Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

aws-ec2: NatProvider.instanceV2 primary network interface #29720

Closed
tiborkoch opened this issue Apr 4, 2024 · 5 comments · Fixed by #29729 or robert-iw3/containers#124 · May be fixed by NOUIY/aws-solutions-constructs#98, NOUIY/aws-solutions-constructs#99 or NOUIY/aws-solutions-constructs#101
Closed

aws-ec2: NatProvider.instanceV2 primary network interface #29720

tiborkoch opened this issue Apr 4, 2024 · 5 comments · Fixed by #29729 or robert-iw3/containers#124 · May be fixed by NOUIY/aws-solutions-constructs#98, NOUIY/aws-solutions-constructs#99 or NOUIY/aws-solutions-constructs#101
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/small Small work item – less than a day of effort p2

Comments

@tiborkoch
Copy link

Describe the bug

Provided user data by NatInstanceProviderV2 uses incorrect primary network interface eth0 instead of ens5 (or similar).

    userData.addCommands(
      'yum install iptables-services -y',
      'systemctl enable iptables',
      'systemctl start iptables',
      'echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/custom-ip-forwarding.conf',
      'sudo sysctl -p /etc/sysctl.d/custom-ip-forwarding.conf',
      'sudo /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE',
      'sudo /sbin/iptables -F FORWARD',
      'sudo service iptables save',
    );

Expected Behavior

Nat instance forwards traffic

Current Behavior

Traffic not forwarded

Reproduction Steps

Simply use the example snippet from cdk docs:

const provider = ec2.NatProvider.instanceV2({
  instanceType,
  defaultAllowedTraffic: ec2.NatTrafficDirection.OUTBOUND_ONLY,
});
new ec2.Vpc(this, 'TheVPC', {
  natGatewayProvider: provider,
});

Possible Solution

Instead of hardcoding the network interface, use the actual from the os.

Additional Information/Context

No response

CDK CLI Version

2.133.0

Framework Version

No response

Node.js Version

OS

Language

TypeScript

Language Version

No response

Other information

No response
@tiborkoch tiborkoch added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 4, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Apr 4, 2024
@nmussy
Copy link
Contributor

nmussy commented Apr 4, 2024

Using route to get the default interface should be a safe and long term support solution:

$ grep PRETTY_NAME /etc/os-release
PRETTY_NAME="Amazon Linux 2023.4.20240401"
$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         ip-10-0-0-1.ec2 0.0.0.0         UG    512    0        0 ens5
ip-10-0-0-0.ec2 0.0.0.0         255.255.192.0   U     512    0        0 ens5
ip-10-0-0-1.ec2 0.0.0.0         255.255.255.255 UH    512    0        0 ens5
ip-10-0-0-2.ec2 0.0.0.0         255.255.255.255 UH    512    0        0 ens5
$ route | awk '/^default/{print $NF}'
ens5

@nmussy
Copy link
Contributor

nmussy commented Apr 4, 2024

I'm going to take this on, I'll also add a userData prop to alleviate future similar issues

Should have a PR ready by the end of the day 👍

@khushail khushail added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Apr 4, 2024
@nmussy nmussy mentioned this issue Apr 4, 2024
Merged
1 task
@github-actions github-actions bot mentioned this issue Apr 8, 2024
Closed
@mergify mergify bot closed this as completed in #29729 Apr 8, 2024
@mergify mergify bot closed this as completed in 4eb02a4 Apr 8, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 8, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

1 similar comment
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 8, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot mentioned this issue May 1, 2024
Closed
This was referenced May 23, 2024
Open
Open
@robert-iw3 robert-iw3 mentioned this issue May 27, 2024
Merged
@NOUIY NOUIY mentioned this issue May 30, 2024
Open
@NOUIY NOUIY mentioned this issue Jun 7, 2024
Open
@niravparikh05 niravparikh05 mentioned this issue Jun 13, 2024
Open
This was referenced Jun 14, 2024
Open
Open
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/small Small work item – less than a day of effort p2
Projects
None yet
Milestone
No milestone
4 participants
@nmussy @tiborkoch @aws-cdk-automation @khushail