Skip to content

Commit

Permalink
aws: launch and customize a new instance with remote Ignition file
Browse files Browse the repository at this point in the history
from a S3 bucket

Xerf to coreos/fedora-coreos-tracker#1769
  • Loading branch information
HuijingHei committed Aug 6, 2024
1 parent 3bb1c3f commit 70c05ed
Showing 1 changed file with 38 additions and 3 deletions.
41 changes: 38 additions & 3 deletions modules/ROOT/pages/provisioning-aws.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ aws s3 mb s3://$NAME-infra
----
NAME='instance1'
CONFIG='/path/to/config.ign' # path to your Ignition config
aws s3 cp CONFIG s3://$NAME-infra/bootstrap.ign
aws s3 cp $CONFIG s3://$NAME-infra/bootstrap.ign
----

You can verify the file have been correctly uploaded:
Expand All @@ -102,7 +102,42 @@ ignition:
source: s3://instance1-infra/bootstrap.ign
----

Then you can launch the instance using the same command as xref:#_customized_example[], passing the minimal configuration you just created.
Then you can launch the instance using the following command, passing the minimal configuration you just created.

Note: You need to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#create-iam-role[create an IAM profile] with `s3:GetObject` permission, then will attach it to the instance.

TIP: To access S3 bucket, should enable the public IP addressing with argument `--associate-public-ip-address` if you are using a nondefault
VPC, or will get error like:
```
ignition: failed to acquire config: RequestError: send request failed
caused by: Get "https://xxx-infra.xxx/bootstrap.ign": dial tcp x.x.x.x:443: i/o timeout
```

.Launching and customizing a new instance with remote Ignition file from a S3 bucket
[source,bash]
----
NAME='instance1'
SSHKEY='my-key' # the name of your SSH key: `aws ec2 describe-key-pairs`
IMAGE='ami-xxx' # the AMI ID found on the download page
DISK='20' # the size of the hard disk
REGION='us-east-1' # the target region
TYPE='m5.large' # the instance type
SUBNET='subnet-xxx' # the subnet: `aws ec2 describe-subnets`
SECURITY_GROUPS='sg-xxx' # the security group `aws ec2 describe-security-groups`
USERDATA='/path/to/config.ign' # path to your Ignition config
PROFILE='xxx-profile' # the name of an IAM instance profile `aws iam list-instance-profiles`
aws ec2 run-instances \
--region $REGION \
--image-id $IMAGE \
--instance-type $TYPE \
--key-name $SSHKEY \
--subnet-id $SUBNET \
--security-group-ids $SECURITY_GROUPS \
--user-data "file://${USERDATA}" \
--iam-instance-profile Name=${PROFILE} \
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=${NAME}}]" \
--block-device-mappings "VirtualName=/dev/xvda,DeviceName=/dev/xvda,Ebs={VolumeSize=${DISK}}"
----

Once the first boot is completed, make sure to delete the configuration as it may contain sensitive data.
See xref:#_configuration_cleanup[].
Expand All @@ -117,7 +152,7 @@ See the https://coreos.github.io/ignition/operator-notes/#secrets[Ignition docum
[source,bash]
----
NAME='instance1'
aws s3 rm CONFIG s3://$NAME-infra/bootstrap.ign
aws s3 rm s3://$NAME-infra/bootstrap.ign
----

Optionnally, you can delete the whole bucket:
Expand Down

0 comments on commit 70c05ed

Please sign in to comment.