Skip to main content


Clients' network traffic sometimes allowed, sometimes not.


Please upgrade the instance size from t3.small to c5.large. This is done via the instance_size Terraform variable.

The t3.small instance size only suffices for light loads and a few clients. The c5.large offers the best CPU to egress bandwidth and price ratios for the kind of work involved.

Use of other instance size classes, such as m and r, is not recommended because the DiscrimiNAT is not a memory-intensive application, therefore making machines with more memory than needed not a cost-optimal choice.

see-thru mode not working

If the discriminat-config logs do not show a log line picking up a see-thru rule, you may have a problem with the annotation's syntax.


The see-thru mode requires a Security Group Outbound Rule to:

  • allow all ports
  • allow all protocols
  • allow the IP range
  • have a valid, calendar date specified in the description field. For example, discriminat:see-thru:2022-02-29 is NOT a valid date but discriminat:see-thru:2022-02-28 is.