Coder Social home page Coder Social logo

zxkane / snat Goto Github PK

View Code? Open in Web Editor NEW
15.0 3.0 4.0 6.72 MB

Purpose built Simple NAT instance on AWS.

Home Page: https://kane.mx/posts/2021/simple-nat-on-aws/

License: Apache License 2.0

JavaScript 31.64% TypeScript 65.03% Shell 3.32%
aws cdk-construct cdk-construct-library nat-instance

snat's Introduction

Simple NAT

Release NPM version pypi version coverage

It's a CDK construct to create NAT instances on AWS.

It supports adding specific IP CIDRs to route tables of VPC, the network traffic to those IP CIDRs will be forwarded to the NAT instances.

It supports routing to below services out of box,

  • Github git servers
  • Google
  • Cloudflare

Arch diagram

Install

TypeScript/JavaScript:

yarn add cdk-construct-simple-nat

or

npm install cdk-construct-simple-nat

Usage

import { SimpleNAT } from 'cdk-construct-simple-nat';

new SimpleNAT(this, 'SimpleNAT', {
  vpc,
  natSubnetsSelection: {
    subnetType: SubnetType.PUBLIC,
    onePerAz: true,
  },
})
.withGithubRoute();

See the complete example and API doc.

FAQ

What's the difference between EC2 NAT instances and NAT instances created by this construct

There are below differences,

  • EC2 NAT instance will route all Internet traffic to itself by default
  • NAT instance uses depracated Amazon Linux AMI, this construct always uses latest Amazon Linux 2 AMI
  • NAT instances created by this construct can work with NAT gateways together, you can have multiple NAT instances in one VPC
  • This construct can help when only routing specific traffic(for example, github/gist) to NAT instances which acts as transit proxy

What's the difference between CDK built-in NAT instances and NAT instances created by this construct

  • CDK built-in NAT instances has to be created with VPC stack, this construct can add NAT instances to any existing VPC
  • You can use this construct multiple NAT instances for different purposes
  • This construct allows you customize the instances how to route the traffic

The deployment fails due to the routes in route table exceeds the limit

The default routes in route table is 50, the deployment will fail if adding routes more than the limit of your account. You can increase the limit up to 1000 routes per route table via service quota.

How to exclude IPv6 CIDR with built-in github/google/cloudflare routes

You can exclude IPv6 CIDR like below,

new SimpleNAT(this, 'SimpleNAT', {
  vpc,
})
.withCloudflareRoute({
  excludeIPv6: true,
});

snat's People

Contributors

dependabot[bot] avatar github-actions[bot] avatar zxkane avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

nrfcloud cloudnostics some-forks sgfgov

snat's Issues

Add `machineImage` prop

Thanks for the library! I was using the Terraform version, but switched my infra as code to CDK, so this has been super helpful.

Can we include an option to specify the machine image? I'd like to use ARM AMIs.

  • ๐Ÿ‘‹ I may be able to implement this feature request

This is a ๐Ÿš€ Feature Request

Question Use Case: Allow List IP - Third Party Service

โ“ Allow List IP - Third Party Service

Hi, I need to provide a third party a list of allowed IPs from which to filter my requests.

Therefore, my AWS lambdas need to run within those IPs in order to communicate with the third party service.

I am currently solving this problem with a VPC with a NAT Gateway with one associated EIP. (cannot associate more EIPs to the same NAT)

The problem is that as I scale, I really need multiple EIPs associated with the NAT, and then to have my Lambda function randomly assigned to one of the static IPs from the list of allowed IPs, every time they got invoked (even the same IP twice is fine, but ideally long-term I want to rotate between all IPs of the subnet).

Do you think snat could be useful for this use case? If yes, how?

Thank you very much for the work done.

Do you think snat could be useful for this use case? If yes, how?

Environment

  • Version: latest
  • CDK CLI Version: 2.99.0
  • Node.js Version: 20
  • OS: MacOS

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.