InfraKit plugins for creating and managing resources in Amazon AWS.
An InfraKit instance plugin is provided, which creates Amazon EC2 instances.
To build the AWS Instance plugin, run make binaries. The plugin binary will be located at
./build/infrakit-instance-aws.
At a minimum, the plugin requires the AWS region to use. However, this can be inferred from instance metadata when the
plugin is running within EC2. In other cases, specify the --region argument:
$ build/infrakit-instance-aws --region us-west-2
INFO[0000] Starting plugin
INFO[0000] Listening on: unix:///run/infrakit/plugins/instance-vagrant.sock
INFO[0000] listener protocol= unix addr= /run/infrakit/plugins/instance-vagrant.sock err= <nil>To continue with an example, we will use the default Group plugin:
$ build/infrakit-group-default
INFO[0000] Starting discovery
INFO[0000] Starting plugin
INFO[0000] Starting
INFO[0000] Listening on: unix:///run/infrakit/plugins/group.sock
INFO[0000] listener protocol= unix addr= /run/infrakit/plugins/group.sock err= <nil>and the Vanilla Flavor plugin:.
$ build/infrakit-flavor-vanilla
INFO[0000] Starting plugin
INFO[0000] Listening on: unix:///run/infrakit/plugins/flavor-vanilla.sock
INFO[0000] listener protocol= unix addr= /run/infrakit/plugins/flavor-vanilla.sock err= <nil>We will use a basic configuration that creates a single instance:
$ cat << EOF > aws-vanilla.json
{
"ID": "aws-example",
"Properties": {
"Allocation": {
"Size": 1
},
"Instance": {
"Plugin": "instance-aws/ec2-instance",
"Properties": {
"RunInstancesInput": {
"ImageId": "ami-4926fd29",
"KeyName": "bill-laptop",
"Placement": {
"AvailabilityZone": "us-west-2a"
},
"SecurityGroupIds": ["sg-57411931"]
},
"Tags": {
"Name": "infrakit-example"
}
}
},
"Flavor": {
"Plugin": "flavor-vanilla",
"Properties": {
"Init": [
"sh -c \"echo 'Hello, World!' > /hello\""
]
}
}
}
}
EOFFor the structure of RunInstancesInput, please refer to the document of AWS SDK for Go.
Note that you will need to replace the KeyName with an
SSH key pair you have access to, and the
SecurityGroups with a group available in your VPC. For the purposes of this example, it will be helpful to select
a Security Group that you can access
via SSH.
The instance type is set to m1.small by default. Note that you cannot use HVM images for m1.small.
Finally, instruct the Group plugin to start watching the group:
$ build/infrakit group commit aws-vanilla.json
Committed aws-example: Managing 1 instancesIn the console running the Group plugin, we will see input like the following:
INFO[1219] Committing group aws-example (pretend=false)
INFO[1219] Adding 1 instances to group to reach desired 1
INFO[1219] Created instance i-ba0412a2 with tags map[infrakit.config_sha:dUBtWGmkptbGg29ecBgv1VJYzys= infrakit.group:aws-example]
Additionally, the CLI will report the newly-created instance:
$ build/infrakit group inspect aws-example
ID LOGICAL TAGS
i-ba0412a2 172.31.41.13 Name=infrakit-example,infrakit.config_sha=dUBtWGmkptbGg29ecBgv1VJYzys=,infrakit.group=aws-exampleRetrieve the IP address of the host from the AWS console, and use SSH to verify that our shell code ran:
$ ssh [email protected] cat /hello
Hello, World!The plugin expects properties in the following format:
{
"Tags": {
},
"RunInstancesInput": {
}
}The Tags property is a string-string mapping of EC2 instance tags to include on all instances that are created.
RunInstancesInput follows the structure of the type by the same name in the
AWS go SDK.
The plugin can use API credentials from several sources.
Additional credentials sources are supported, but are not generally recommended as they are less secure:
- command line arguments:
--session-token, or--access-key-idand--secret-access-key - environment variables: see AWS docs
The maintainers take security seriously. If you discover a security issue, please bring it to their attention right away!
Please DO NOT file a public issue, instead send your report privately to [email protected].
Security reports are greatly appreciated and we will publicly thank you for it. We also like to send gifts—if you're into Docker schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future.
Copyright © 2016 Docker, Inc. All rights reserved, except as follows. Code is released under the Apache 2.0 license. The README.md file, and files in the "docs" folder are licensed under the Creative Commons Attribution 4.0 International License under the terms and conditions set forth in the file "LICENSE.docs". You may obtain a duplicate copy of the same license, titled CC-BY-SA-4.0, at http://creativecommons.org/licenses/by/4.0/.