| layout | title | sidebar | ||
|---|---|---|---|---|
single |
Amazon EC2 |
|
{% include toc %}
⚠️ These instructions are out-of-date and a new version is being worked on. In the meantime, please use the following AWS tutorial: Continuous Delivery using Spinnaker on Amazon EKS.
Use the AWS EC2 Provider if you want to manage EC2 Instances via Spinnaker. Refer to the AWS Cloud Provider Overview to understand how AWS IAM must be set up for the AWS EC2 provider to work.
In AWS{:target="_blank"}, an Account maps to a credential able to authenticate against a given AWS account{:target="_blank"}.
Use this option to deploy Spinnaker, if you are familar with deployment using AWS Console .
-
Navigate to Console{:target="_blank"} > CloudFormation and select your preferred region.
-
Download the template locally to your workstation.
2.a Search for ‘SpinnakerInstanceProfileArn’ and comment out the line.
2.b (Optional). Add additional managed account as shown in the
SpinnakerAssumeRolePolicysection of the downloaded template file. -
Create the CloudFormation Stack:
- Create Stack > Upload a template to Amazon S3 > Browse to template you downloaded in Step-2 above > Next
- Enter Stack Name as spinnaker-managing-infrastructure-setup and follow the prompts on screen to create the stack.
- From the dropdown select ‘UseAccessKeyForAuthentication’ as True to get the Access and Secret Key.
-
Once the stack is select the stack you created in Step-3 > Outputs and note the values. You will need these values for subsequent configurations.
These steps need to be carried out for the managing account as well.
- Navigate to Console{:target="_blank"} > CloudFormation and select your preferred region.
- Download the template locally to your workstation.
- Creating the CloudFormation Stack
- Create Stack > Upload a template to Amazon S3 > Browse to template you downloaded in Step-2 above > Next
- Enter Stack Name as spinnaker-managed-infrastructure-setup and follow the prompts on screen to create the stack
- Enter AuthArn and ManagingAccountId as the value noted above and follow the prompts on screen to create the stack
This option assumes that you have AWS CLI installed , configured and have access to managing and each of the managed account.
If you want to use AccessKeys and Secrets to run Spinnaker
curl -O https://d3079gxvs8ayeg.cloudfront.net/templates/managing.yaml
echo "Optionally add Managing account to the file downloaded as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded file."
aws cloudformation deploy --stack-name spinnaker-managing-infrastructure-setup --template-file managing.yaml \
--parameter-overrides UseAccessKeyForAuthentication=true --capabilities CAPABILITY_NAMED_IAM --region us-west-2If you want to use InstanceProfile run Spinnaker
curl -O https://d3079gxvs8ayeg.cloudfront.net/templates/managing.yaml
echo "Optionally add Managing account to the file downloaded as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded file."
aws cloudformation deploy --stack-name spinnaker-managing-infrastructure-setup --template-file managing.yaml \
--parameter-overrides UseAccessKeyForAuthentication=false --capabilities CAPABILITY_NAMED_IAM --region us-west-2These steps need to be carried out for the managing account as well.
curl -O https://d3079gxvs8ayeg.cloudfront.net/templates/managed.yaml
aws cloudformation deploy --stack-name spinnaker-managed-infrastructure-setup --template-file managed.yaml \
--parameter-overrides AuthArn=FROM_ABOVE ManagingAccountId=FROM_ABOVE --capabilities CAPABILITY_NAMED_IAM --region us-west-2There are 2 options here
- Using AWS IAM AccessKey and Secret Option number 1 is useful for creation of user with AWS Access Key and secret. This is a common configuration.
- Using AWS IAM Roles Option 2 uses the IAM roles ManagingRole and ManagedRoles. This setting is applied on some environments that have extra security considerations.
- Incase, if you miss to add append the Line 158, then Manually create a Policy by Navigating to Console > IAM > Policies.
- Click on Create New Policy, then click on JSON and add the code shown below.
- Name the policy “Spinnaker AssumeRole Policy”.
{
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Resource": [
"arn:aws:iam::<AWS Account ID>:role/spinnakerManaged",
"arn:aws:iam::<AWS Account ID>:role/spinnakerManaged"
],
"Effect": "Allow"
}]
}After the AWS IAM user, roles, policies and trust relationship have been set up, the next step is to add the AWS configurations to Spinnaker via Halyard CLI:
- Access the Halyard Pod.
- Add the configurations for AWS provider with
halcommand. Please check hal config provider AWS. - Enable the AWS provider
hal config provider aws enable.
These steps need to be carried out only if you selected UseAccessKeyForAuthentication as true in Option-1 or Option-2 above
hal config provider aws edit --access-key-id ${ACCESS_KEY_ID} \
--secret-access-key # do not supply the key here, you will be prompted
hal config provider aws bakery edit --aws-access-key ${ACCESS_KEY_ID} \
--aws-secret-key # do not supply the key here, you will be prompted$AWS_ACCOUNT_NAME={name for AWS account in Spinnaker, e.g. my-aws-account}
hal config provider aws account add $AWS_ACCOUNT_NAME \
--account-id ${ACCOUNT_ID} \
--assume-role role/spinnakerManagedNow enable AWS
hal config provider aws enableYou can view the available configuration flags for AWS within the Halyard reference.
Optionally, you can set up Amazon's Elastic Container Service or set up another cloud provider, but otherwise you're ready to choose an environment in which to install Spinnaker.