Image for post
Image for post

Bootstrapping AWS EC2 Instances with Knife

Part II: Amazon Web Services

This process is not really different that the bootstrapping any set of systems as long as we have two ingredients:

  1. command line tool to get a list of systems (with IP addresses)
  2. ssh deploy key installed into the infrastructure

Whether we use Chef’s Knife, Puppet’s Bolt, Ansible, Salt Stack, or whatever the SSH key pair essential piece to make this happen.

In the last article, I showed how we could do this for Google Cloud’s GCE instances, now this article shows how to do the same thing for AWS Elastic Compute Cloud.

AWS Elastic Compute Cloud (EC2)

For this process to work, you need to install AWS CLI, create or have an AWS account, create an IAM role that can create EC2 systems, and configure AWS CLI with credentials from that IAM Role.

Once you have this, you can run through these steps:

  1. Generate SSH key pair (our deploy key)
  2. Install public key into our AWS organization
  3. Create some EC2 systems
  4. Bootstrap those systems using our secret key.

Generate a Key Pair

Create a key pair, and store the private key somewhere safe.

KEYPATH="${HOME}/.ssh"
openssl genrsa -out "${KEYPATH}/ec2.pem" 4096
openssl rsa -in "${KEYPATH}/ec2.pem" -pubout > "${KEYPATH}/ec2.pub"
chmod 400 "${KEYPATH}/ec2.pem"

Install Public Key into AWS

KEYPATH="${HOME}/.ssh"
KEYNAME="acme-deploy-key"
aws ec2 import-key-pair \
--key-name ${KEYNAME} \
--public-key-material \
"$(grep -v PUBLIC ${KEYPATH}/ec2.pub | tr -d '\n')"

Create Some Systems

Create an EC2 system through the Launch Instance. The defaults are fine with these some adjustments:

  • Create a tag where Name=<system_name>, such as es-01, es-02, …
  • And an rule that allows us SSH (port 22). This demo we opened it to the Internet (not the best practices).
  • Open traffic up for other systems on the same subnet.
  • Select the Public key, e.g. acme-deploy-key.

This allows the systems to communicate to each other, and allows a configuration IP address to be available for knife bootstrap process (or other change configuration or deployment solution).

Image for post
Image for post

Bootstrap Some Systems Using the Private Key

This is a small snippet of bootstrap process, where we gather a list of systems from AWS, and then bootstrap all the ones with the “es” tag.

Written by

Linux NinjaPants Automation Engineering Mutant — exploring DevOps, Kubernetes, CNI, IAC

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store