creating-production-vpc-multi-az

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Creating a Production-Ready VPC Across Multiple Availability Zones

创建跨多个可用区的生产级VPC

Overview

概述

Domain expertise for creating production-ready VPC infrastructure distributed across multiple Availability Zones. Covers VPC creation with DNS support, public and private subnet layout with automatic CIDR calculation, internet gateway, NAT gateways for high-availability outbound access, route table configuration, and tiered security groups following AWS Well-Architected principles.

本内容专注于创建跨多个可用区的生产级VPC基础设施的领域知识，涵盖支持DNS的VPC创建、具备自动CIDR计算功能的公有/私有子网布局、互联网网关、用于高可用出站访问的NAT网关、路由表配置，以及遵循AWS Well-Architected原则的分层安全组。

Create a production VPC

创建生产级VPC

To create a fully configured multi-AZ VPC with public/private subnets, NAT gateways, route tables, and security groups, follow the procedure exactly. See Production VPC creation procedure.

Key parameters:

```
vpc_name
```
(required): Name prefix for all resources
```
region
```
(required): Target AWS region
```
allowed_web_cidrs
```
(required): CIDR blocks allowed for web access — allow 0.0.0.0/0 only if explicitly requested
```
vpc_cidr
```
(optional, default
```
10.0.0.0/16
```
): VPC CIDR block
```
availability_zones
```
(optional, default 3): Number of AZs (2–6)
```
environment
```
(required): Environment tag
```
enable_ssh_access
```
(optional, default false): Whether to create SSH security group

如需创建配置完整的多可用区VPC（包含公有/私有子网、NAT网关、路由表和安全组），请严格遵循以下步骤。详见生产级VPC创建流程。

关键参数：

```
vpc_name
```
（必填）：所有资源的名称前缀
```
region
```
（必填）：目标AWS区域
```
allowed_web_cidrs
```
（必填）：允许Web访问的CIDR块——仅在明确要求时才允许0.0.0.0/0
```
vpc_cidr
```
（可选，默认值
```
10.0.0.0/16
```
）：VPC的CIDR块
```
availability_zones
```
（可选，默认值3）：可用区数量（2–6）
```
environment
```
（必填）：环境标签
```
enable_ssh_access
```
（可选，默认值false）：是否创建SSH安全组

Troubleshooting

故障排查

Insufficient Availability Zones

可用区数量不足

The target region must have at least 2 available AZs. Use

aws ec2 describe-availability-zones

to verify.

目标区域必须至少有2个可用的可用区。可使用

aws ec2 describe-availability-zones

命令进行验证。

NAT Gateway creation delays

NAT网关创建延迟

NAT Gateways can take several minutes to become available. The procedure waits for availability before configuring route tables.

NAT网关可能需要几分钟才能就绪。流程会等待网关就绪后再配置路由表。

Security group CIDR warnings

安全组CIDR警告

The procedure warns about

0.0.0.0/0

for web access CIDRs and recommends specific IP ranges for production workloads, but allows it if explicitly requested.

流程会针对Web访问CIDR设置为

0.0.0.0/0

发出警告，并建议为生产工作负载使用特定IP范围，但如果明确要求，仍允许该设置。