On installations without a internet, the instance can't report health.

[robertdebock]

The instances now report their health using a script (/usr/local/bin/aws_health.sh). That script contacts autoscaling, which is unreachable.

• Maybe a VPC Endpoint can help to give instances access to AWS autoscaling.
• Maybe a proxy is required to allow access to AWS (and other) services.
• Maybe the instance script is not possible or required at all.

[robertdebock]

In case this is not possible, there are other features that are impossible when no NAT-gateway (or other form of internet connection) is deployed:

• CloudWatch metrics
• Instance health checking
• Instance deregistration
• Key Management Service (KMS) -> Blocker, used for unsealing.

This means all these features should be conditionally deployed... Lots of work.