diff --git a/runtime/opt/taupage/init.d/00-create-custom-routing.py b/runtime/opt/taupage/init.d/00-create-custom-routing.py index ef45eea..2c37b27 100755 --- a/runtime/opt/taupage/init.d/00-create-custom-routing.py +++ b/runtime/opt/taupage/init.d/00-create-custom-routing.py @@ -31,15 +31,21 @@ def main(): if not nat_gateways or not isinstance(nat_gateways, dict): # nat gateways must be non empty dictionary sys.exit(0) - METADATA_URL = 'http://169.254.169.254/latest/meta-data/network/interfaces/macs/' + METADATA_URL = 'http://169.254.169.254/latest/meta-data/' try: - r = requests.get(METADATA_URL) - mac = r.text.split()[0] - r = requests.get(METADATA_URL + mac + 'subnet-id') + r = requests.get(METADATA_URL + 'placement/availability-zone') + region = r.text.strip()[:-1] + logging.info('Region=%s', region) + + r = requests.get(METADATA_URL + 'mac') + mac = r.text.strip() + + r = requests.get(METADATA_URL + 'network/interfaces/macs/' + mac + '/subnet-id') subnet = r.text if subnet not in nat_gateways: logging.warning('Can not find subnet %s in the nat_gateways mapping', subnet) sys.exit(0) + logging.info('Will use %s nat gateway for outgoing https traffic', nat_gateways[subnet]) except Exception: logging.exception('Failed to read metadata') @@ -62,6 +68,18 @@ def main(): subprocess_call(['ip', 'route', 'add', 'default', 'via', nat_gateways[subnet], 'table', 'https']) + # S3 is exceptional, it has it's own endpoint in VPC + try: + r = requests.get('https://ip-ranges.amazonaws.com/ip-ranges.json') + ranges = [e['ip_prefix'] for e in r.json()['prefixes'] + if e['service'] == 'S3' and e['region'] == region and 'ip_prefix' in e] + except Exception: + logging.exception('Failed to load ip-ranges.json') + + # Don't mark outgoing traffic to S3 + for r in ranges: + subprocess_call(['iptables', '-t', 'mangle', '-I', 'OUTPUT', '-d', r, '-j', 'ACCEPT']) + if __name__ == '__main__': main()