Open chowmean opened 3 years ago
Disabling the source/destination check (often referred to as "EC2 ClassicLink") is a VPC-specific configuration, and it is not directly managed by an Auto Scaling group. Therefore, you need to modify the underlying EC2 instances' network interfaces to disable this setting.
Here's a step-by-step approach to achieve this:
Create Launch Configuration: Ensure that you have an AWS Launch Configuration that defines how your EC2 instances are launched. If you don't have one, create it.
Modify Network Interface: To disable the source/destination check, you need to modify the network interface settings when launching instances. Add the source_dest_check
attribute to your Launch Configuration. Set it to false
to disable source/destination checking for the instances.
Here's an example using AWS CLI to modify an existing Launch Configuration:
aws autoscaling create-launch-configuration --launch-configuration-name my-launch-config \
--image-id ami-0123456789abcdef0 \
--instance-type t2.micro \
--security-groups sg-0123456789abcdef0 \
--key-name my-key-pair \
--user-data "your-user-data-script" \
--no-source-dest-check # This disables source/destination checks
Here's an example using Terraform to update an Auto Scaling group:
resource "aws_autoscaling_group" "example" {
name = "example"
launch_configuration = aws_launch_configuration.my_launch_config.name
# Other Auto Scaling group settings
}
resource "aws_launch_configuration" "my_launch_config" {
name_prefix = "my-launch-config"
image_id = "ami-0123456789abcdef0"
instance_type = "t2.micro"
security_groups = ["sg-0123456789abcdef0"]
key_name = "my-key-pair"
user_data = "your-user-data-script"
source_dest_check = false # Disable source/destination checks
}
source_dest_check
attribute set to false
.Keep in mind that the ability to disable source/destination checks depends on the specific VPC configuration and instance types you are using. It's also important to understand the security implications of disabling source/destination checks in your network environment.
I'm not sure if the last comment is a suggestion on how it could be implemented but it doesnt seem to work.
There is a workaround on stack overflow here which involves adding this to the userdata script of the ec2
ws ec2 modify-instance-attribute --no-source-dest-check --instance-id $EC2_INSTANCE_ID --region <REGION-WHERE-EC2-INSTANCE-IS-LAUNCHED>
I dont think this works unless you have internet access via internet/nat gateway.
Being able to set the source dest check in the autoscale group would be useful for setting up gateway loadbalancers in 2 arm mode. I believe you need source dest check disable in that scenario.
I think this cant be currently implemented see #29561
Description
It is possible to disable the source-destination check through autoscaling groups. I didn't find any code related to this.
New or Affected Resource(s)
If not present can this be implemented as I am not able to find this in autoscaling group templates in boto APIs?