SuccessChanges

Summary

  1. Set the correct route table for the private subnet (commit: 75d19de346a04cb51142e048e9eea05b1d15b44c) (details)
  2. Rename some resource labels to make them clearer to understand (commit: 7a32bb69f232f312cf97c4089d8edbd14be642eb) (details)
  3. Fixed the icmp permission to support all outgoing traffic (commit: 8b6c3ceda23c2228534b6fe7746e72904f44d40a) (details)
  4. Add ipv6 routes to both security group and routing tables (commit: a755c09bf34c22884c419e438c6e1bf505e5a6a7) (details)
Commit 75d19de346a04cb51142e048e9eea05b1d15b44c by shankari
Set the correct route table for the private subnet
This was missing by default, and without an associated route table, the
subnet created its own route table, which didn't have the external route
through the nat gateway. So we were unable to download software (e.g.
mongodb) to install to run on the database.
(commit: 75d19de346a04cb51142e048e9eea05b1d15b44c)
The file was modifiedsetup/aws-cloud-formation.json (diff)
Commit 7a32bb69f232f312cf97c4089d8edbd14be642eb by shankari
Rename some resource labels to make them clearer to understand
(commit: 7a32bb69f232f312cf97c4089d8edbd14be642eb)
The file was modifiedsetup/aws-cloud-formation.json (diff)
Commit 8b6c3ceda23c2228534b6fe7746e72904f44d40a by shankari
Fixed the icmp permission to support all outgoing traffic
Allows us to ping everywhere. Now, both ping and download via http/https
work out of the box
``` ubuntu@ip-192-168-0-80:~$ ssh -i ~/.ssh/amplab-us-east.pem
ec2-user@192.168.1.100 The authenticity of host '192.168.1.100
(192.168.1.100)' can't be established. ECDSA key fingerprint is
SHA256:g+7VGAmqYMfn3TSCZVR44YRtLtUJ1FnSgxwRkk5A978. Are you sure you
want to continue connecting (yes/no)? yes Warning: Permanently added
'192.168.1.100' (ECDSA) to the list of known hosts.
       __|  __|_  )
      _|  (     /   Amazon Linux AMI
     ___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2017.09-release-notes/
[ec2-user@ip-192-168-1-100 ~]$ ping www.google.com PING www.google.com
(216.58.217.68) 56(84) bytes of data. 64 bytes from
iad23s41-in-f4.1e100.net (216.58.217.68): icmp_seq=1 ttl=47 time=2.07 ms
64 bytes from iad23s41-in-f68.1e100.net (216.58.217.68): icmp_seq=2
ttl=47 time=1.59 ms
^C
--- www.google.com ping statistics --- 2 packets transmitted, 2
received, 0% packet loss, time 1001ms rtt min/avg/max/mdev =
1.595/1.833/2.072/0.242 ms
[ec2-user@ip-192-168-1-100 ~]$ wget https://www.nytimes.com
--2017-12-27 08:17:36--  https://www.nytimes.com/ Resolving
www.nytimes.com (www.nytimes.com)... 151.101.33.164 Connecting to
www.nytimes.com (www.nytimes.com)|151.101.33.164|:443... connected. HTTP
request sent, awaiting response... 200 OK Length: 213691 (209K)
[text/html] Saving to: ‘index.html’
index.html            100%[=========================>] 208.68K  --.-KB/s
   in 0.01s
2017-12-27 08:17:36 (21.0 MB/s) - ‘index.html’ saved [213691/213691]
```
(commit: 8b6c3ceda23c2228534b6fe7746e72904f44d40a)
The file was modifiedsetup/aws-cloud-formation.json (diff)
Commit a755c09bf34c22884c419e438c6e1bf505e5a6a7 by shankari
Add ipv6 routes to both security group and routing tables
Although people won't see the ipv6 until they start to use it.  Note
that there are a bunch of manual steps to turn on IPv6 for this setup.
This change merely automates the tedious work of setting up the routing
tables and security groups.
https://github.com/e-mission/e-mission-server/issues/530#issuecomment-354061649
At this point, I declare that I am done with tweaking the configuration
and will use the configuration deployed from this template (including
75d19de346a04cb51142e048e9eea05b1d15b44c,
7a32bb69f232f312cf97c4089d8edbd14be642eb...) as the setup for the
default/reference e-mission server.
(commit: a755c09bf34c22884c419e438c6e1bf505e5a6a7)
The file was modifiedsetup/aws-cloud-formation.json (diff)