CDP:OnDemand NAT Pattern
Changing Internet Settings at the Time of Maintenance
Problem to Be Solved
In secure systems, outbound access to the Internet by individual servers is usually prohibited. This makes maintenance operations that require accessing the Internet, such as updating the operating system package, impossible. One method to solve this problem is to provide Network Address Translation (NAT) for the Internet connection, to access the Internet through the NAT. The conditions for individual servers to access the Internet are controlled by the NAT. However, it is only during maintenance (such as updating the operating system package) that NAT is needed. The NAT it is not required at other times, so the NAT resources will sit idle the vast majority of the time, which is wasteful.
Explanation of the Cloud Solution/Pattern
In the past, the assumption has been that after purchasing, server hardware would continue to be used on a permanent basis. That is, there would still be the same expenses for purchasing and operation, even if the servers were no longer used. It would be extremely difficult to operate, under temporary usage fees, a server that would be used only temporarily. However, most of the virtual servers on the AWS Cloud are billed by time of use. Given this, producing the NAT in a virtual server that is launched only at the time of maintenance (such as when updating the operating system package), and shutting it down otherwise, improves cost effectiveness. The AWS Cloud provides many APIs for launching and terminating virtual servers. You can use these APIs to automate launching and termination of NATs (virtual servers).
The Virtual Private Cloud (VPC) that performs virtual networking on the AWS Cloud has a function for creating an NAT instance. There is also a function for setting up routing for each subnet, allowing you to route EC2 instances within a subnet through the NAT instance.
- Prepare an NAT instance on a VPC.
- Startup the NAT instance at the beginning of maintenance (when it will be necessary to access the Internet), and set up the NAT instance with subnet routing.
- When maintenance has been completed, delete the settings for the NAT instance from the routing, and then stop/delete the NAT instance.
- This lets you maintain system security because there is no routing of access from within to the Internet except for during maintenance.
- The NAT instance operates only during use, reducing costs.
- Because, at the time of maintenance, operations are performed ranging from starting up the NAT instance through adjusting the routing of the subnets, it is safest if you automate these operations through a script, so that there will be no operator errors.