Last active
August 3, 2016 16:01
-
-
Save hermes-pimentel/7fe5993944475d5ec0fad82b02c6a151 to your computer and use it in GitHub Desktop.
NAT HA with only one machine. (ASG)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| #1) Create your private subnet, SGs, and etc... and get the route table ID from privates subnets that need a NAT instance / allocate a new Elastic IP and get the ID. | |
| #2) create a launch configuration with the script bellow (dont use user-data text, upload a file with '.sh' extension) | |
| # use the this policy in AMI role: | |
| #ec2-role-policy | |
| # { | |
| # "Version": "2012-10-17", | |
| # "Statement": [ | |
| # { | |
| # "Action": [ | |
| # "ec2:AssociateRouteTable", | |
| # "ec2:CreateRoute", | |
| # "ec2:ModifyInstanceAttribute", | |
| # "ec2:ReplaceRoute", | |
| # "ec2:AllocateAddress", | |
| # "ec2:EIPAssociation", | |
| # "ec2:AssociateAddresss", | |
| # "ec2:DisassociateAddress", | |
| # "ec2:AssociateAddress" | |
| # ], | |
| # "Effect": "Allow", | |
| # "Resource": "*" | |
| # } | |
| # ] | |
| #} | |
| # | |
| #3) create a ASG with the lauch configuration with only 1 machine, on public subnet. (define your own thresholds and health checks) | |
| #4) after the machine start in ASG, it will create a route in route table, or replace a old route, from private subnets with the ENI ID from the new instance, | |
| #if this machine go donw or die, a new machine will assume the elastic IP and recreate the routes. | |
| #logs on /var/log/user-data.log and /var/log/cloud-init-output.log | |
| #it's simple, but is working very well | |
| #!/bin/sh | |
| export ENI_ID=$(curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/`ifconfig | grep eth0 | awk {'print $5'} | tr '[:upper:]' '[:lower:]'`/interface-id/) | |
| export INSTANCE_ID=$(curl http://169.254.169.254/latest/meta-data/instance-id) | |
| export ROUTE_TABLE_ID=<private route table ID> | |
| export REGION=<aws region> | |
| export ELASTIC_IP_ID=<elastic IP ID> | |
| export LOG=/var/log/user-data.log | |
| touch $LOG | |
| echo "Start NAT-HA procedure........." >> $LOG | |
| echo "Associate elastic IP...." >> $LOG | |
| aws ec2 associate-address --instance-id $INSTANCE_ID --allocation-id $ELASTIC_IP_ID --allow-reassociation --region $REGION | |
| RT0=$? | |
| if [ $RT0 -eq 0 ]; then | |
| echo "Elastic IP OK...." >> $LOG | |
| else | |
| echo "Elastic IP NOK exit 1" >> $LOG | |
| exit 1 | |
| fi | |
| echo "trying change source destination check parameter...." >> $LOG | |
| aws ec2 modify-instance-attribute --instance-id $INSTANCE_ID --source-dest-check "{\"Value\": false}" --region $REGION | |
| RESULT=$? | |
| if [ $RESULT -eq 0 ]; then | |
| echo "source destination check set to false " >> $LOG | |
| echo "trying to creating new route...." >> $LOG | |
| aws ec2 create-route --route-table-id $ROUTE_TABLE_ID --destination-cidr-block 0.0.0.0/0 --network-interface-id $ENI_ID --region $REGION | |
| RT=$? | |
| if [ $RT -eq 0 ]; then | |
| echo "new route created with success." >> $LOG | |
| exit 0 | |
| else | |
| echo "fail to create new route, try update the existing route....." >> $LOG | |
| echo "trying to update route table....." >> $LOG | |
| aws ec2 replace-route --route-table-id $ROUTE_TABLE_ID --destination-cidr-block 0.0.0.0/0 --network-interface-id $ENI_ID --region $REGION | |
| RT2=$? | |
| if [ $RT2 -eq 0 ]; then | |
| echo "Route updated with success." >> $LOG | |
| exit 0 | |
| else | |
| echo "fail to update route " >> $LOG | |
| exit 1 | |
| fi | |
| fi | |
| else | |
| echo "fail to change destination check" >> $LOG | |
| exit 1 | |
| fi | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment