aws-ec2: NatProvider.instanceV2 primary network interface

[tiborkoch]

Describe the bug

Provided user data by NatInstanceProviderV2 uses incorrect primary network interface eth0 instead of ens5 (or similar).

    userData.addCommands(
      'yum install iptables-services -y',
      'systemctl enable iptables',
      'systemctl start iptables',
      'echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/custom-ip-forwarding.conf',
      'sudo sysctl -p /etc/sysctl.d/custom-ip-forwarding.conf',
      'sudo /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE',
      'sudo /sbin/iptables -F FORWARD',
      'sudo service iptables save',
    );

Expected Behavior

Nat instance forwards traffic

Current Behavior

Traffic not forwarded

Reproduction Steps

Simply use the example snippet from cdk docs:

const provider = ec2.NatProvider.instanceV2({
  instanceType,
  defaultAllowedTraffic: ec2.NatTrafficDirection.OUTBOUND_ONLY,
});
new ec2.Vpc(this, 'TheVPC', {
  natGatewayProvider: provider,
});

Possible Solution

Instead of hardcoding the network interface, use the actual from the os.

Additional Information/Context

No response

CDK CLI Version

2.133.0

Framework Version

No response

Node.js Version

OS

Language

TypeScript

Language Version

No response

Other information

No response

[nmussy]

Using route to get the default interface should be a safe and long term support solution:

$ grep PRETTY_NAME /etc/os-release
PRETTY_NAME="Amazon Linux 2023.4.20240401"
$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         ip-10-0-0-1.ec2 0.0.0.0         UG    512    0        0 ens5
ip-10-0-0-0.ec2 0.0.0.0         255.255.192.0   U     512    0        0 ens5
ip-10-0-0-1.ec2 0.0.0.0         255.255.255.255 UH    512    0        0 ens5
ip-10-0-0-2.ec2 0.0.0.0         255.255.255.255 UH    512    0        0 ens5
$ route | awk '/^default/{print $NF}'
ens5

[nmussy]

I'm going to take this on, I'll also add a userData prop to alleviate future similar issues

Should have a PR ready by the end of the day 👍

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.