DevOps Engineering part 3. – Working with AWS

Posted byLaszlo Pinter Leave a comment on DevOps Engineering part 3. – Working with AWS

Personalize your workstation

Set up your account in the AWS console

If you are not an AWS account administrator, ask your AWS account administrator to do the following for you

  • Create an account in AWS
  • Add the account to the appropriate user group
  • Generate a password with a request to change it at the first login
  • Generate an AWS Access Key ID and Secret Key
    • Using your browser log into the AWS console
    • In the upper right corner click your user id
    • In the drop down list select Security Credentials
    • On the left select Users
    • In the user list select you account
    • Select the Security Credentials tab
    • Click the Create Access Key button

AWS Command Line Interface

Install AWS CLI

On Macintosh

  • Open a terminal and execute 
    brew install awscli
  • For more instructions visit http://docs.aws.amazon.com/cli/latest/userguide/installing.htm

On Windows

  1. Open a Command Prompt as administrator
  2. Execute 
    choco install awscli
  3. Close the command prompt and open a new Git Bash to load the updated PATH environment variable.

or

  1. Download the MSI installer from http://docs.aws.amazon.com/cli/latest/userguide/installing.html#install-msi-on-windows
  2. Execute the downloaded file.
  3. Make sure the AWS CLI is in the PATH
    1. Open the  ~/.bashrec file in a text editor
    2. Add the line if missing 
      PATH=$PATH:/c/Program Files/AWSCLI/bin

Configuration

If you do not configure the AWS CLI you will get the following error message: ‘NoneType’ object has no attribute ‘get_frozen_credentials’

  1. Open a new Bash window, so it can find the newly installed AWS CLI
  2. Execute the following command to save your AWS credentials and default region in the ~.aws ( C:\Users\YOUR_USER_NAME\.aws in Windows ) folder. 
    aws configure
  3. Answer the questions 
    AWS Access Key ID [None]: YOUR AWS KEY
AWS Secret Access Key [None]: YOUR AWS SECRET KEY
Default region name [None]: us-east-1
Default output format [None]: HIT ENTER FOR NONE

Close and reopen all open Bash and Command windows to reload the changed Path environment variable.

The configure command created the .aws folder with two files.

On Macintosh

Your AWS configuration folder is located at ~/.aws

Set the permissions on the folder

  • Open a terminal window and execute 
    chmod -R 700 ~/.aws
  • The result should be




On Windows


Your AWS configuration folder is located at C:\Users\YOUR_USER_NAME\.aws




Your  credentials file will look like this


[default]
 aws_access_key_id = MY_ACCESS_KEY
 aws_secret_access_key = MY_SECRET_KEY


Test Kitchen will use the keys from the [default] section to connect to AWS when we launch instances.


When you work with multiple AWS accounts you can add all of your keys to the credentials file. To use a specific key, add the profile option to your command line instructions. If you don’t specify the profile in your AWS commands, the AWS Command Line Interface will use the key from the default section.


[aws01]
 aws_access_key_id = MY_ACCESS_KEY_FOR_AWS01
 aws_secret_access_key = MY_SECRET_KEY_FOR_AWS01

[aws02]
 aws_access_key_id = MY_ACCESS_KEY_FOR_AWS02
 aws_secret_access_key = MY_SECRET_KEY_FOR_AWS02

[default]
 aws_access_key_id = MY_ACCESS_KEY_FOR_AWS01
 aws_secret_access_key = MY_SECRET_KEY_FOR_AWS01




The config file will look like this. If you don’t specify the region in the AWS command, the AWS Command Line utility will use the region from this file.


[default]
region = us-east-1




Collect the following information to be able to launch an instance in AWS


    

  • Your IAM user name
    • 

  • AWS Access Key and Secret Key
    • 

  • Region (us-east-1)
    • 

  • Availability zone (b)
    • 

  • VPC subnet ID
    • 

  • Security group ID
    • 

  • AWS key pair file
    • 

  • AMI ID
    • 





Create a folder to store your private keys


Keep your private keys in a folder in your home directory. You will need them to launch servers, and log into Linux servers with SSH, or retrieve the administrator password for Windows servers.


On Macintosh


Create the folder ~/aws_keys


Set the permissions on the folder key folder too


    

  • Open a terminal window and execute

    chmod -R 700 ~/aws_keys
    

    • 

  • The result should be
    

    • 



If you copy key files to the folder you may get the following error message:


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0755 for ‘/Users/YOUR_USERNAME/.aws/KEY_FILE_NAME.pem’ are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key “/Users/YOUR_USERNAME/.aws/KEY_FILE_NAME.pem”: bad permissions USERNAME@SERVER_IP’s password: Permission denied, please try again.


To satisfy the security requirements set the permission on the key files to 700


chmod -R 700 ~/.aws/KEY_FILE_NAME.pem


On Windows


Create the folder C:\Users\YOUR_USER_NAME\aws_keys




Generate an AWS key pair


    

  • Log into the AWS console
    • 

  • Select EC2
    • 

  • Under Network & Security select Key Pairs
    • 

  • In the upper right corner select the region
    • 

  • Click the Create Key Pair button
    
Create your key pair with the following naming scheme:
    
userid_accountname_region
    
For example: USERID_aws01_us_east_1
    • 

  • Your browser automatically downloads the .pem private key file. Move it to and save it in the ~aws_keys (C:\Users\YOUR_USER_NAME\aws_keys on Windows) directory you created above during the AWS CLI configuration.
    • 



For more info visit Amazon EC2 Key Pairs


Set up your .kitchen.yml file


When you have created your cookbook, Chef already added a .kitchen.yml file that tells Test Kitchen how to launch a server instance on your workstation.


The default .kitchen.yml file only contains driver and provisioner information for Vargrant. To launch a server instance in AWS we need to add AWS specific instructions to the file. First modify the .kitchen.yml file to be ready for other drivers:


---
provisioner:
  name: chef_zero

verifier:
  name: inspec

platforms:
  - name: ubuntu-16.04
    driver:
      name: vagrant

  - name: centos-7.2
    driver:
      name: vagrant

suites:
  - name: default
    run_list:
      - recipe[test::default]
    verifier:
      inspec_tests:
        - test/recipes
    attributes:



Make sure the empty lines are really empty. The .kitchen.yml file should not have white space in a seemingly empty line.




Next:


Connect to the Chef server in Beginner’s Guide to DevOps Engineering part 4.


Back:


to the Tutorials page

	


	

				



	


	

		

		Leave a comment		

			

		

		
 
Your email address will not be published. Required fields are marked *