Giters

trailofbits / algo

Set up a personal VPN in the cloud

Home Page:https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-that-works/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

EC2 instance type with arm64 architecture fails

glennschler opened this issue · comments

commented

Is your feature request related to a problem? Please describe.

When choosing an ec2 instance type which relies on the arm64 architecture, algo fails. The reason for the failure is the call to search ec2 is hard-coded to filter only amd64 images. This results in a cloudformation yaml configured with an ImageIdParameter set to an amd64 AMI even when the chosen InstanceTypeParameter requires the arm64 architecture.

algo/roles/cloud-ec2/tasks/main.yml

Line 15 in 1c6702d

name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*"

To Reproduce

Steps to reproduce the behavior:

  1. Change the config.cfg cloud_provider.ec2.size parameter to t4g.micro or any other ec2 arm instance type.

    algo/config.cfg

    Line 176 in 1c6702d

    size: t2.micro
  2. Run the Algo ansible script and choose EC2 as the cloud provider

Full log

This is the error output when the instance fails to be created during cloud formation:

The architecture 'arm64' of the specified instance type does not match the architecture 'x86_64' 
of the specified AMI. Specify an instance type and an AMI that have matching architectures, and try again. 
You can use 'describe-instance-types' or 'describe-images' to discover the architecture of the instance type
or AMI. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: nnn; Proxy: null)

Describe the solution you'd like
Ubuntu 20.04 does provide arm64 ami. If an arm64 ec2 instance type is chosen, Algo should complete successfully with the requested instance type created and deployed as a wireguard server.

Additional context

I have tested a change with a new config.cfg parameter to allow using the default amd64 or optional arm64. I have tested Wireguard with 1-3 clients attached for a few days. I have not yet tested with an ipsec client.

I do not have a direct use case. Perhaps to evaluate wireguard server behavior on the arm64 architecture. Secondly, to minimize cost since choosing a ec2 t4g.micro image to deploy a Algo VPN server is currently free for all customers up to 750 hours each month. It is my understanding, though unconfirmed, that this also incudes data transfer like the other free tiers: "With the AWS Free Usage Tier, you get up to 15GBs of Data Transfer Out (to internet, other AWS regions, or CloudFront) free each month across regions". AWS EC2 has provided a free trial arm64 instance since September of 2020. Though originally the trial was only for a few months, it has been extended a few times. Currently the trial expires at the end of December 2021. The FAQ explains the terms

Filter to find all amd64