===== VyOS Configure on First Boot =====
{{tag>AWS VyOS}}

==== Description ====
Steps
  - Create VPC, Security Groups, and Public Route Table
  - Create S3 bucket and vyos-config.txt file
  - Store handler and config in S3 bucket
  - Launch HTTP Server (SSM Session Manager can be used to verify handler and config loaded)
  - Launch VyOS instance (SSH can be used to verify that config loaded)
\\
Reference https://github.com/zdc/vyos-cloud-init-userdata

==== Diagram ====
The HTTP Server Security Group accepts TCP 80 from the VyOS Security Group.  The VyOS Security Group accepts all traffic from the Servers Security Group.  Source / Destination check must be disabled on the VyOS interface.  Optionally the VyOS Security Group can accept TCP 22 from HTTP Server Security Group or your public IP for testing and further configuration.
{{ :images:svg:vyos_config_on_first_boot.svg | VyOS Configure on First Boot }}

==== HTTP Server User Data ====
The HTTP Server could store its private IP in a Systems Manager Parameter.  This would require an EC2 instance role that allows access to Systems Manager.  By doing this you can also use Systems Manager Session Manager to accessing the instance CLI.
<code>
#!/bin/bash
yum -y install httpd wget
systemctl start httpd
cd /var/www/html
wget https://s3.us-east-2.amazonaws.com/s3bucket-holding-config/vyos_handler.py
wget https://s3.us-east-2.amazonaws.com/s3bucket-holding-config/vyos-config.txt
ifconfig ## locate private IP 10.32.64.20
</code>

==== VyOS User Data ====
The VyOS instance could be launched via CLI / API and have the IP address in the user data replaced with the value of a Systems Manager Parameter.
<code>
#include-once
http://10.32.64.20/vyos_handler.py
http://10.32.64.20/vyos-config.txt
</code>

==== VyOS Configuration File ====
The vyos-config.txt file needs to only contain the set commands for performing your initial configuration.
<code>
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 translation address 'masquerade'
</code>

==== Multi-AZ Diagram ====
HTTP server used for storing configuration files used during first boot is not show.
{{ :images:svg:vyos_config_on_first_boot_expanded.svg | VyOS Configure on First Boot Expanded }}