and outbound traffic to EC2 instances. In this program, we enable SSH (port 22), HTTP (port 80), HTTPS (port 443), as well as ICMP (for ping).

    Furthermore, the instance is created with a security group that allows inbound SSH, HTTP and HTTPS, and all outbound traffic.

    When deploying this program with Pulumi, you would change the AMI to match the one suited for your EC2-AI instances or any other instances that fit your application needs.

    Be sure to select the AMI and instance type according to your requirements and the specific region you are deploying to; this example uses a general Amazon Linux 2 AMI and the t2.micro instance type, which may be subject to change. You can find suitable AMI IDs by searching in the AWS console or using the AWS CLI.

    Let me know if you need any additional information or further customization of the resources.