# Configure the instance to run as a Port Address Translator (NAT) to provide 
# Internet connectivity to private instances. 

echo "Determining the MAC address on eth0..."
ETH0_MAC=$(cat /sys/class/net/eth0/address) ||
    die "Unable to determine MAC address on eth0."
echo "Found MAC ${ETH0_MAC} for eth0."

VPC_CIDR_URI="http://169.254.169.254/latest/meta-data/network/interfaces/macs/${ETH0_MAC}/vpc-ipv4-cidr-block"
echo "Metadata location for vpc ipv4 range: ${VPC_CIDR_URI}"

VPC_CIDR_RANGE=$(curl --retry 3 --silent --fail ${VPC_CIDR_URI})
echo "Retrieved VPC CIDR range ${VPC_CIDR_RANGE} from meta-data."

echo "Enabling NAT in sysctl..."

cat >/etc/sysctl.d/90-nat.conf <<EOF
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.send_redirects = 0
EOF

service procps start
sleep 1
sysctl -p

echo "Adding NAT iptables rules..."

cat >/etc/rc.local <<EOF
#!/bin/sh -e

iptables -t nat -C POSTROUTING -o eth0 -s ${VPC_CIDR_RANGE} -j MASQUERADE 2>/dev/null ||
iptables -t nat -A POSTROUTING -o eth0 -s ${VPC_CIDR_RANGE} -j MASQUERADE

iptables -n -t nat -L POSTROUTING

exit 0
EOF

/etc/rc.local

echo "Configuration of NAT complete."