If you have an environment like we do you, fairly small and few service layers, it may not make sense to provision a Chef Server. Luckily, we can still get the benefits of using Chef to configure our servers by using the included Chef-Solo. Chef-Solo will run entirely locally on the instance, therefore we must include all required dependencies on the server, ie. cookbooks, run-lists, environments, etc.
The following process I will demonstrate how to launch an AWS EC2 instance and have Chef-Solo configure the instance. I will not go into details about how Chef works with recipes and cookbooks.
Here are the steps we will need to follow to start this process.
- Create S3 bucket to store Chef files, this includes your cookbooks
- Create IAM Role and define access to the S3 bucket
- Configure UserData to run PowerShell on initial launch
- The UserData will do the following
- Download the Chef-Client from an S3 Bucket
- Download the Chef Cookbooks, Recipes, etc
- Install the Chef-Client
- Run Chef-solo
1. Create an S3 bucket and upload the Chef MSI, cookbooks, run scripts, etc
2. Create an IAM role with a policy to allow Read only access to the S3 bucket
By creating an IAM role and assigning the role to the instance we can eliminate the need to use an IAM user account with access keys. IAM roles utilize temporary credentials to grant access to AWS resources.
Within the AWS console create a new IAM role and Select Role Type: AWS Service Roles > Amazon EC2
Follow the prompts clicking through until the Role is finally created. With the role created, we must now create a new Inline policy which will grant access to the S3 bucket.
Here is the policy, you must modify the bucket name :
3. Launch a new instance and configure UserData
I’ve provided comments to the code for clarifications.
Hi Ryan,
I think I found it. Before creating the AM from the initial instance, I need to enable 'User Data' plugin or shutdown with sysprep.
I'll do the experiment and post the update here.
Thanks -Rafiq
Thanks for sharing this informative information. You may also refer…Amazon Web Services (AWS) BGP
This video demonstrates how to configure the Amazon Web Services BGP to set up a VPN between a Check Point Security Gateway and Amazon VPC
http://www.s4techno.com/blog/2015/12/24/amazon-web-services-aws-bgp/