An EKS cluster that routes all internet traffic through a Squid proxy.
1. Setup a key pair
Create a key pair with the name eks-with-proxy-sample
in your AWS account.
If you already have a key pair configured, change the KEY_PAIR_NAME
variable within src/constants.ts
to match your key pair name.
2. Install dependencies with Yarn v1
yarn install
3. Create the bootstrap stack in your AWS account This only needs to be ran once per account/region.
yarn bootstrap
4. Build Cloudformation files
yarn build
5. Deploy Vpc and ProxyInstance Stacks
yarn deploy Vpc ProxyInstance
6. Setup a proxy server on the EC2 instance
Setup the proxy server you'd like to use to proxy the EKS cluster's onEvent lambda requests.
See "Setup Squid Proxy on the EC2 instance" for an example setup.
7. Deploy EKS Cluster Stack
yarn deploy EksCluster
Squid should already be installed on the EC2 instance.
1. SSH into the EC2 instance
ssh -i ~/.ssh/eks-with-proxy-sample.pem ubuntu@<public-ip>
2. Access elevated privilages
sudo su
3. Edit Squid configuration
nano /etc/squid/squid.conf
-
Replace
http_access deny all
withhttp_access allow all
-
Add the following to the top of the file:
# Authentication configuration auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd auth_param basic children 5 auth_param basic realm Squid Basic Authentication auth_param basic credentialsttl 2 hours acl auth_users proxy_auth REQUIRED http_access allow auth_users
4. Create password for proxy user
touch /etc/squid/passwd
htpasswd /etc/squid/passwd user1
# Provide the password `user1` when prompted.
5. Restart Squid
systemctl restart squid
6. Tail the proxy logs to watch request traffic
tail -f /var/log/squid/access.log