Aws Capi Setup

This document describes the pre-requisites for setting up your AWS Account before you can create AWS and EKS Clusters using PMK.

AWS Service Account

Platform9 recommends that a service account be created in AWS and an associated Secret Key and Access Key be setup.

Access Key and Secret Key

PMK requires that you specify an AWS access key ID and associated secret access key for a single IAM user in your AWS account. All credentials are encrypted in the Platform9 SaaS Management Plane.

Setup your AWS Account

Create Required AWS IAM Policy

You can download a pre-configured AWS Policy that is limited to the permissions detailed below from here, and apply it to an existing or new credential.

Download IAM Policy

Refer to this AWS article for more info on how to create and manage AWS access key ID and secret access key for your AWS account.

Create AWS CloudFormation Stack for additional Roles and Policies for CAPI

Follow the steps given below to create a new AWS CloudFormation Stack

1. Download the CloudFormationStack template required for Platform9 CAPI.

2. Follow the AWS prescribed steps to create CloudFormation Stack using the above template: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-create-stack.html. Name the CloudFormation Stack as cluster-api-provider-aws-sigs-k8s-io.

3. Once Created the stack should look like below. All the IAM policies and roles required for CAPI clusters to work should get created.

Add AWS Cloud Provider in PMK

Follow the steps given below to create a new AWS cloud provider.

1. Navigate to Infrastructure -> Cloud Providers -> Add New Cloud Provider.

2. Click Amazon Web Services under Cloud Provider Type.

3. Enter the following AWS credentials and Click Save.

The AWS cloud provider is created successfully, and you are now ready to create Kubernetes clusters on the AWS cloud provider.

You can create multiple AWS cloud providers. For ease of debugging, we recommend that each cloud provider is created with unique credentials.

Test AWS Cloud Provider

To ensure clusters can be created by a given cloud provider Platform9 has built a mechanism to test connectivity and validate the credentials.

You can test an AWS cloud provider to ensure the credentials used by that cloud provider will be able to deploy a cluster.

Follow the steps below to test an AWS cloud provider.

1. Navigate to Infrastructure > Cloud Providers.

2. Select the AWS Cloud Provider whose credentials you want to test.

3. Click Edit Cloud Provider button.

4. Below the Credentials details are three cards that validate access to AWS; Region Access, Route53 Access and Registered Domain and SSH Key availability.

5. Select a Region. This will fire a test to validate Route53 and SSH Key availability.

Edit AWS Cloud Provider

You can edit a cloud provider to update the credentials used by that cloud provider.

Follow the steps given below to edit an AWS cloud provider.

• Navigate to Infrastructure -> Cloud Providers

• Select the AWS Cloud Provider whose credentials you want to edit

• Click Edit Cloud Provider button.

• Make the required changes to the credentials and click Update Cloud Provider.

The changed credentials are used to access the cloud resources once the cloud provider is updated.

Delete AWS Cloud Providers

You can delete an existing AWS when you no longer require it.

You must be an administrator to perform this operation.

Follow the steps given below to delete a cloud provider.

• Navigate to Infrastructure>Cloud Providers.

• Select the Cloud Provider to delete.

• Click Delete Cloud Provider button

• Verify your selection to delete the cloud provider.