Which IAM role/roles should I assign to an EC2 Instance to create EKS Cluster using eksctl command line tool? As storing AWS CLI credentials in EC2 Instance is not a secure option.
Related
I need to access EKS Cluster through EC2 instance sitting in same VPC in which EKS Cluster is created, and we do not have secret key available for that role?
I have tried created the roles with all admin permission and assign that role to EC2 instances and try to access it through system manager but I could not able to authenticate the EKS cluster. By default I am using EC2privateDNSconfig role which is there in AWSAuth.
Can I create a user and assign a role and add it to AWSAuthConfig and able to access the EKS cluster?
So I have 2 aws accounts,
in one I have the ECS Cluster
in the other one I have a few EC2 instances
How to tell those EC2 instances to connect to that ECS cluster?
I was reading here How to register EC2 Instance to ECS cluster? that you could lunch an instance and edit the /etc/ecs/ecs.config but there is only CS_CLUSTER={cluster_name} to change, not sure how to reference a cluster from the other account/region.
I am trying to deploy my sample Spring Cloud Microservice into AWS ECS service. I found that Fargate method and EC2 launch method. Here actually I am looking for to launch ECS service from my own EC2 instance. Now I have only Ubuntu 16.04 AMI. I am planning to use AWS ECS optimized AMI as my EC2. So I need to launch ECS using my own EC2. So I am confused about the launching by optimized my own EC2.
I am seeking useful links or documentation for launching using above method. Since I am beginning stage on AWS Cloud.
The AMI you've configured for your instance doesn't matter (generally). Once your EC2 instance is created, go over to the ECS section of AWS and create a cluster containing your host.
In ECS you need to define a task containing your container, the repo to pull it from, and all the other necessary details. From here you can go to your cluster and launch your task on your host, either manually, or by defining a service to automate the launching for you.
I am trying to launch node in EC2 VPC using chef knife ec2 server create to launch ec2 instance into VPC, But I looking a flag to specify vpc info.
Anyone know how to spin up ec2 instance into vpc using knife ec2 server create ?
Thanks
There is a --subnet SUBNET_ID flag for knife ec2 command. You can specify which subnet of VPC you want the instance be created using this flag.
Refer: https://docs.chef.io/plugin_knife_ec2.html
You cannot provide VPC identity. However, you can provide subnet identity which eventually will create the instance in your VPC of choice.
My specific need is to get the list of EC2 instances in the deployment from within one of the instances.
I've tried using AWS command line for example aws elb describe-load-balancers however it would just give details of all my AWS services. I know you can specify an instances name with --load-balancer-name but I just don't have access to that from within the instance automatically.
Perhaps a file can be created on instance creation by placing something in .ebextensions?
You can do it in a two step process using the AWS CLI.
First you get the endpoint for your Elastic Beanstalk application:
aws elasticbeanstalk describe-environments --query='Environments[?ApplicationName==`Your-application-name`].EndpointURL'
Then you use the endpoint to get the instances:
aws elb describe-load-balancers --query='LoadBalancerDescriptions[?DNSName==`load-balancer-end-point-from-previous-step`].Instances[0]'