Troubleshooting

Clients' network traffic sometimes allowed, sometimes not.

Resolution

Please upgrade the instance size from t3.small to c5.large. This is done via the instance_size Terraform variable.

The t3.small instance size only suffices for light loads and a few clients. The c5.large offers the best CPU to egress bandwidth and price ratios for the kind of work involved.

Use of other instance size classes, such as m and r, is not recommended because the DiscrimiNAT is not a memory-intensive application, therefore making machines with more memory than needed not a cost-optimal choice.

see-thru mode not working

If the discriminat-config logs do not show a log line picking up a see-thru rule, you may have a problem with the annotation's syntax.

Resolution

The see-thru mode requires a Security Group Outbound Rule to:

allow all ports
allow all protocols
allow the 0.0.0.0/0 IP range
have a valid, calendar date specified in the description field. For example, discriminat:see-thru:2022-02-29 is NOT a valid date but discriminat:see-thru:2022-02-28 is.

Clients' network traffic sometimes allowed, sometimes not.​

Resolution​

see-thru mode not working​

Resolution​

Clients' network traffic sometimes allowed, sometimes not.

Resolution

see-thru mode not working

Resolution