An AWS CDK library providing NAT instances that are each placed in their own auto scaling group to improve fault tolerance and availability.
npm install cdk-nat-asg-provider!npm version
!PyPi version
!Release
!License
Use this AWS Cloud Development Kit (CDK) library to configure and deploy network address translation (NAT) instances individually within their own auto scaling group (ASG) to improve reliability and availability.
Works with AWS CDK v2.
Although the NAT gateways offered by AWS have high availability, high bandwidth scalability, and minimal administration needs, they can be too expensive for small scale applications. A cheaper alternative, one that AWS mentions in its documentation but does not recommend, is to configure and manage your own NAT instances. One way of doing this is with the CDK using NatInstanceProvider.
``typescript
import { aws_ec2 as ec2 } from 'aws-cdk-lib';
// Factory method constructs and configures a NatInstanceProvider object
const provider = ec2.NatProvider.instance({
instanceType: new ec2.InstanceType('t2.micro'),
});
const vpc = new ec2.Vpc(this, 'Vpc', {
natGatewayProvider: provider,
});
`
A major downside of this approach is that the created NAT instances will not be automatically replaced if they are stopped for whatever reason.
To provide better fault tolerance and availability, I implemented a NAT provider called NatAsgProvider that places each created NAT instance in its own ASG.
`typescript
import { aws_ec2 as ec2 } from 'aws-cdk-lib';
import { NatAsgProvider } from 'cdk-nat-asg-provider';
const provider = new NatAsgProvider({});
const vpc = new ec2.Vpc(this, 'Vpc', {
natGatewayProvider: provider,
});
`
Like NatInstanceProvider, NatAsgProvider extends NatProvider.
The number of NAT instances to create and the placement of those NAT instances is dictated by the configuration of the relevant VPC object using the following configuration properties provided to the VPC constructor:
- natGatewaySubnets
- Selects the subnets that will have NAT instances
- By default, all public subnets are selected
- natGateways
- The number of NAT instances to create
- By default, one NAT instance per AZ
At a high-level, this is how NatAsgProvider achieves its purpose:cfn-signal
- Enables NAT in the EC2 instances, which are running Amazon Linux 2
- Places each NAT instance in its own ASG, configured by a launch template
- Uses in conjunction with a CreationPolicy and UpdatePolicy to suspend work on the stack until the NAT instance signals successful creation or update, respectively, of its ASG
- Attaches an additional elastic network interface (ENI) to each NAT instance
- Each of these ENI is assigned an elastic IP (EIP) address
- Sets the default gateway to be the newly attached ENI
shell
npm install cdk-nat-asg-provider
`
or
shell
yarn install cdk-nat-asg-provider
`$3
shell
pip install cdk-nat-asg-provider
`Usage
For general usage, check out the API documentation.
$3
I implemented a test environment similar to the one described in the AWS VPC docs. It allows you to manually check whether instances in private subnets can access the internet through the NAT instances by using the NAT instances as bastion servers.
The implementation is in src/manual.integ.ts. It's worth taking a look if you're confused about how to configure
and NatAsgProvider.To deploy the manual integration test, execute the
sh script scripts/manual-integ-test and use the deploy command:`shell
./scripts/manual-integ-test deploy [MAX_AZS]
`
is optional.To destroy the manual integration test, execute the same script with same arguments using the
destroy command:`shell
./scripts/manual-integ-test destroy [MAX_AZS]
`Project configuration via
synthesizes and maintains project configuration. Most of the configuration files, such as package.json, .gitignore, and those defining Github Actions workflows, are managed by projen and are read-only. To add, remove, or modify configuration files, edit .projenrc.js and then run npx projen. Check out projen`'s documentation website for more details.Feel free to open issues to report bugs or suggest features. Contributions via pull requests are much appreciated.