How to Integrate AWS with Spinnaker
Overview
4 min readFeb 4, 2021
- Assuming that you have Spinnaker Installed, we will explore about Integrating AWS with Spinnaker in this Blog.
- In AWS, an EC2 is used to launch as many VM’s as we need, to configure security and networking, and to manage storage.
- In Spinnaker, AWS plays almost the same role when user configures AWS as a Cloud Provider.
- There are two methods to configure AWS as Cloudprovider,
- By using AWS Console
- By using AWS CLI
- In this document we will explore the integration process using AWS Console
Steps to Setup EC2 with Spinnaker
- Steps to create Managing Account
- Navigate to Console > CloudFormation and select your preferred region.
- Click here to Download the template locally.
- Search for ‘SpinnakerInstanceProfileArn’ and comment out the line.
- (Optional). Add additional managed account as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded template file.
- Execute the below to create the CloudFormation Stack
- Create Stack > Upload a template to Amazon S3 > Browse to template you downloaded in Step-2 above > Next
- Enter Stack Name as ‘spinnaker-managing-infrastructure-setup’, Click on the dropdown ‘UseAccessKeyForAuthentication’ and select true to get the Access and Secret Key.
- Then follow the prompts on screen and click on create the stack. - Once the stack is select the stack you created in Step-3 > Outputs and note the values(AccessKeyId, Secret, ManagingAccountID & AuthArn). These values are mandatory for subsequent configurations.
- Steps to Create Managed Account.
- Navigate to Console > CloudFormation and select your preferred region.
- Click here to Download the template locally.
- Creating the CloudFormation Stack
- Create Stack > Upload a template to Amazon S3 > Browse to template you downloaded in Step-2 above > Next
- Enter Stack Name as ‘spinnaker-managed-infrastructure-setup’ and follow the prompts on screen to create the stack
- Enter AuthArn and ManagingAccountId as the value noted above and follow the prompts on screen to create the stack
Steps to Create IAM Role for EC2
- Navigate to Console > IAM > Roles
- Click on Create New Role, select EC2 and name it as per requirement(eg. ec2-instance)
- Search for the below policies
- AmazonEC2FullAccess
- spinnakerAssumeRolePolicy
- baseiampolicy
- AutoScalingFullAccess
- PowerUserAccess - Click on Review and Submit to Create.
- Now Edit the newly created role and click on TrustRelationships and add the below JSON entry
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
Steps to Create “Spinnaker AssumeRole Policy”
- Navigate to Console > IAM > Policies.
- Click on Create New Policy, click on JSON and add the below code.
- Name the policy as “Spinnaker AssumeRole Policy”.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Resource": [
"arn:aws:iam::<AWSAccountID>:role/spinnakerManaged",
"arn:aws:iam::<AWSAccountID>:role/spinnakerManaged"
],
"Effect": "Allow"
}
]
}
Steps to configure AWS EC2 using AWS CLI
Managing Account creation using
- Execute the below command to use AccessKey and Secret to run Spinnaker
curl https://d3079gxvs8ayeg.cloudfront.net/templates/managing.yaml
------------------------------------------------------------------echo "Optionally add Managing account to the file downloaded as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded file."
aws cloudformation deploy --stack-name spinnaker-managing-infrastructure-setup --template-file managing.yaml \ --parameter-overrides UseAccessKeyForAuthentication=true --capabilities CAPABILITY_NAMED_IAM --region us-east-1
- Execute the below command to use InstanceProfile run Spinnaker
curl https://d3079gxvs8ayeg.cloudfront.net/templates/managing.yaml
------------------------------------------------------------------echo "Optionally add Managing account to the file downloaded as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded file."
aws cloudformation deploy --stack-name spinnaker-managing-infrastructure-setup --template-file managing.yaml \
--parameter-overrides UseAccessKeyForAuthentication=false --capabilities CAPABILITY_NAMED_IAM --region us-east-1
Managed Account Creation
- Note: These steps need to be carried out for the managing account as well.
curl https://d3079gxvs8ayeg.cloudfront.net/templates/managed.yamlaws cloudformation deploy --stack-name spinnaker-managed-infrastructure-setup --template-file managed.yaml \
--parameter-overrides AuthArn=FROM_ABOVE ManagingAccountId=FROM_ABOVE --capabilities CAPABILITY_NAMED_IAM --region us-east-1
Configure Halyard with AccessKeys
- These steps need to be executed only if you selected UseAccessKeyForAuthentication as true in Option-1 or Option-2 above
ACCESSKEYID=12345678910(Update this with your Access Key)hal config provider aws edit --access-key-id ${ACCESSKEYID} \
--secret-access-key#do not supply the key here, you will be prompted hal config provider aws bakery edit --aws-access-key ${ACCESSKEYID} \
--aws-secret-key # do not supply the key here, you will be prompted
Configure Halyard to add AWS account
- Execute the below command to add AWS EC2 Account
$AWS_ACCOUNT_NAME={name for AWS account in Spinnaker, e.g. my-aws-account}
hal config provider aws account add $AWS_ACCOUNT_NAME \
--account-id ${ACCOUNT_ID} \
--assume-role role/spinnakerManaged \
--regions us-east-1
- Execute the below command to Enable AWS
hal config provider aws enable
- Now, restart Spinnaker to see the changes reflecting on your spinnaker
hal deploy apply
Now you have successfully configured AWS as a cloud provider in Spinnaker.