This blog post demonstrates, how an OpenSSH key can be imported to Amazon platform, how to verify fingerprints, and how to use the keys on a CloudFormation EC2 instance.
This blog post uses aws-must-templates to create “a VPC with a public subnet and private subnet, and a network address translation (NAT) instance in the public subnet” similar to scenario 2 in Amazon VPC documentation. Focus is in describing steps needed to setup the environment, to create the stack, and to test the provisioned result on Amazon platform.
Amazon EC2 Instance IP Addressing sets several challenges for SSH usage, and for any tool using SSH connections:
- Amazon public DNS names encode public IP addresses. Each time an instance is assigned a new public IP address, it also gets a new public DNS name. In essence this means that the task of managing Amazon Public DNS names becomes comparable to the task of managing IP addresses.
- Using an IP address to contact an instance is complicated, because public IP Address, once released, cannot be reused. Using fixed IP addresses, such as Amazon Elastic-Ip Address, requires keeping track of reserved address, and comes with extra costs.
- EC2 instances, with only a private IP address, cannot be reached directly from the Internet.
- Private DNS names also encode the IP address they map to. On top of that, private DNS names cannot resolved outside the cloud network of the instance.
This post presents an idea to solve the challenges listed above. In short, we synchronize Amazon EC2 instance metadata automatically in OpenSSH Client Configuration file allowing SSH connections to be established using names stored in EC2 Tags. We give an example, and use it to introduce a tool, called aws-ssh-resolver, implementing the idea.
AWS CloudFormation gives developers and systems administrators an easy way to create a collection of related AWS resources and provision them on Amazon Platform. In order to make AWS infrastructure management even more efficient and manageable, aws-must-templates adds Template Generator and Test Runner to the set of available tools for an AWS administrator.
This blog entry goes trough a scenario starting with installation of aws-must-templates, continuing with creation an AWS infrastructure, and ending with testing of the infrastructure.
In this blog post, I will introduce aws-must-templates, which is a set of mustache templates for creating CloudFormation JSON. Implementation without tests is asking for trouble, and therefore aws-must-templates are accompanied with test suites to validate correctness of the CloudFormation stacks created.
aws-must is a tool, which helps in managing Amazon CloudFormation templates using using YAML and Mustache templates. Deploying aws-must starts with copying an existing CloudFormation template as a root Mustache template, and continues with extracting YAML configuration data from the template and with stepwise refinement of the templates. Refinement steps include migrating configurations to YAML, refractoring complex templates into Mustache partials, using YAML anchors to express references across CloudFormation elements, tangling documentation and template implementation, and allowing configuration to control AWS resource provisioning.
Amazon CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources. It uses JSON -formatted templates for defining services to be managed together as a “stack”.
However, the CF -templates soon become quite convoluted as the complexity of the infrastructure stack increases. In addition, the JSON format adds more to the management difficulties.
This blog entry discusses, how to deal with the complexity of CloudFormation templates, and proposes a solution separating configuration data from AWS templates.
It is easy to start using Amazon Web Services (AWS) by simply launching an EC2 instance on Amazon Web Services Management Console. Currently, AWS console lists 40 services to choose from, and managing anything more than a single EC2 instance with only the console becomes soon too laborious. Consequently, Amazon offers also a number of other services and tools, which help in managing AWS infrastructure.
It is important to understand the options Amazon has available for service management in order to avoid waste e.g. delays due to too steep learning curve, rework due to wrong tool selection, excessive work due to not using tools correctly, etc.
This blog entry summarizes tools and services Amazon offers for infrastructure management, and presents a personal opinion, and rationale, how to start using them.