Allow the use of an instance id in the route creation in ec2_vpc (for NAT private networks)

[romanrev]

According to boto.vpc.VPCCOnnection.create_route there is a need to use named parameters in the method call to differentiate between a gateway ID and an instance ID when trying to create a route.

Otherwise upon trying to register a route with an existing (NAT) instance ID instead of the gateway ID one gets an error like follows:

failed: [127.0.0.1] => {"failed": true, "item": ""}
msg: Unable to create and associate route table {u'routes': [{u'dest': u'0.0.0.0/0', u'gw': u'i-09d47501'}], u'subnets': [u'10.1.10.0/24', u'10.1.12.0/24', u'10.1.20.0/24']}, error: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>InvalidGatewayID.NotFound</Code <Message>The gateway ID 'i-09d47501' does not exist</Message></Error></Errors><RequestID>fa95104e-37ab-44ee-b8fd-2c5033179585</RequestID></Response>

[arbabnazar]

@romanrev, I have situation, where I want to add some routes against my nat instance id inside the routing table, can you please guide me that how I can do that? as I want to first create the nat instance then want to get it's id and add the route against it.

I have done this:
1- create an ec2 nat instance with my playbook
2- got it's id and register it
3- I want to add the route against it in already existed routing table, how i can do that?

Thanks in advance

[romanrev]

Hi @arbabnazar. Please refer to the following gist - an excerpt from my VPC setup playbook. The sequence of all required actions is marked in the nat_setup.yml by comments STEP 1-4, everything else in that playbook is just for reference so that all the used data structures are clear. I have also provided the templates and extracts from group_vars/all file for the same purpose. I hope you get the idea, if not - let me know and I can explain it further.

In a nutshell, all I do is:

• (STEP 2-3). I merge the existing routing tables defined by vpc_env.route_tables in group_vars/all file with the ones constructed in nat_routes.json.j2 Jinja template for the private subnets which need to be routed through the NAT instances
• (STEP 4) call ec2_vpc module once again with the updated routing table constructed in the previous steps

The NAT instances also run a nat_monitor.sh script that allows them to take over the routes in case one of them stops responding - but that is only required in case of a redundant NAT setup, where two NATs are running in separate availability zones. In case of a single NAT, there would not be any need in that, and the user_data parameter in STEP 1 could be obviously dropped.

[arbabnazar]

Hi @romanrev, thanks for the help, I am totally lost, can you please help me, here is the my complete setting
I am lost on the routing table update part, that how I can update the routing table. I have read your gist and comment but sorry, I didn't get much.
Thanks

[romanrev]

Hey @arbabnazar: in the task lists that you posted I could not see where you construct the NAT route table and where you merge it with the the existing route table defined in vpc.yml? After that is done, you will ned to call ec2_vpc second time, providing it the updated route tables (combined with the NAT ones).

[arbabnazar]

Hi @romanrev , truth to be told, I am confused about constructing the NAT route table, can you please give me hint, as I can see your NAT route table construction but unfortunately, some tags are really confusing me, that the area, where I need your help. Thanks

[romanrev]

@arbabnazar:

1. You need to make sure to store your subnets defined in those lines in a variable: either using a set_fact directive or setting it in a var file of some sort like I do (vpc_env.subnets). Let's say you call the variable vpc_subnets.
   You also need to store the routes you define in your call to ec2_vpc in another variable, say vpc_route_tables
2. After your call to the NAT creation you correctly store the result in ec2
3. Now to use the nat_routes.json.j2 to construct your NAT routes you'll need to change all occurrences of the variables as follows:

• ec2_nat.results -> ec2.results
• vpc_env.subnets -> vpc_subnets
  and the conditional if subnet.private in this line to if subnet.cidr == private_cidr.
  You'll then place something like the call to nat_routes.json.j2 template after the call to your NAT creation task
• Then place a call to the NAT + original routes merge task, replacing vpc_env.route_tables -> vpc_route_tables (defined in 1.)
• Now make another call to ec2_vpc, this time though replacing the route tables with the all_routes variable:

- name: VPC | Creating and AWS VPC inside mentioned Region
   local_action:
     module: ec2_vpc
     region: "{{ vpc_region }}"
...
     route_tables: "{{ all_routes }}"

[arbabnazar]

@romanrev sorry for the late reply, I am able to work it. Thanks for your help.