Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-ec2: NatProvider.instanceV2 primary network interface #29720

Closed
tiborkoch opened this issue Apr 4, 2024 · 5 comments · Fixed by #29729 or rwlxxvii/containers#124 · May be fixed by NOUIY/aws-solutions-constructs#98, NOUIY/aws-solutions-constructs#99 or NOUIY/aws-solutions-constructs#101
Closed

aws-ec2: NatProvider.instanceV2 primary network interface #29720

tiborkoch opened this issue Apr 4, 2024 · 5 comments · Fixed by #29729 or rwlxxvii/containers#124 · May be fixed by NOUIY/aws-solutions-constructs#98, NOUIY/aws-solutions-constructs#99 or NOUIY/aws-solutions-constructs#101
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/small Small work item – less than a day of effort p2

Comments

@tiborkoch
Copy link

Describe the bug

Provided user data by NatInstanceProviderV2 uses incorrect primary network interface eth0 instead of ens5 (or similar).

    userData.addCommands(
      'yum install iptables-services -y',
      'systemctl enable iptables',
      'systemctl start iptables',
      'echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/custom-ip-forwarding.conf',
      'sudo sysctl -p /etc/sysctl.d/custom-ip-forwarding.conf',
      'sudo /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE',
      'sudo /sbin/iptables -F FORWARD',
      'sudo service iptables save',
    );

Expected Behavior

Nat instance forwards traffic

Current Behavior

Traffic not forwarded

Reproduction Steps

Simply use the example snippet from cdk docs:

const provider = ec2.NatProvider.instanceV2({
  instanceType,
  defaultAllowedTraffic: ec2.NatTrafficDirection.OUTBOUND_ONLY,
});
new ec2.Vpc(this, 'TheVPC', {
  natGatewayProvider: provider,
});

Possible Solution

Instead of hardcoding the network interface, use the actual from the os.

Additional Information/Context

No response

CDK CLI Version

2.133.0

Framework Version

No response

Node.js Version

OS

Language

TypeScript

Language Version

No response

Other information

No response
@tiborkoch tiborkoch added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 4, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Apr 4, 2024
@nmussy
Copy link
Contributor

nmussy commented Apr 4, 2024

Using route to get the default interface should be a safe and long term support solution:

$ grep PRETTY_NAME /etc/os-release
PRETTY_NAME="Amazon Linux 2023.4.20240401"
$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         ip-10-0-0-1.ec2 0.0.0.0         UG    512    0        0 ens5
ip-10-0-0-0.ec2 0.0.0.0         255.255.192.0   U     512    0        0 ens5
ip-10-0-0-1.ec2 0.0.0.0         255.255.255.255 UH    512    0        0 ens5
ip-10-0-0-2.ec2 0.0.0.0         255.255.255.255 UH    512    0        0 ens5
$ route | awk '/^default/{print $NF}'
ens5

@nmussy
Copy link
Contributor

nmussy commented Apr 4, 2024

I'm going to take this on, I'll also add a userData prop to alleviate future similar issues

Should have a PR ready by the end of the day 👍

@khushail khushail added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Apr 4, 2024
@nmussy nmussy mentioned this issue Apr 4, 2024
Merged
1 task
@github-actions github-actions bot mentioned this issue Apr 8, 2024
Closed
@mergify mergify bot closed this as completed in #29729 Apr 8, 2024
@mergify mergify bot closed this as completed in 4eb02a4 Apr 8, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 8, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

1 similar comment
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 8, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot mentioned this issue May 1, 2024
Closed
This was referenced May 23, 2024
Open
Open
@rwlxxvii rwlxxvii mentioned this issue May 27, 2024
Merged
@NOUIY NOUIY mentioned this issue May 30, 2024
Open
@NOUIY NOUIY mentioned this issue Jun 7, 2024
Open
@niravparikh05 niravparikh05 mentioned this issue Jun 13, 2024
Open
This was referenced Jun 14, 2024
Open
Open
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/small Small work item – less than a day of effort p2
Projects
None yet
Milestone
No milestone
4 participants
@nmussy @tiborkoch @aws-cdk-automation @khushail