How do I add a NAT instance that was created by the VPC setup wizard to an OpsWorks layer?

Question

I'm using a VPC with public/private subnets and a NAT instance created by the VPC setup wizard. I'd like to make a few tweaks to the NAT instances via OpsWorks (mostly logging and changes to iptables rules), but when I created a custom layer and attempted to add the existing NAT instance to it, it wasn't on the list of available instances. Is what I'm trying to do even possible? If not, what is the best way to manage a NAT instance inside OpsWorks?

Answer 1

When adding an instance to a layer in OpsWork, the Existing tab will show existing instances that are already defined in another layer in your stack. This might be useful if you had a web server layer and an app server layer and wanted the same EC2 instance to act as both the web server and the app server. The Existing tab will not show any EC2 instances that were created outside of OpsWorks or in another Stack.

Here is what we did to set up NAT instances using OpsWorks.

1. Launch an EC2 NAT instance by using the community NAT AMI provided by Amazon. For example (amzn-ami-hvm-2014.09.0.x86_64-ebs)
2. Create a custom AMI from this EC2 instance. Note that OpsWorks allows custom AMIs to be selected when creating an instance, but does NOT allow selection of community AMIs.
3. Define a layer in your stack.
4. Add an instance to your stack and in doing so, select the custom NAT AMI that you created in step two.
5. Launch your instance from OpsWorks.
6. From the EC2 console, locate your newly launched instance and change its Source/Dest checking attribute from enabled to disabled.
7. In the VPC console, locate the route table for your private subnet and modify its 0.0.0.0/0 entry to point at your new EC2 instance.
8. Add any custom recipes that you want OpsWorks to use against your NAT instance.