Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ec2: Upgrade NatInstanceProvider #28907

Closed
2 tasks
tmokmss opened this issue Jan 29, 2024 · 5 comments · Fixed by #29013
Closed
2 tasks

ec2: Upgrade NatInstanceProvider #28907

tmokmss opened this issue Jan 29, 2024 · 5 comments · Fixed by #29013
Assignees
@GavinZZ
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort p1

Comments

@tmokmss
Copy link
Contributor

tmokmss commented Jan 29, 2024
edited

Describe the feature

The current NatInstanceProvider uses the AWS official NAT instance AMI, which has already reached EOL on Dec 31 2023.

NAT AMI is built on the last version of the Amazon Linux AMI, 2018.03, which reached the end of standard support on December 31, 2020 and end of maintenance support on December 31, 2023. For more information, see the following blog post: Amazon Linux AMI end of life.

If NAT instances are a better match for your use case than NAT gateways, you can create your own NAT AMI from a current version of Amazon Linux as described in Create a NAT AMI.

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html

It'd be great if CDK provides an easy way to configure a modern NAT instance.

Use Case

NAT Instances are still popular since they can be much cheaper than NAT Gateways.

Proposed Solution

We can create a NAT instance from AL2023 AMI by using these commands in this doc.

I think CDK can internally use ec2 userdata to configure them and abstract all the complexities away from users.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.124.0

Environment details (OS name and version, etc.)

macOS
@tmokmss tmokmss added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jan 29, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Jan 29, 2024
@pahud
Copy link
Contributor

pahud commented Jan 29, 2024

Yes this is very important. Thank you @tmokmss

@pahud pahud added p1 bug This issue is a bug. effort/medium Medium work item – several days of effort and removed feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jan 29, 2024
@GavinZZ GavinZZ self-assigned this Jan 31, 2024
@GavinZZ
Copy link
Contributor

GavinZZ commented Jan 31, 2024
edited

I would like to work on this issue if it's not been worked on yet.

But I have some clarifying questions before I can get started with the implementation. Reading the description, it seems that the default nat instance machine image is using a EOL machine image. Are you suggesting that this should be update to a newer & supported image?

We can create a NAT instance from AL2023 AMI by using these commands in this doc

I'm a bit confused on how it relates to the commands you linked in this doc.

@tmokmss
Copy link
Contributor Author

tmokmss commented Jan 31, 2024

@GavinZZ The old NAT instance AMI is published from AWS and it's based on the deprecated Amazon Linux. We were able to use the AMI to launch an NAT instance without additional configuration. Now, however, there is currently no official "NAT instance AMI" that is under maintenance.

Instead we can probably just launch an instance from AL2023 AMI and configure it via EC2 userdata using the commands in the doc.

To prevent breaking changes, I guess the old NAT AMI should still remain unchanged. Maybe we need NatInstanceProviderV2?

@github-actions github-actions bot mentioned this issue Feb 1, 2024
Closed
@GavinZZ GavinZZ assigned GavinZZ and unassigned GavinZZ Feb 2, 2024
@GavinZZ
Copy link
Contributor

GavinZZ commented Feb 7, 2024

Makes sense. Thanks for the clarification.

@GavinZZ GavinZZ mentioned this issue Feb 7, 2024
Merged
@mergify mergify bot closed this as completed in #29013 Mar 4, 2024
mergify bot pushed a commit that referenced this issue Mar 4, 2024
@GavinZZ
feat(ec2): add NAT instance V2 support using AL2023 (#29013)
7fa6bbf 
### Issue # (if applicable)

Closes #28907

### Reason for this change

Current NAT instance image has reached EOL on Dec 31 2023.

### Description of changes

If NAT instances are a better match for your use case than NAT gateways, you can create your own NAT AMI from a current version of Amazon Linux as described in [Create a NAT AMI](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#create-nat-ami).

### Description of how you validated changes

New unit and integration tests

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 4, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GavinZZ GavinZZ

Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ec2): add NAT instance V2 support using AL2023 aws/aws-cdk
3 participants
@pahud @tmokmss @GavinZZ