Skip to content

Export elastic ip for tunnel when present. #5820

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fwang merged 3 commits into from
Jan 6, 2026
Merged

Export elastic ip for tunnel when present. #5820

fwang merged 3 commits into from
Jan 6, 2026
+5 −2

Conversation

@gkpln3
Copy link
Contributor

@gkpln3 gkpln3 commented May 21, 2025

Solves #5657

@gkpln3 gkpln3 mentioned this pull request May 21, 2025
Open
@jayair jayair requested a review from fwang May 22, 2025 20:47
@mikecfisher
Copy link

mikecfisher commented Jun 12, 2025

Whats the status on this?

@jescalan
Copy link

jescalan commented Jul 2, 2025

I run into problems with the tunnel every time I update the version of SST and it's very painful to resolve. I am really hoping this might fix it? 🙏

@lputnam2000
Copy link

lputnam2000 commented Jul 7, 2025

@jescalan Did this fix it for you?

@jackwatters45
Copy link
Contributor

jackwatters45 commented Jul 25, 2025

Can confirm this fixed the issue for me. @lputnam2000 @fwang

@brandonin brandonin mentioned this pull request Jul 25, 2025
Open
@brandonin
Copy link

brandonin commented Aug 11, 2025

Do we know when this will be merged?

@pauljasperdev
Copy link
Contributor

pauljasperdev commented Aug 13, 2025
edited
Loading

can confirm this

#5657 (comment)

I've been able to fix the issue, see #5820.

works for me also.

I rebased @gkpln3's branch with the current and followed build steps for CLI. I use the executable with current SDK 3.17.10

EDIT: does NOT fix it for me. Apprently, I just had a lucky deploy that time.

@joaquimserafim
Copy link

joaquimserafim commented Nov 30, 2025
edited
Loading

@fwang @lputnam2000 I'm a big fan of SST, by the way —it's made my life so much easier overall! will this PR resolve the issue? Every time I'm using SST with RDS, I need to revert to an old version to connect through the tunnel — it's cumbersome and not the best practice. do you have more info on this tunnel issue and when it might be fixed?

@jamesgibbons92
Copy link
Collaborator

jamesgibbons92 commented Nov 30, 2025
edited
Loading

@gkpln3 Small change needed to this PR before we can merge, the change you proposed breaks the tunnel when using managed nat. In this case, the IP has to be the bastion ec2 instance public ip address not the elastic ips - which are still created, as they are associated to the nat gateways.
Something like this should work I think:

              ip: natInstances.apply((instances) =>
                instances.length ? elasticIps[0]?.publicIp : bastion.publicIp,
              ),

If you're able to make this change I will push to get this merged

@JohnCashmore JohnCashmore mentioned this pull request Dec 10, 2025
Closed
@JohnCashmore
Copy link

JohnCashmore commented Dec 10, 2025
edited
Loading

@gkpln3 Small change needed to this PR before we can merge, the change you proposed breaks the tunnel when using managed nat. In this case, the IP has to be the bastion ec2 instance public ip address not the elastic ips - which are still created, as they are associated to the nat gateways. Something like this should work I think:

              ip: natInstances.apply((instances) =>
                instances.length ? elasticIps[0]?.publicIp : bastion.publicIp,
              ),

If you're able to make this change I will push to get this merged

@jamesgibbons92 I've opened a new pull request #6273 with this change and you're suggestion, they work well, sooner this goes in the better end up manually modifying the file every time i need to do a db migration etc.

Closed this now since the original author has made the change

@gkpln3
Copy link
Contributor Author

gkpln3 commented Dec 10, 2025

@jackwatters45 Done.

@jamesgibbons92
Copy link
Collaborator

jamesgibbons92 commented Dec 10, 2025

LGTM, tested the 3 combinations of ec2 nat, managed nat and no nat with the bastion and tunnel is working correctly:

2025-12-10-203845_hyprshot 2025-12-10-203705_hyprshot 2025-12-10-203229_hyprshot

@gkpln3
Copy link
Contributor Author

gkpln3 commented Dec 18, 2025

Lets merge this?

@fwang fwang merged commit d1261ce into anomalyco:dev Jan 6, 2026
danielsharvey
danielsharvey reviewed Jan 6, 2026
View reviewed changes
platform/src/components/aws/vpc.ts
Comment on lines +691 to +693
ip: natInstances.apply((instances) =>
instances.length ? elasticIps[0]?.publicIp : bastion.publicIp,
),
Copy link

@danielsharvey danielsharvey Jan 6, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Should this be self.instances and included inthe all()? I think the static get case is affected.
  2. I do not think this handles the case where NAT Eip's are specified (https://sst.dev/docs/component/aws/vpc/#nat-ip)
  3. I suggest we add a comment to clarify the managed NAT case (Export elastic ip for tunnel when present. #5820 (comment)) - this is not clear from the code. Actually, more than that - why are the Elastic IPs created in the managed NAT case? And further, this will break the static get case.

@danielsharvey danielsharvey mentioned this pull request Jan 7, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fwang fwang Awaiting requested review from fwang

3 more reviewers

@danielsharvey danielsharvey danielsharvey left review comments

@lputnam2000 lputnam2000 lputnam2000 approved these changes

@jamesgibbons92 jamesgibbons92 jamesgibbons92 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.