Setting up your AWS Account for PMK

This article describes how to configure AWS so that we can add it as a Cloud Provider for Platform9 Managed Kubernetes (PMK). We will add a user, group, policy, EC2 key pair, and a domain to our account. There are a few prerequisites that need to be met before we get started.

Prerequisites

An AWS Administrative User or Account with IAM Admin Permissions
AWS CLI installed
A registered Domain Name (optional - Register a domain through Route53)

Configure CLI

Once the administrative user has been created, and the CLI has been installed, we can move on to configuring the CLI. To configure the CLI we will need our Access Key ID and Secret Access Key. In this guide we are going to use the us-west-2 region as the default.

AWS Configure
    
 
aws configure
Copy

Output
    
 
AWS Access Key ID [None]: (Access Key ID)AWS Secret Access Key [None]: (Secret Key)Default region name [None]: us-west-2Default output format [None]: (enter)
Copy

For a full CLI reference refer to: (optional) https://docs.aws.amazon.com/cli/latest/reference/

Setup User

This user account will be used to configure access for the AWS Cloud Provider in PMK.

Create User

Create User
    
 
aws iam create-user --user-name Platform9
Copy

Create Access Key and save it to platform9.json

We will create an access key for the user and save it to a platform9.json file so that we can reference it when setting up the AWS Cloud Provider in PMK.

Create Access Key
    
 
aws iam create-access-key --user-name Platform9 >> platform9.json
Copy

Setup Group

We are using a group for policy attachment instead of applying it directly to a user. This can be beneficial in case we want to add additional users with the same permission set, instead of having to apply the policy to each user individually.

Create Group

Create Group
    
 
aws iam create-group --group-name Platform9
Copy

Add User to Group

Add User to Group
    
 
aws iam add-user-to-group --group-name Platform9 --user-name Platform9
Copy

Setup Policy

The policy will be used to configure the required permissions needed by PMK to deploy Kubernetes clusters in AWS.

Download the aws-policy.json file

The aws-policy.json file will allow for adding the permissions needed without having to add each permission individually.

Download Policy json
    
 
wget https://raw.githubusercontent.com/platform9/support-locker/master/pmk/aws-policy.json
Copy

Create Policy based on aws-policy.json

We need to create a new policy so that we can attach it to the group. Create the policy and save the output to policy-info.json so that the ARN can be referenced for additional commands.

Create Policy
    
 
aws iam create-policy --policy-name Platform9 --policy-document file://aws-policy.json >> policy-info.json
Copy

View details about the policy (optional)

Get Policy
    
 
aws iam get-policy --policy-arn $ARN
Copy

Attach Policy to the Group

Attach Policy
    
 
aws iam attach-group-policy --group-name Platform9 --policy-arn $ARN
Copy

View policies attached to the group (optional)

View Policies attached to Group
    
 
aws iam list-attached-group-policies --group-name Platform9
Copy

Create EC2 Key Pair

The region we are using in this guide is us-west-2. If a different region is required, replace the region name used for the --region flag.

Create EC2 Key Pair
    
 
aws ec2 create-key-pair --key-name Platform9 --region us-west-2
Copy

Route53 Setup

Add Domain / Hosted Zone

A Route53 hosted zone is needed to configure the AWS Cloud Provider. Replace $HOSTEDZONE with the hosted zone being used for this deployment. A hosted zone is usually a domain name or FQDN.

Create Hosted Zone
    
 
aws route53 create-hosted-zone --name $HOSTEDZONE --caller-reference Platform9DomainSetup
Copy

Get NS for the domain

First we need to find the id of our hosted zone. Find the recently added hosted zone in the list-hosted-zone output and note the id.

List Hosted Zones
    
 
aws route53 list-hosted-zones
Copy

Next we will run get-hosted-zone on the id which will output the Nameservers for our Route53 hosted zone.

Get Hosted Zone NS
    
 
aws route53 get-hosted-zone --id
Copy

Modify the Nameservers for your domain through the registrar. Use an already registered domain.

Register your domain through Route53 (This is an optional step. Do this if you want your PMK cluster API server endpoint to have an FQDN that uses your specific domain. If you do not configure this, the PMK cluster API server end point will be the url corresponding to the ELB auto generated domain name)

https://docs.aws.amazon.com/cli/latest/reference/route53domains/register-domain.html

And now your AWS account is ready to be added as a cloud provider to PMK!

List Hosted Zones
    
 
aws route53 list-hosted-zones
Copy

Delete Hosted Zone
    
 
aws route53 delete-hosted-zone --id $HOSTEDZONEID
Copy

Key Pair Cleanup

Describe the key pair (optional)

Describe Key Pairs
    
 
aws ec2 describe-key-pairs
Copy

Delete the key pair

Delete Key Pair
    
 
aws ec2 delete-key-pair --key-name Platform9
Copy

Policy Cleanup

List Policies
    
 
aws iam list-policies
Copy

Detach Policy
    
 
aws iam detach-group-policy --group-name Platform9 --policy-arn $POLICYARN
Copy

Delete Policy
    
 
aws iam delete-policy --policy-arn POLICY-ARN
Copy

Group Cleanup

Remove User From Group
    
 
aws iam remove-user-from-group --group-name Platform9 --user-name Platform9
Copy

Delete Group
    
 
aws iam delete-group --group-name Platform9
Copy

User Cleanup

List Access Keys for User
    
 
aws iam list-access-keys --user Platform9 (note the AccessKeyId)
Copy

Delete Access Key
    
 
aws iam delete-access-key --access-key-id $ACCESSKEYID --user-name Platform9
Copy

Delete User
    
 
aws iam delete-user --user-name Platform9
Copy

Last updated on

Was this page helpful?