User Tools
Sidebar
Table of Contents
VyOS Configure on First Boot
Description
Steps
- Create VPC, Security Groups, and Public Route Table
- Create S3 bucket and vyos-config.txt file
- Store handler and config in S3 bucket
- Launch HTTP Server (SSM Session Manager can be used to verify handler and config loaded)
- Launch VyOS instance (SSH can be used to verify that config loaded)
Diagram
The HTTP Server Security Group accepts TCP 80 from the VyOS Security Group. The VyOS Security Group accepts all traffic from the Servers Security Group. Source / Destination check must be disabled on the VyOS interface. Optionally the VyOS Security Group can accept TCP 22 from HTTP Server Security Group or your public IP for testing and further configuration.
HTTP Server User Data
The HTTP Server could store its private IP in a Systems Manager Parameter. This would require an EC2 instance role that allows access to Systems Manager. By doing this you can also use Systems Manager Session Manager to accessing the instance CLI.
#!/bin/bash yum -y install httpd wget systemctl start httpd cd /var/www/html wget https://s3.us-east-2.amazonaws.com/s3bucket-holding-config/vyos_handler.py wget https://s3.us-east-2.amazonaws.com/s3bucket-holding-config/vyos-config.txt ifconfig ## locate private IP 10.32.64.20
VyOS User Data
The VyOS instance could be launched via CLI / API and have the IP address in the user data replaced with the value of a Systems Manager Parameter.
#include-once http://10.32.64.20/vyos_handler.py http://10.32.64.20/vyos-config.txt
VyOS Configuration File
The vyos-config.txt file needs to only contain the set commands for performing your initial configuration.
set nat source rule 100 outbound-interface 'eth0' set nat source rule 100 translation address 'masquerade'
Multi-AZ Diagram
HTTP server used for storing configuration files used during first boot is not show.
