How to Integrate Spinnaker with AWS EC2

Overview

OpsMx now provides a reference deployment guide that provides step-by-step instructions for deploying Spinnaker, which is a continuous deployment tool from Netflix Open Source Software, on the Amazon Web Services (AWS) Cloud.

In this document, we will explore how to set up AWS EC2 as a cloud provider with Spinnaker.

• • In AWS, an EC2 is used to launch as many VM’s as we need, to configure security and networking, and to manage storage.
  • In Spinnaker, AWS plays almost the same role when the user configures AWS as a Cloud Provider.
  • There are two methods to configure AWS as Cloud Driver,
    1. By using AWS Console
    2. By using AWS CLI

In this document, we will explore the integration process between Spinnaker and AWS EC2 using AWS Console.

Steps to setup AWS EC2 with Spinnaker

• Steps to create Managing Account

  • Navigate to Console > CloudFormation and select your preferred region.
  • Click here to download the template locally.
  • Search for ‘SpinnakerInstanceProfileArn’ and comment out the line.
  • (Optional). Add an additional managed account as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded template file.
  • Execute the below to create the CloudFormation Stack
    1. Create Stack > Upload a template to Amazon S3 > Browse to the template you downloaded in Step-2 above > Next
    2. Enter Stack Name as ‘spinnaker-managing-infrastructure-setup’, Click on the dropdown ‘UseAccessKeyForAuthentication’ and select true to get the Access and Secret Key.
    3. Then follow the prompts on the screen and click on create the stack.
  • Once the stack is select the stack you created in Step-3 > Outputs and note the values(AccessKeyId, Secret, ManagingAccountID & AuthArn). These values are mandatory for subsequent configurations.

• Steps to Create Managed Account in AWS

  • Navigate to Console > CloudFormation and select your preferred region.
  • Click here to download the template locally.
  • Creating the CloudFormation Stack
    1. Create Stack > Upload a template to Amazon S3 > Browse to the template you downloaded in Step-2 above > Next
    2. Enter Stack Name as ‘spinnaker-managed-infrastructure-setup’ and follow the prompts on the screen to create the stack
    3. Enter AuthArn and ManagingAccountId as the value noted above and follow the prompts on the screen to create the stack

• Steps to Create IAM Role for AWS EC2

  • Navigate to Console > IAM > Roles
  • Click on Create New Role, select EC2, and name it as per requirement(eg. ec2-instance)
  • Search for the below policies
    • AmazonEC2FullAccess
    • spinnakerAssumeRolePolicy
    • baseiampolicy
    • AutoScalingFullAccess
    • PowerUserAccess
  • Click on Review and Submit to Create.
  • Now Edit the newly created role and click on TrustRelationships and add the below JSON entry

{
   "Version": "2012-10-17",
   "Statement": [
     {
       "Effect": "Allow",
       "Principal": {
         "Service": [
           "ec2.amazonaws.com" 
         ]
       },
       "Action": "sts:AssumeRole"
     }
   ]
 }

• Steps to Create “Spinnaker AssumeRole Policy”

  • Navigate to Console > IAM > Policies
  • Click on Create New Policy, click on JSON and add the below code
  • Name the policy as “Spinnaker AssumeRole Policy”

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "sts:AssumeRole",
            "Resource": [
                "arn:aws:iam::<AWS Account ID>:role/spinnakerManaged",
                "arn:aws:iam::<AWS Account ID>:role/spinnakerManaged"
            ],
            "Effect": "Allow"
        }
    ]
}

Steps to configure AWS EC2 using AWS CLI

Managing Account creation

• Execute the below command to use AccessKey and Secret to run Spinnaker

curl https://d3079gxvs8ayeg.cloudfront.net/templates/managing.yaml echo "Optionally add Managing account to the file downloaded as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded file."
aws cloudformation deploy --stack-name spinnaker-managing-infrastructure-setup --template-file managing.yaml \ --parameter-overrides UseAccessKeyForAuthentication=true --capabilities CAPABILITY_NAMED_IAM --region us-west-2

• Execute the below command to use InstanceProfile run Spinnaker

curl https://d3079gxvs8ayeg.cloudfront.net/templates/managing.yaml

echo "Optionally add Managing account to the file downloaded as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded file."
 aws cloudformation deploy --stack-name spinnaker-managing-infrastructure-setup --template-file managing.yaml \
 --parameter-overrides UseAccessKeyForAuthentication=false --capabilities CAPABILITY_NAMED_IAM --region us-west-2

Managed Account Creation

• • Note: These steps need to be carried out for the managing account as well.

curl https://d3079gxvs8ayeg.cloudfront.net/templates/managed.yamlaws cloudformation deploy --stack-name spinnaker-managed-infrastructure-setup --template-file managed.yaml \
 --parameter-overrides AuthArn=FROM_ABOVE ManagingAccountId=FROM_ABOVE --capabilities CAPABILITY_NAMED_IAM --region us-west-2

Configure Halyard with AccessKeys

• These steps need to be executed only if you selected UseAccessKeyForAuthentication as true in Option-1 or Option-2 above

hal config provider aws edit --access-key-id ${ACCESS_KEY_ID} \
     --secret-access-key # do not supply the key here, you will be prompted 
hal config provider aws bakery edit --aws-access-key ${ACCESS_KEY_ID} \
     --aws-secret-key # do not supply the key here, you will be prompted

Configure Halyard to add an AWS account

• Execute the below command to add AWS EC2 Account

$AWS_ACCOUNT_NAME={name for AWS account in Spinnaker, e.g. my-aws-account}
 hal config provider aws account add $AWS_ACCOUNT_NAME \
     --account-id ${ACCOUNT_ID} \
     --assume-role role/spinnakerManaged
     --regions us-east-1

• Execute the below command to Enable AWS

hal config provider aws enable

So here in this article, we have shown you the integration process between Spinnaker and AWS EC2. Now you can easily do it yourself. Do let us know in the comments section below about your experience in doing so or if any problems arose. If you are using AWS, there are some articles you may find interesting to streamline your continuous delivery:

1. OpsMx adds latest Spinnaker version on AWS Marketplace

2. Top picks from Andy Jassy’s Keynote at AWS re: Invent 2020

3. Continuous Delivery into AWS (EC2) using Spinnaker CD Pipeline

4. Baking AWS AMI Image in Spinnaker Continuous Delivery Pipeline

5. AWS ECR Integration with Spinnaker

6. How to Integrate AWS ECS with Spinnaker

7. How to Integrate AWS Lambda with Spinnaker

8. How to Integrate Spinnaker with AWS EC2

If you want to know more about the OpsMx Enterprise for Spinnaker or request a demonstration, please book a meeting with us.

OpsMx is a leading provider of Continuous Delivery solutions that help enterprises safely deliver software at scale and without any human intervention. We help engineering teams take the risk and manual effort out of releasing innovations at the speed of modern business. For additional information, contact us