A cookbook to provide a NAT for an EC2 VPC (with HA if desired)
- An EC2 VPC
- 1 VPC node for a simple NAT or 3 VPC nodes for HA
- Include
et_nat::default
in your node’s run list. - Refer to @eherot’s “The Right Way to set up NAT in EC2” blog post for more details.
When creating instances using this cookbook, in order to assign a public IP address in your VPC, you’ll want to use a command like this:
knife ec2 server create \
-E prod \
-N prod-nat \
-s subnet-xxxxxxxx \
-f c3.large \
-g sg-xxxxxxxx \
-r "recipe[xyz]" \
--iam-profile nat-ha \
--associate-public-ip
The --associate-public-ip
is especially crucial, as otherwise, the instance will be unable to connect out, nor will it function as a NAT.
['nat']['yaml']['mocking']
: Default value istrue
['nat']['yaml']['monitor_enabled']
: Default value isfalse
['nat']['search_string']
= Default value is'run_list:recipe\[et_nat\]'
- Installs Fog for making AWS API calls
- Uses the other two recipes in this cookbook to set up the NAT mechanisms
- Provides mechanisms for maintaining high availability of a cluster of NAT instances using Chef Search & a NAT monitor script
- Can set up snitch-style monitoring using Cronitor
- Specify
monitor_token
andmonitor_opts
in your YAML config to create a new Cronitor monitor - Specify
monitor_code
to use an existing Cronitor monitor - See the
cronitor
gem docs for details on what these fields expect
- Specify
- Does the bulk of the work to set up the NAT
Author:: EverTrue ([email protected])