Setting Up Aws Using The Cli For Platform9 Managed Kubernetes

This article describes how to configure AWS so that we can add it as a Cloud Provider for Platform9 Managed Kubernetes (PMK). We will add a user, group, policy, EC2 key pair, and a domain to our account. There are a few prerequisites that need to be met before we get started.

Prerequisites

An AWS Administrative User or Account with IAM Admin Permissions
AWS CLI installed
A registered Domain Name (optional - Register a domain through Route53)

Configure CLI

Once the administrative user has been created, and the CLI has been installed, we can move on to configuring the CLI. To configure the CLI we will need our Access Key ID and Secret Access Key. In this guide we are going to use the us-west-2 region as the default.

aws configure

AWS Access Key ID [None]: (Access Key ID)
AWS Secret Access Key [None]: (Secret Key)
Default region name [None]: us-west-2
Default output format [None]: (enter)

For a full CLI reference refer to: (optional) https://docs.aws.amazon.com/cli/latest/reference/

Setup User

This user account will be used to configure access for the AWS Cloud Provider in PMK.

Create User

aws iam create-user --user-name Platform9

Create Access Key and save it to platform9.json

We will create an access key for the user and save it to a platform9.json file so that we can reference it when setting up the AWS Cloud Provider in PMK.

aws iam create-access-key --user-name Platform9 >> platform9.json

Setup Group

We are using a group for policy attachment instead of applying it directly to a user. This can be beneficial in case we want to add additional users with the same permission set, instead of having to apply the policy to each user individually.

Create Group

aws iam create-group --group-name Platform9

Add User to Group

aws iam add-user-to-group --group-name Platform9 --user-name Platform9

Setup Policy

The policy will be used to configure the required permissions needed by PMK to deploy Kubernetes clusters in AWS.

Download the aws-policy.json file

The aws-policy.json file will allow for adding the permissions needed without having to add each permission individually.

wget https://raw.githubusercontent.com/platform9/support-locker/master/pmk/aws-policy.json

Create Policy based on aws-policy.json

We need to create a new policy so that we can attach it to the group. Create the policy and save the output to policy-info.json so that the ARN can be referenced for additional commands.

aws iam create-policy --policy-name Platform9 --policy-document file://aws-policy.json >> policy-info.json

View details about the policy (optional)

aws iam get-policy --policy-arn $ARN

Attach Policy to the Group

aws iam attach-group-policy --group-name Platform9 --policy-arn $ARN

View policies attached to the group (optional)

aws iam list-attached-group-policies --group-name Platform9

Create EC2 Key Pair

The region we are using in this guide is us-west-2. If a different region is required, replace the region name used for the --region flag.

aws ec2 create-key-pair --key-name Platform9 --region us-west-2

Route53 Setup

Add Domain / Hosted Zone

A Route53 hosted zone is needed to configure the AWS Cloud Provider. Replace $HOSTEDZONE with the hosted zone being used for this deployment. A hosted zone is usually a domain name or FQDN.

aws route53 create-hosted-zone --name $HOSTEDZONE --caller-reference Platform9DomainSetup

Get NS for the domain

First we need to find the id of our hosted zone. Find the recently added hosted zone in the list-hosted-zone output and note the id.

aws route53 list-hosted-zones

Next we will run get-hosted-zone on the id which will output the Nameservers for our Route53 hosted zone.

aws route53 get-hosted-zone --id

Modify the Nameservers for your domain through the registrar. Use an already registered domain.

Register your domain through Route53 (This is an optional step. Do this if you want your PMK cluster API server endpoint to have an FQDN that uses your specific domain. If you do not configure this, the PMK cluster API server end point will be the url corresponding to the ELB auto generated domain name)

https://docs.aws.amazon.com/cli/latest/reference/route53domains/register-domain.html

And now your AWS account is ready to be added as a cloud provider to PMK!

Next Steps

Follow these steps to Create a new PMK AWS cloud provider and then Create a Kubernetes cluster using PMK

Cleanup

If you want to remove your AWS cloud provider you created for PMK, and remove the additions we made in this guide, follow the steps outlined below.

Route53 Cleanup

aws route53 list-hosted-zones

aws route53 delete-hosted-zone --id $HOSTEDZONEID

Key Pair Cleanup

Describe the key pair (optional)

aws ec2 describe-key-pairs

Delete the key pair

aws ec2 delete-key-pair --key-name Platform9

Policy Cleanup

aws iam list-policies

aws iam detach-group-policy --group-name Platform9 --policy-arn $POLICYARN

aws iam delete-policy --policy-arn POLICY-ARN

Group Cleanup

aws iam remove-user-from-group --group-name Platform9 --user-name Platform9

aws iam delete-group --group-name Platform9

User Cleanup

aws iam list-access-keys --user Platform9 (note the AccessKeyId)

aws iam delete-access-key --access-key-id $ACCESSKEYID --user-name Platform9

aws iam delete-user --user-name Platform9

PreviousKubernetes Instance Types Aws Cluster NextSetup Clusters On Aws Vpc Private Subnets

Last updated 5 days ago

Was this helpful?

Good afternoon

hashtagPrerequisites

hashtagConfigure CLI

hashtagSetup User

hashtagCreate User

hashtagCreate Access Key and save it to platform9.json

hashtagSetup Group

hashtagCreate Group

hashtagAdd User to Group

hashtagSetup Policy

hashtagDownload the aws-policy.json file

hashtagCreate Policy based on aws-policy.json

hashtagAttach Policy to the Group

hashtagCreate EC2 Key Pair

hashtagRoute53 Setup

hashtagAdd Domain / Hosted Zone

hashtagGet NS for the domain

hashtagNext Steps

hashtagCleanup

hashtagRoute53 Cleanup

hashtagKey Pair Cleanup

hashtagPolicy Cleanup

hashtagGroup Cleanup

hashtagUser Cleanup