Skip to content

An EKS cluster that uses a Squid proxy for the onEvent lambda's requests.

Notifications You must be signed in to change notification settings

ryparker/aws-cdk-sample-eks

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

aws-cdk-sample-eks

An EKS cluster that routes all internet traffic through a Squid proxy.

🚀 Quick Start

1. Setup a key pair

Create a key pair with the name eks-with-proxy-sample in your AWS account.

If you already have a key pair configured, change the KEY_PAIR_NAME variable within src/constants.ts to match your key pair name.

2. Install dependencies with Yarn v1

yarn install

3. Create the bootstrap stack in your AWS account This only needs to be ran once per account/region.

yarn bootstrap

4. Build Cloudformation files

yarn build

5. Deploy Vpc and ProxyInstance Stacks

yarn deploy Vpc ProxyInstance

6. Setup a proxy server on the EC2 instance

Setup the proxy server you'd like to use to proxy the EKS cluster's onEvent lambda requests.

See "Setup Squid Proxy on the EC2 instance" for an example setup.

7. Deploy EKS Cluster Stack

yarn deploy EksCluster

📡 Setup Squid Proxy on the EC2 instance

Squid should already be installed on the EC2 instance.

1. SSH into the EC2 instance

ssh -i ~/.ssh/eks-with-proxy-sample.pem ubuntu@<public-ip>

2. Access elevated privilages

sudo su

3. Edit Squid configuration

nano /etc/squid/squid.conf
  • Replace http_access deny all with http_access allow all

  • Add the following to the top of the file:

    # Authentication configuration
    auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
    auth_param basic children 5
    auth_param basic realm Squid Basic Authentication
    auth_param basic credentialsttl 2 hours
    acl auth_users proxy_auth REQUIRED
    http_access allow auth_users

4. Create password for proxy user

touch /etc/squid/passwd
htpasswd /etc/squid/passwd user1
# Provide the password `user1` when prompted.

5. Restart Squid

systemctl restart squid

6. Tail the proxy logs to watch request traffic

tail -f /var/log/squid/access.log

About

An EKS cluster that uses a Squid proxy for the onEvent lambda's requests.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published