jvehent/make_nat_instance.sh

## make_nat_instance.sh
#!/usr/bin/env bash

# configuration
VPC=vpc-24e97b4d
IGW=igw-9f59e9f6
MAINRT=rtb-ae92f4c7
REGION=us-east-2
SSHKEY=jvehent-cloudservicesawsdev-us-east-2-20170513

fail() {
    echo configuration failed, tearing down setup
    if [ ! -z $IID ]; then
        aws ec2 terminate-instances --region $REGION --instance-ids $IID
        while true; do
            STATE=$(aws ec2 describe-instances \
                --region $REGION \
                --instance-ids $IID \
                | jq -r '.Reservations[0].Instances[0].State.Name')
            [ "$STATE" != "running" ] && break
            echo -n .
        done
    fi
	[ -z $SGID ] && aws ec2 delete-security-group --region $REGION --group-id $SGID
	[ -z $RTID ] && aws ec2 delete-route-table --region $REGION --route-table-id $RTID
	[ -z $SUBID ] && aws ec2 delete-subnet --region $REGION --subnet-id $SUBID
    exit 1
}

echo Creating a NAT subnet in the VPC
SUBID=$(aws ec2 create-subnet \
	--region $REGION \
	--vpc-id $VPC \
	--cidr-block 10.0.1.0/24 \
	| jq -r '.Subnet.SubnetId' || fail)
echo $SUBID

echo Creating outbound NAT route table
RTID=$(aws ec2 create-route-table \
	--region $REGION \
	--vpc-id $VPC \
	| jq -r '.RouteTable.RouteTableId' || fail)
echo $RTID

echo Creating outbound NAT route through internet gateway
aws ec2 create-route \
	--region $REGION \
	--route-table-id $RTID \
	--destination-cidr-block 0.0.0.0/0 \
	--gateway-id $IGW || fail

echo Associating outbound NAT route table with NAT subnet
aws ec2 associate-route-table \
	--region $REGION \
	--subnet-id $SUBID \
	--route-table-id $RTID || fail

echo Creating the NATSG Security Group
SGID=$(aws ec2 create-security-group \
	--region $REGION \
	--group-name outboundnat \
	--description "Filtering of egress traffic through NAT instance" \
	--vpc-id $VPC \
	| jq -r '.GroupId' || fail)
echo $SGID

aws ec2 authorize-security-group-ingress \
	--region $REGION \
	--group-id $SGID \
	--cidr 0.0.0.0/0 \
	--protocol tcp --port 22 || fail

aws ec2 authorize-security-group-ingress \
	--region $REGION \
	--group-id $SGID \
	--cidr 10.0.0.0/16 \
	--protocol tcp --port 80 || fail

aws ec2 authorize-security-group-ingress \
	--region $REGION \
	--group-id $SGID \
	--cidr 10.0.0.0/16 \
	--protocol tcp --port 443 || fail

# To find all available nat instances in the region, use:
aws ec2 describe-images \
	--region $REGION \
	--filter Name="owner-alias",Values="amazon" \
	--filter Name="name",Values="amzn-ami-vpc-nat*" \
	| jq -r '.Images[] | .Name + " " + .ImageId' \
	| sort

echo Starting a NAT instance in the NATSG security group
IID=$(aws ec2 run-instances \
	--region $REGION \
	--instance-type t2.micro \
	--key-name $SSHKEY \
	--security-group-ids $SGID \
	--subnet-id $SUBID \
	--instance-initiated-shutdown-behavior terminate \
	--associate-public-ip-address \
	--count 1 \
	--image-id ami-6793b702 \
	| jq -r '.Instances[0].InstanceId' || fail)
echo $IID

aws ec2 create-tags \
	--region $REGION \
	--resources $IID \
	--tags Key=Owner,Value=jvehent Key=Name,Value=testidsnat1 || fail

echo Disabling Source/Destination Checks on NAT instance
aws ec2 modify-instance-attribute \
	--region $REGION \
	--instance-id $IID \
	--no-source-dest-check || fail

echo Waiting for NAT instance to be in running state
while true; do
	STATE=$(aws ec2 describe-instances \
		--region $REGION \
		--instance-ids $IID \
		| jq -r '.Reservations[0].Instances[0].State.Name')
	[ "$STATE" == "running" ] && break
	echo -n .
done
echo

echo Updating the Main Route Table
aws ec2 replace-route \
	--region $REGION \
	--route-table-id $MAINRT \
	--destination-cidr-block 0.0.0.0/0 \
	--instance-id $IID || fail
	#!/usr/bin/env bash

	# configuration
	VPC=vpc-24e97b4d
	IGW=igw-9f59e9f6
	MAINRT=rtb-ae92f4c7
	REGION=us-east-2
	SSHKEY=jvehent-cloudservicesawsdev-us-east-2-20170513

	fail() {
	echo configuration failed, tearing down setup
	if [ ! -z $IID ]; then
	aws ec2 terminate-instances --region $REGION --instance-ids $IID
	while true; do
	STATE=$(aws ec2 describe-instances \
	--region $REGION \
	--instance-ids $IID \
	\| jq -r '.Reservations[0].Instances[0].State.Name')
	[ "$STATE" != "running" ] && break
	echo -n .
	done
	fi
	[ -z $SGID ] && aws ec2 delete-security-group --region $REGION --group-id $SGID
	[ -z $RTID ] && aws ec2 delete-route-table --region $REGION --route-table-id $RTID
	[ -z $SUBID ] && aws ec2 delete-subnet --region $REGION --subnet-id $SUBID
	exit 1
	}

	echo Creating a NAT subnet in the VPC
	SUBID=$(aws ec2 create-subnet \
	--region $REGION \
	--vpc-id $VPC \
	--cidr-block 10.0.1.0/24 \
	\| jq -r '.Subnet.SubnetId' \|\| fail)
	echo $SUBID

	echo Creating outbound NAT route table
	RTID=$(aws ec2 create-route-table \
	--region $REGION \
	--vpc-id $VPC \
	\| jq -r '.RouteTable.RouteTableId' \|\| fail)
	echo $RTID

	echo Creating outbound NAT route through internet gateway
	aws ec2 create-route \
	--region $REGION \
	--route-table-id $RTID \
	--destination-cidr-block 0.0.0.0/0 \
	--gateway-id $IGW \|\| fail

	echo Associating outbound NAT route table with NAT subnet
	aws ec2 associate-route-table \
	--region $REGION \
	--subnet-id $SUBID \
	--route-table-id $RTID \|\| fail

	echo Creating the NATSG Security Group
	SGID=$(aws ec2 create-security-group \
	--region $REGION \
	--group-name outboundnat \
	--description "Filtering of egress traffic through NAT instance" \
	--vpc-id $VPC \
	\| jq -r '.GroupId' \|\| fail)
	echo $SGID

	aws ec2 authorize-security-group-ingress \
	--region $REGION \
	--group-id $SGID \
	--cidr 0.0.0.0/0 \
	--protocol tcp --port 22 \|\| fail

	aws ec2 authorize-security-group-ingress \
	--region $REGION \
	--group-id $SGID \
	--cidr 10.0.0.0/16 \
	--protocol tcp --port 80 \|\| fail

	aws ec2 authorize-security-group-ingress \
	--region $REGION \
	--group-id $SGID \
	--cidr 10.0.0.0/16 \
	--protocol tcp --port 443 \|\| fail

	# To find all available nat instances in the region, use:
	aws ec2 describe-images \
	--region $REGION \
	--filter Name="owner-alias",Values="amazon" \
	--filter Name="name",Values="amzn-ami-vpc-nat*" \
	\| jq -r '.Images[] \| .Name + " " + .ImageId' \
	\| sort

	echo Starting a NAT instance in the NATSG security group
	IID=$(aws ec2 run-instances \
	--region $REGION \
	--instance-type t2.micro \
	--key-name $SSHKEY \
	--security-group-ids $SGID \
	--subnet-id $SUBID \
	--instance-initiated-shutdown-behavior terminate \
	--associate-public-ip-address \
	--count 1 \
	--image-id ami-6793b702 \
	\| jq -r '.Instances[0].InstanceId' \|\| fail)
	echo $IID

	aws ec2 create-tags \
	--region $REGION \
	--resources $IID \
	--tags Key=Owner,Value=jvehent Key=Name,Value=testidsnat1 \|\| fail

	echo Disabling Source/Destination Checks on NAT instance
	aws ec2 modify-instance-attribute \
	--region $REGION \
	--instance-id $IID \
	--no-source-dest-check \|\| fail

	echo Waiting for NAT instance to be in running state
	while true; do
	STATE=$(aws ec2 describe-instances \
	--region $REGION \
	--instance-ids $IID \
	\| jq -r '.Reservations[0].Instances[0].State.Name')
	[ "$STATE" == "running" ] && break
	echo -n .
	done
	echo

	echo Updating the Main Route Table
	aws ec2 replace-route \
	--region $REGION \
	--route-table-id $MAINRT \
	--destination-cidr-block 0.0.0.0/0 \
	--instance-id $IID \|\| fail