Interaction with AWS infrastructure

This service provides operational data related to an instance running inside the AWS infrastructure.

It can also be configured to monitor an HA group and update the AWS configuration when switching to an active state.

Note

This service does nothing if not running as an AWS instance.

AWS instance information

When running as an AWS instance, you can list the properties of the running instance with the following command:

vsr> show state system aws
aws
    account-id 123456789
    architecture x86_64
    availability-zone eu-west-3c
    image-id ami-123456789abcde
    instance-id i-123456789abcde
    instance-type c5n.xlarge
    private-ip 10.0.0.100
    region eu-west-3
    ..
vsr>

AWS network port information

When running as an AWS instance, the interface identifier is added to the network port operational data. To list the network ports with their AWS identifiers, use:

vsr> show state network-port
network-port pci-b0s8
    bus-addr 0000:00:08.0
    vendor "Amazon.com, Inc."
    model "Elastic Network Adapter (ENA)"
    mac-address 0e:f1:e8:80:f4:14
    interface ens8
    aws-interface-id eni-123456789abcdef
    ..
network-port pci-b0s7
    bus-addr 0000:00:07.0
    vendor "Amazon.com, Inc."
    model "Elastic Network Adapter (ENA)"
    mac-address 0e:10:be:4f:64:ca
    interface ens7
    aws-interface-id eni-fedcba987654321
    ..
vsr>

AWS HA notifications

In an HA configuration (for instance using VRRP), the state of an HA group can be master or backup.

See also

The |vrrp| documentation.

When an HA group switches to master in an AWS environment, the AWS configuration usually has to be updated by:

  • assigning a private IP address to a network interface, for instance the VRRP virtual IP,

  • changing a route inside an AWS routing table, for instance to direct incoming traffic to the active instance.

This is an example of configuration:

vsr> edit running
vsr running config#! system
vsr running system#! aws
vsr running aws#! ha-notification
vsr running ha-notification#! group mygroup
vsr running group mygroup#! assign-private-ip ip 10.100.0.15 interface ens6 vrf main
vsr running group mygroup#! change-route subnet 10.200.0.0/24 destination 0.0.0.0/0 interface ens7 vrf main
vsr running group mygroup# commit

When the ha group mygroup switches to master, this configuration uses the AWS API to:

  • add a private IP 10.100.0.15 on the AWS interface associated to ens6 in vrf main,

  • get the AWS routing table associated to the AWS subnet 10.200.0.0/24, and replace the to 0.0.0.0/0 (i.e. the default route) so that it will target the AWS interface associated to ens6 in vrf main.

To get the current state of ha notifications, use the following command:

vsr> show state system aws ha-notification
ha-notification
    group mygroup
        assign-private-ip ip 10.100.0.15 interface ens6 vrf main
        change-route subnet 10.200.0.0/24 destination 0.0.0.0/0 interface ens7 vrf main
        ..
    ..
vsr>

If the AWS infrastructure state matches a configuration node, this node also appears in the state.

See also

The command reference for details.