Troubleshooting
Clients' network traffic sometimes allowed, sometimes not.​
Resolution​
Please upgrade the instance size from t3.small
to c5.large
. This is done via the instance_size
Terraform variable.
The t3.small
instance size only suffices for light loads and a few clients. The c5.large
offers the best CPU to egress bandwidth and price ratios for the kind of work involved.
Use of other instance size classes, such as m
and r
, is not recommended because the DiscrimiNAT is not a memory-intensive application, therefore making machines with more memory than needed not a cost-optimal choice.
see-thru mode not working​
If the discriminat-config
logs do not show a log line picking up a see-thru rule, you may have a problem with the annotation's syntax.
Resolution​
The see-thru mode requires a Security Group Outbound Rule to:
- allow all ports
- allow all protocols
- allow the 0.0.0.0/0 IP range
- have a valid, calendar date specified in the description field. For example,
discriminat:see-thru:2022-02-29
is NOT a valid date butdiscriminat:see-thru:2022-02-28
is.