Skip to content

Instantly share code, notes, and snippets.

@tachesimazzoca
Last active December 13, 2015 18:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tachesimazzoca/6392900b3941d6de4665 to your computer and use it in GitHub Desktop.
Save tachesimazzoca/6392900b3941d6de4665 to your computer and use it in GitHub Desktop.
Startup script for EC2 NAT Instance #aws

Startup script for EC2 NAT Instance

% su -
% vim /usr/local/sbin/configure-pat.sh
% chmod 700 /usr/local/sbin/configure-pat.sh

% vim /etc/rc.local
....
/usr/local/sbin/configure-pat.sh
#!/bin/bash
# Configure the instance to run as a Port Address Translator (PAT) to provide
# Internet connectivity to private instances.
#
set -x
echo "Determining the MAC address on eth0"
ETH0_MAC=`/sbin/ifconfig | /bin/grep eth0 | awk '{print tolower($5)}' | grep '^[0-9a-f]\{2\}\(:[0-9a-f]\{2\}\)\{5\}$'`
if [ $? -ne 0 ] ; then
echo "Unable to determine MAC address on eth0" | logger -t "ec2"
exit 1
fi
echo "Found MAC: ${ETH0_MAC} on eth0" | logger -t "ec2"
VPC_CIDR_URI="http://169.254.169.254/latest/meta-data/network/interfaces/macs/${ETH0_MAC}/vpc-ipv4-cidr-block"
echo "Metadata location for vpc ipv4 range: ${VPC_CIDR_URI}" | logger -t "ec2"
VPC_CIDR_RANGE=`curl --retry 3 --retry-delay 0 --silent --fail ${VPC_CIDR_URI}`
if [ $? -ne 0 ] ; then
echo "Unable to retrive VPC CIDR range from meta-data. Using 0.0.0.0/0 instead. PAT may not function correctly" | logger -t "ec2"
VPC_CIDR_RANGE="0.0.0.0/0"
else
echo "Retrived the VPC CIDR range: ${VPC_CIDR_RANGE} from meta-data" |logger -t "ec2"
fi
echo 1 > /proc/sys/net/ipv4/ip_forward && \
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects && \
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s ${VPC_CIDR_RANGE} -j MASQUERADE
if [ $? -ne 0 ] ; then
echo "Configuration of PAT failed" | logger -t "ec2"
exit 0
fi
echo "Configuration of PAT complete" |logger -t "ec2"
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment