Upon starting, fck-nat evaluates a configuration file describing how the instance should behave as well as what features
shall be enabled. To configure fck-nat, ensure a file
/etc/fck-nat.conf exists with your configuration. fck-nat
requires the service to be restarted by running
systemctl restart fck-nat.service. In most implementations this configuration is
passed only once via EC2's user data.
The following describes available options:
|The ID of the Elastic Network Interface to attach to the instance and use as a consistent endpoint to send traffic to fck nat. This is required when using high-availability mode.
|The ID of an Elastic IP to be attached to the public network interface. This ensures the NAT gateway public traffic is always routed through the same public IP address.
|If set, enables Cloudwatch agent and forward instance metrics to Cloudwatch. Requires
cwagent_cfg_param_name to be set.
|The name of the SSM Parameter holding the Cloudwatch agent configuration and which the agent shall pull from. Requires
cwagent_enabled to be set.
Certain features of fck-nat require the role attached to the instance to have permissions for certain AWS API operations. The table below details the current permission requirements for various features:
|Static IP (
|Cloudwatch Agent (
|SSM Agent (installed by default, IAM role required to use)