How does one automatically disable source\destination checks on network interfaces

Question

I want to configure an auto scaling group to spin up new EC2 instances, the source\destination check on the network card is however enabled by default, even though the AMI was taken of an instance where the check was disabled, I understand that the new instance is assigned a new network interface on creation, how do i make sure the source\destination check is disabled automatically?

Answer

There isn't a way to do this by default as of now, but I've added this post to an internal feature request to toggle source/dest check in a Launch Template.

In the meantime, you'll need to run a userdata script similar to the below example to toggle it (as always, scripts are provided as a sample, please thoroughly test in a dev environment before using in production)

```
#!/bin/bash

TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 3600"`
id=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/instance-id)

echo $(`aws ec2 modify-instance-attribute --instance-id $id --no-source-dest-check`)
```

How does one automatically disable source\destination checks on network interfaces

相关内容