Infrastructure As Code: Automating AWS ec2 Virtual Machines Using SaltStack

Aymen El Amri
Apr 30, 2016 · 7 min read

AWS Provider Configuration

https://eu-west-1.console.aws.amazon.com/ec2/v2/home?region=eu-west-1#KeyPairs:sort=keyName
https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#KeyPairs:sort=keyName
ec2-fingerprint-key kp.pem
/etc/salt/kp.pem
https://console.aws.amazon.com/iam/home?#security_credential
ec2-private:  # Set up the location of the salt master
  minion:
    master: saltmaster.myhost.com
  
  # Set up grains information, which will be common for all nodes  using this provider
  grains:
    env: test  # Specify whether to use public or private IP for deploy script.
  ssh_interface: private_ips  # Set the EC2 access credentials
  id: ‘use-instance-role-credentials’
  key: ‘use-instance-role-credentials’  # Make sure this key is owned by root with permissions 0400.
  private_key: /etc/salt/test_key.pem
  keyname: test_key  securitygroup: default  # This is optional but you can set up your default region and  availability zone (optional)
   location: eu-west-1
   availability_zone: eu-west-1c  # Salt Cloud will use this user name to deploy, it depends on your AMI.
  # Amazon Linux > ec2-user
  # RHEL > ec2-user
  # CentOS > ec2-user
  # Ubuntu > ubuntu  ssh_username: ubuntu
  
  # Optionally add an IAM profile  iam_profile: ‘arn:aws:iam::123456789012:instance-profile/ExampleInstanceProfile’   provider: ec2
ec2-public:  minion:    master: saltmaster.myhost.com  ssh_interface: public_ips  id: ‘use-instance-role-credentials’  key: ‘use-instance-role-credentials’  private_key: /etc/salt/test_key.pem  keyname: test_key  securitygroup: default  location: eu-west-1  availability_zone: eu-west-1c  ssh_username: ubuntu  iam_profile: ‘my other profile name’  provider: ec2

AWS Profile Configuration

provider: ec2-private
image: ami-a609b6d5
size: t2.micro
ssh_username: ubuntu
volumes:
  - { size: 10, device: /dev/sdf }
volumes:
  - { size: 10, device: /dev/sdf }
  - { size: 300, device: /dev/sdg, type: io1, iops: 3000 }
  - { size: 300, device: /dev/sdh, type: io1, iops: 3000 }
ebs_optimized: True
tag: {‘env’: ‘test’, ‘role’: ‘redis’}
sync_after_install: grains
script: /etc/salt/cloud.deploy.d/configure_vim.sh
network_interfaces:
  - DeviceIndex: 0
PrivateIpAddresses:
  - Primary: True
AssociatePublicIpAddress: True
SubnetId: subnet-142f4bdd
SecurityGroupId:
  - sg-750af531
allocate_new_eips: True
del_root_vol_on_destroy: True
del_all_vol_on_destroy: True
base_ec2_private:
  provider: ec2-private
  image: ami-a609b6d5
  size: t2.micro
  ssh_username: ubuntu  volumes:
    - { size: 10, device: /dev/sdf }
    - { size: 300, device: /dev/sdg, type: io1, iops: 3000 }
    - { size: 300, device: /dev/sdh, type: io1, iops: 3000 }  tag: {‘env’: ‘test’, ‘role’: ‘redis’}  sync_after_install: grains  script: /etc/salt/cloud.deploy.d/configure_vim.sh  network_interfaces:
    - DeviceIndex: 0
  PrivateIpAddresses:
    - Primary: True
  #auto assign public ip (not EIP)
  AssociatePublicIpAddress: True
  SubnetId: subnet-813d4bbf
  SecurityGroupId:
    - sg-750af531  del_root_vol_on_destroy: True
  del_all_vol_on_destroy: True
base_ec2_private:
  provider: ec2-private
  image: ami-a609b6d5
  size: t2.micro
  ssh_username: ubuntu  volumes:
    - { size: 10, device: /dev/sdf }
    - { size: 300, device: /dev/sdg, type: io1, iops: 3000 }
    - { size: 300, device: /dev/sdh, type: io1, iops: 3000 }  tag: {‘env’: ‘test’, ‘role’: ‘redis’}  sync_after_install: grains  script: /etc/salt/cloud.deploy.d/configure_vim.sh  network_interfaces:
    - DeviceIndex: 0
  PrivateIpAddresses:
    - Primary: True
  AssociatePublicIpAddress: True
  SubnetId: subnet-813d4bbf
  SecurityGroupId:
    - sg-750af531  del_root_vol_on_destroy: True
  del_all_vol_on_destroy: True  base_ec2_public:
  provider: ec2-private
  extends: base_ec2_private
salt-cloud -p base_ec2_private private_minion
salt-cloud -p base_ec2_public public_minion
ec2_private:  - redis  - mysqlec2_public:  - web_1  - web_2
salt-cloud -m /etc/salt/cloud.map.app -P
salt-cloud -a get_tags ec2_minionsalt-cloud -a set_tags ec2_minion tag1=value1 tag2=value2salt-cloud -a del_tags ec2_minion tag1,tag2
salt-cloud -a rename ec2_minion newname=ec2_my_minion
salt-cloud -a enable_term_protect ec2_minion
salt-cloud -a show_term_protect ec2_minionsalt-cloud -a disable_term_protect ec2_minion
salt-cloud -f create_volume ec2 zone=eu-west-1c
salt-cloud -f create_volume ec2 zone=eu-west-1c size=100
salt-cloud -f create_volume ec2 zone=eu-west-1c snapshot=snapshot_id
salt-cloud -f create_volume ec2 size=100 type=standardsalt-cloud -f create_volume ec2 size=100 type=gp2salt-cloud -f create_volume ec2 size=200 type=io1 iops=2000
salt-cloud -a detach_volume ec2_minion volume_id=vol_idsalt-cloud -f delete_volume ec2 volume_id=vol_id

If you enjoyed this story, please click the 👏 button to support its author and join the community:

Faun

The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts

Aymen El Amri

Written by

Cloud&DevOps, Entrepreneur, TechAuthor, Founder/CEO www.eralabs.io & www.faun.dev , About me : www.aymenelamri.com

Faun

Faun

The Must-Read Publication for Aspiring Developers & DevOps Enthusiasts