aws-cdk-sample-eks

An EKS cluster that routes all internet traffic through a Squid proxy.

🚀 Quick Start

1. Setup a key pair

Create a key pair with the name eks-with-proxy-sample in your AWS account.

If you already have a key pair configured, change the KEY_PAIR_NAME variable within src/constants.ts to match your key pair name.

2. Install dependencies with Yarn v1

yarn install

3. Create the bootstrap stack in your AWS account This only needs to be ran once per account/region.

yarn bootstrap

4. Build Cloudformation files

yarn build

5. Deploy Vpc and ProxyInstance Stacks

yarn deploy Vpc ProxyInstance

6. Setup a proxy server on the EC2 instance

Setup the proxy server you'd like to use to proxy the EKS cluster's onEvent lambda requests.

See "Setup Squid Proxy on the EC2 instance" for an example setup.

7. Deploy EKS Cluster Stack

yarn deploy EksCluster

📡 Setup Squid Proxy on the EC2 instance

Squid should already be installed on the EC2 instance.

1. SSH into the EC2 instance

ssh -i ~/.ssh/eks-with-proxy-sample.pem ubuntu@<public-ip>

2. Access elevated privilages

sudo su

3. Edit Squid configuration

nano /etc/squid/squid.conf

• Replace http_access deny all with http_access allow all

• Add the following to the top of the file:

  # Authentication configuration
  auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
  auth_param basic children 5
  auth_param basic realm Squid Basic Authentication
  auth_param basic credentialsttl 2 hours
  acl auth_users proxy_auth REQUIRED
  http_access allow auth_users

4. Create password for proxy user

touch /etc/squid/passwd
htpasswd /etc/squid/passwd user1
# Provide the password `user1` when prompted.

5. Restart Squid

systemctl restart squid

6. Tail the proxy logs to watch request traffic

tail -f /var/log/squid/access.log