diff --git a/content/nextflow-on-aws-batch/10_prerequisites/nf_aws_event.md b/content/nextflow-on-aws-batch/10_prerequisites/nf_aws_event.md index 9313d732..9dc299fe 100644 --- a/content/nextflow-on-aws-batch/10_prerequisites/nf_aws_event.md +++ b/content/nextflow-on-aws-batch/10_prerequisites/nf_aws_event.md @@ -8,7 +8,7 @@ weight: 20 {{% notice warning %}} Only complete this section if you are at an AWS hosted event (such as re:Invent, -Kubecon, Immersion Day, or any other event hosted by an AWS employee). If you are running the workshop on your own, go to: [Start the workshop on your own]({{< relref "self_paced.md" >}}). +Kubecon, Immersion Day, or any other event hosted by an AWS employee). If you are running the workshop on your own, go to: [Start the workshop on your own]({{< relref "nf_self_paced.md" >}}). {{% /notice %}} ### Login to the AWS Workshop Portal diff --git a/content/nextflow-on-aws-batch/10_prerequisites/nf_self_paced.md b/content/nextflow-on-aws-batch/10_prerequisites/nf_self_paced.md index 7d2c1aa5..f1fc1baa 100644 --- a/content/nextflow-on-aws-batch/10_prerequisites/nf_self_paced.md +++ b/content/nextflow-on-aws-batch/10_prerequisites/nf_self_paced.md @@ -5,7 +5,7 @@ weight: 10 --- {{% notice warning %}} -Only complete this section if you are running the workshop on your own. If you are at an AWS hosted event (such as re:Invent, Kubecon, Immersion Day, etc), go to [Start the workshop at an AWS event]({{< relref "aws_event.md" >}}). +Only complete this section if you are running the workshop on your own. If you are at an AWS hosted event (such as re:Invent, Kubecon, Immersion Day, etc), go to [Start the workshop at an AWS event]({{< relref "nf_aws_event.md" >}}). {{% /notice %}} ### Prepare for CleanUp diff --git a/content/using_ec2_spot_instances_with_eks/eksctl/create_eks_cluster_eksctl_command.md b/content/using_ec2_spot_instances_with_eks/eksctl/create_eks_cluster_eksctl_command.md new file mode 100644 index 00000000..6842cf3a --- /dev/null +++ b/content/using_ec2_spot_instances_with_eks/eksctl/create_eks_cluster_eksctl_command.md @@ -0,0 +1,13 @@ +--- +title: "Create EKS cluster Command" +chapter: false +disableToc: true +hidden: true +--- + + +``` +eksctl create cluster --version=1.18 --name=eksworkshop-eksctl --node-private-networking --managed --nodes=2 --alb-ingress-access --region=${AWS_REGION} --node-labels="lifecycle=OnDemand,intent=control-apps" --asg-access +``` diff --git a/content/using_ec2_spot_instances_with_eks/eksctl/launcheks.md b/content/using_ec2_spot_instances_with_eks/eksctl/launcheks.md index 1303c51f..3f18c2a5 100644 --- a/content/using_ec2_spot_instances_with_eks/eksctl/launcheks.md +++ b/content/using_ec2_spot_instances_with_eks/eksctl/launcheks.md @@ -14,20 +14,7 @@ weight: 20 {{%expand "Expand here to see the solution" %}} -Use the [GetCallerIdentity](https://docs.aws.amazon.com/cli/latest/reference/sts/get-caller-identity.html) CLI command to validate that the Cloud9 IDE is using the correct IAM role. - -``` -aws sts get-caller-identity - -``` - -{{% notice note %}} -**Select the tab** and and validate the assumed role… -{{% /notice %}} -{{< tabs name="Region" >}} - {{< tab name="...ON YOUR OWN" include="../prerequisites/on_your_own_validaterole.md" />}} - {{< tab name="...AT AN AWS EVENT" include="../prerequisites/at_an_aws_validaterole.md" />}} -{{< /tabs >}} +{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/prerequisites/validate_workspace_role.md" %}} If you do not see the correct role, please go back and **[validate the IAM role]({{< relref "../prerequisites/update_workspaceiam.md" >}})** for troubleshooting. @@ -39,9 +26,7 @@ If you do see the correct role, proceed to next step to create an EKS cluster. The following command will create an eks cluster with the name `eksworkshop-eksctl`. It will also create a nodegroup with 2 on-demand instances. -``` -eksctl create cluster --version=1.18 --name=eksworkshop-eksctl --node-private-networking --managed --nodes=2 --alb-ingress-access --region=${AWS_REGION} --node-labels="lifecycle=OnDemand,intent=control-apps" --asg-access -``` +{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/eksctl/create_eks_cluster_eksctl_command.md" %}} eksctl allows us to pass parameters to initialize the cluster. While initializing the cluster, eksctl does also allow us to create nodegroups. diff --git a/content/using_ec2_spot_instances_with_eks/eksctl/test.md b/content/using_ec2_spot_instances_with_eks/eksctl/test.md index 9b1d3897..9d979992 100644 --- a/content/using_ec2_spot_instances_with_eks/eksctl/test.md +++ b/content/using_ec2_spot_instances_with_eks/eksctl/test.md @@ -33,3 +33,36 @@ You now have a fully working Amazon EKS Cluster that is ready to use! {{% notice tip %}} Explore the Elastic Kubernetes Service (EKS) section in the AWS Console and the properties of the newly created EKS cluster. {{% /notice %}} + +{{% notice warning %}} +You might see **Error loading Namespaces** while exploring the cluster on the AWS Console. It could be because the console user role doesnt have necessary permissions on the EKS cluster's RBAC configuration in the control plane. Please expand and follow the below instructions to add necessary permissions. +{{% /notice %}} + +{{%expand "Click to reveal detailed instructions" %}} + +### Add your IAM role Arn as cluster-admin on RBAC + +Get the ARN for your IAM role, it should look something like + +``` +arn:aws:iam:::role/ +``` + +Edit the ConfigMap **aws-auth** using the below command + +``` +kubectl edit configmap -n kube-system aws-auth +``` + +Add the below snippet at the end, that will add the IAM role to the **masters** group on EKS cluster RBAC, thereby assigning a **cluster-admin** role on the cluster. Please refer the documentation [here](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html) + +Please make sure to replace the `` and `` with your AWS Account Number and IAM Role Name respectively + +``` + - groups: + - system:masters + rolearn: arn:aws:iam:::role/ + username: +``` + +{{% /expand%}} diff --git a/content/using_ec2_spot_instances_with_eks/prerequisites/aws_event.md b/content/using_ec2_spot_instances_with_eks/prerequisites/aws_event.md index e4a2fb24..2a59556f 100644 --- a/content/using_ec2_spot_instances_with_eks/prerequisites/aws_event.md +++ b/content/using_ec2_spot_instances_with_eks/prerequisites/aws_event.md @@ -23,4 +23,66 @@ If you are at an AWS event, an AWS account was created for you to use throughout You are now logged in to the AWS console in an account that was created for you, and will be available only throughout the workshop run time. -Once you have completed the step above, **you can head straight to [Create a Workspace]({{< relref "workspace.md" >}})** +{{% notice info %}} +In the interest of time for shorter events we sometimes deploy the resources required as a prerequisite for you. If you were told so, please review the cloudformation outputs of the stack that was deployed by **expanding the instructions below**. +{{% /notice %}} + +{{%expand "Click to reveal detailed instructions" %}} + +#### What resources are already deployed {#resources_deployed} + +We have deployed the below resources required to get started with the workshop using a CloudFormation Template (**[eks-spot-workshop-quickstarter-cnf.yml] (prerequisites.files/eks-spot-workshop-quickstart-cnf.yml)**), Please reference the below resources created by the stack. + ++ An [AWS Cloud9](https://console.aws.amazon.com/cloud9) workspace with + - An IAM role created and attached to the workspace with Administrator access + - Kubernetes tools installed (kubectl, jq and envsubst) + - awscli upgraded to v2 + - Created and imported a key pair to Amazon EC2 + - [eksctl](https://eksctl.io/) installed, The official CLI for Amazon EKS + ++ An EKS cluster with the name `eksworkshop-eksctl` and a [EKS managed node group](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) with 2 on-demand instances. + +{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/eksctl/create_eks_cluster_eksctl_command.md" %}} + + +#### Use your resources + +In this workshop, you'll need to reference the resources created by the CloudFormation stack that we setup for you. + +1. On the [AWS CloudFormation console](https://console.aws.amazon.com/cloudformation), select the stack name that starts with **mod-** in the list. + +1. In the stack details pane, click the **Outputs** tab. + +![cnf_output](/images/using_ec2_spot_instances_with_eks/prerequisites/cnf_output.png) + +It is recommended that you keep this window open so you can easily refer to the outputs and resources throughout the workshop. + +{{% notice info %}} +you will notice additional Cloudformation stacks were also deployed which is the result of the stack that starts with **mod-**. One to deploy the Cloud9 Workspace and two other to create the EKS cluster and managed nodegroup. +{{% /notice %}} + +#### Launch your Cloud9 workspace + +- Click on the url against `Cloud9IDE` from the outputs + +{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/prerequisites/workspace_at_launch.md" %}} + +{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/prerequisites/update_workspace_settings.md" %}} + +### Validate the IAM role {#validate_iam} + +Use the [GetCallerIdentity](https://docs.aws.amazon.com/cli/latest/reference/sts/get-caller-identity.html) CLI command to validate that the Cloud9 IDE is using the correct IAM role. + +``` +aws sts get-caller-identity + +``` + +{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/prerequisites/at_an_aws_validaterole.md" %}} + +{{% notice note %}} +Since we have already setup the prerequisites, **you can head straight to [Test the Cluster]({{< relref "../eksctl/test.md" >}})** +{{% /notice %}} + +{{% /expand%}} + diff --git a/content/using_ec2_spot_instances_with_eks/prerequisites/prerequisites.files/eks-spot-workshop-quickstart-cnf.yml b/content/using_ec2_spot_instances_with_eks/prerequisites/prerequisites.files/eks-spot-workshop-quickstart-cnf.yml new file mode 100644 index 00000000..a94368a0 --- /dev/null +++ b/content/using_ec2_spot_instances_with_eks/prerequisites/prerequisites.files/eks-spot-workshop-quickstart-cnf.yml @@ -0,0 +1,352 @@ +--- +AWSTemplateFormatVersion: '2010-09-09' +Description: AWS CloudFormation template to create a Cloud9 environment setup with kubectl, eksctl and an EKS cluster with a managed node group. Please allow ~20min for the EKS cluster to be ready. +Metadata: + Author: + Description: Sandeep Palavalasa + License: + Description: 'Copyright 2020 Amazon.com, Inc. and its affiliates. All Rights Reserved. + + Licensed under the Amazon Software License (the "License"). You may not use this file + except in compliance with the License. A copy of the License is located at + + http://aws.amazon.com/asl/ + + or in the "license" file accompanying this file. This file is distributed on an "AS IS" + BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations under the License.' + +Parameters: + C9InstanceType: + Description: Example Cloud9 instance type + Type: String + Default: t3.small + AllowedValues: + - t3.small + - t3.medium + ConstraintDescription: Must be a valid Cloud9 instance type + C9KubectlVersion: + Description: Cloud9 instance kubectl version + Type: String + Default: v1.18.12 + ConstraintDescription: Must be a valid kubectl version + C9KubectlVersionTEST: + Description: Cloud9 instance kubectl version + Type: String + Default: v1.18.12 + ConstraintDescription: Must be a valid kubectl version + C9EKSctlVersion: + Description: Cloud9 instance eksctl version + Type: String + Default: 0.31.0 + ConstraintDescription: Must be a valid eksctl version + EKSClusterVersion: + Description: EKS Cluster Vesion + Type: String + Default: 1.18 + ConstraintDescription: Must be a valid eks version + EKSClusterName: + Description: EKS Cluster Name + Type: String + Default: eksworkshop-eksctl + ConstraintDescription: Must be a valid eks version + #Used only by Event Engine, if you are self-deploying the stack leave the default value to NONE + EETeamRoleArn: + Description: "ARN of the Team Role" + Default: NONE + Type: String + ConstraintDescription: This is ONLY used Event Engine, dont change this if you are self-deploying the stack + +Conditions: + NotEventEngine: !Equals [!Ref EETeamRoleArn, NONE] + +Resources: + +################## PERMISSIONS AND ROLES ################# + C9Role: + Type: AWS::IAM::Role + Condition: NotEventEngine + Properties: + Tags: + - Key: Environment + Value: AWS Example + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: + - ec2.amazonaws.com + - ssm.amazonaws.com + Action: + - sts:AssumeRole + ManagedPolicyArns: + - arn:aws:iam::aws:policy/AdministratorAccess + Path: "/" + C9LambdaExecutionRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Action: + - sts:AssumeRole + Path: "/" + Policies: + - PolicyName: + Fn::Join: + - '' + - - C9LambdaPolicy- + - Ref: AWS::Region + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Resource: arn:aws:logs:*:*:* + - Effect: Allow + Action: + - cloudformation:DescribeStacks + - cloudformation:DescribeStackEvents + - cloudformation:DescribeStackResource + - cloudformation:DescribeStackResources + - ec2:DescribeInstances + - ec2:AssociateIamInstanceProfile + - ec2:ModifyInstanceAttribute + - ec2:ReplaceIamInstanceProfileAssociation + - iam:ListInstanceProfiles + - iam:PassRole + Resource: "*" + +################## LAMBDA BOOTSTRAP FUNCTION ################ + + C9BootstrapInstanceLambda: + Description: Bootstrap Cloud9 instance + Type: Custom::C9BootstrapInstanceLambda + DependsOn: + - C9BootstrapInstanceLambdaFunction + - C9Instance + - C9LambdaExecutionRole + Properties: + Tags: + - Key: Environment + Value: AWS Example + ServiceToken: + Fn::GetAtt: + - C9BootstrapInstanceLambdaFunction + - Arn + REGION: + Ref: AWS::Region + StackName: + Ref: AWS::StackName + EnvironmentId: + Ref: C9Instance + LabIdeInstanceProfileArn: !If [ NotEventEngine, !GetAtt C9InstanceProfile.Arn, !Sub 'arn:aws:iam::${AWS::AccountId}:instance-profile/TeamRoleInstanceProfile' ] + + C9BootstrapInstanceLambdaFunction: + Type: AWS::Lambda::Function + Properties: + Tags: + - Key: Environment + Value: AWS Example + Handler: index.lambda_handler + Role: + Fn::GetAtt: + - C9LambdaExecutionRole + - Arn + Runtime: python3.6 + MemorySize: 256 + Timeout: '600' + Code: + ZipFile: | + from __future__ import print_function + import boto3 + # import loggings + import json + import os + import time + import traceback + import cfnresponse + + # logger = logging.getLogger() + # logger.setLevel(logging.INFO) + + def lambda_handler(event, context): + # logger.info('event: {}'.format(event)) + # logger.info('context: {}'.format(context)) + responseData = {} + + if event['RequestType'] == 'Create': + try: + # Open AWS clients + ec2 = boto3.client('ec2') + + # Get the InstanceId of the Cloud9 IDE + # print(str({'Name': 'tag:aws:cloud9:environment','Values': [event['ResourceProperties']['EnvironmentId']]})) + instance = ec2.describe_instances(Filters=[{'Name': 'tag:aws:cloud9:environment','Values': [event['ResourceProperties']['EnvironmentId']]}])['Reservations'][0]['Instances'][0] + # logger.info('instance: {}'.format(instance)) + + # Create the IamInstanceProfile request object + iam_instance_profile = { + 'Arn': event['ResourceProperties']['LabIdeInstanceProfileArn'] + } + # logger.info('iam_instance_profile: {}'.format(iam_instance_profile)) + + # Wait for Instance to become ready before adding Role + instance_state = instance['State']['Name'] + # logger.info('instance_state: {}'.format(instance_state)) + while instance_state != 'running': + time.sleep(5) + instance_state = ec2.describe_instances(InstanceIds=[instance['InstanceId']]) + # logger.info('instance_state: {}'.format(instance_state)) + + # attach instance profile + response = ec2.associate_iam_instance_profile(IamInstanceProfile=iam_instance_profile, InstanceId=instance['InstanceId']) + # logger.info('response - associate_iam_instance_profile: {}'.format(response)) + r_ec2 = boto3.resource('ec2') + + responseData = {'Success': 'Started bootstrapping for instance: '+instance['InstanceId']} + cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, 'CustomResourcePhysicalID') + + except Exception as e: + # logger.error(e, exc_info=True) + responseData = {'Error': traceback.format_exc(e)} + cfnresponse.send(event, context, cfnresponse.FAILED, responseData, 'CustomResourcePhysicalID') +################## SSM BOOTSRAP HANDLER ############### + C9OutputBucket: + Type: AWS::S3::Bucket + DeletionPolicy: Delete + + C9SSMDocument: + Type: AWS::SSM::Document + Properties: + Tags: + - Key: Environment + Value: AWS Example + Content: Yaml + DocumentType: Command + Content: + schemaVersion: '2.2' + description: Bootstrap Cloud9 Instance + mainSteps: + - action: aws:runShellScript + name: C9bootstrap + inputs: + runCommand: + - "#!/bin/bash" + - date + - . /home/ec2-user/.bashrc + - whoami + - !Sub 'echo "export KUBECTL_VERSION=${C9KubectlVersion}"' + - sudo -H -u ec2-user aws sts get-caller-identity + - echo '=== INSTALL kubectl ===' + - !Sub 'export KUBECTL_VERSION=${C9KubectlVersion}' + - sudo curl --silent --location -o /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl + - sudo chmod +x /usr/local/bin/kubectl + - echo '=== Install JQ and envsubst ===' + - sudo yum -y install jq gettext + - echo '=== Update to the latest AWS CLI ===' + - sudo -H -u ec2-user aws --version + - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + - unzip awscliv2.zip + - sudo ./aws/install + - . /home/ec2-user/.bash_profile + - sudo -H -u ec2-user aws --version + - echo '=== setup AWS configs ===' + - rm -vf /home/ec2-user/.aws/credentials + - export ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account) + - export AWS_REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.region') + - echo "export ACCOUNT_ID=${ACCOUNT_ID}" >> /home/ec2-user/.bash_profile + - echo "export AWS_REGION=${AWS_REGION}" >> /home/ec2-user/.bash_profile + - sudo -H -u ec2-user aws configure set default.region ${AWS_REGION} + - sudo -H -u ec2-user aws configure get default.region + - sudo -H -u ec2-user aws sts get-caller-identity + - echo '=== Generate SSH key and import to aws ===' + - sudo -H -u ec2-user ssh-keygen -f /home/ec2-user/.ssh/id_rsa1 -P '' + - sudo -H -u ec2-user aws ec2 import-key-pair --key-name "eksworkshop" --public-key-material file:///home/ec2-user/.ssh/id_rsa1.pub + - echo '=== Install EKSCTL ===' + - !Sub 'export EKSCTL_VERSION=${C9EKSctlVersion}' + - curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/${EKSCTL_VERSION}/eksctl_Linux_amd64.tar.gz" | tar xz -C /tmp + - sudo mv -v /tmp/eksctl /usr/local/bin + - sudo -H -u ec2-user /usr/local/bin/eksctl version + - echo '=== Create EKS Cluster ===' + - !Sub 'sudo -H -u ec2-user /usr/local/bin/eksctl create cluster --version=${EKSClusterVersion} --name=${EKSClusterName} --node-private-networking --managed --nodes=2 --alb-ingress-access --region=${AWS::Region} --node-labels="lifecycle=OnDemand,intent=control-apps" --asg-access' + - sudo -H -u ec2-user /usr/local/bin/kubectl get nodes + + C9BootstrapAssociation: + Type: AWS::SSM::Association + DependsOn: + - C9OutputBucket + Properties: + Name: !Ref C9SSMDocument + OutputLocation: + S3Location: + OutputS3BucketName: !Ref C9OutputBucket + OutputS3KeyPrefix: bootstrapoutput + Targets: + - Key: tag:SSMBootstrap + Values: + - Active + +################## INSTANCE ##################### + C9InstanceProfile: + Type: AWS::IAM::InstanceProfile + Condition: NotEventEngine + Properties: + Path: "/" + Roles: + - Ref: C9Role + C9Instance: + Description: "-" + DependsOn: C9BootstrapAssociation + Type: AWS::Cloud9::EnvironmentEC2 + Properties: + Description: AWS Cloud9 instance for Examples + AutomaticStopTimeMinutes: 3600 + InstanceType: + Ref: C9InstanceType + Name: + Ref: AWS::StackName + # OwnerArn: !Sub 'arn:aws:sts::${AWS::AccountId}:assumed-role/TeamRole/MasterKey' + OwnerArn: !If [NotEventEngine , !Ref AWS::NoValue , !Sub 'arn:aws:sts::${AWS::AccountId}:assumed-role/TeamRole/MasterKey'] + Tags: + - + Key: SSMBootstrap + Value: Active + - + Key: Environment + Value: + Ref: AWS::StackName + +Outputs: + Cloud9IDE: + Value: + Fn::Join: + - '' + - - https:// + - Ref: AWS::Region + - ".console.aws.amazon.com/cloud9/ide/" + - Ref: C9Instance + - "?region=" + - Ref: AWS::Region + + EKSCluster: + Value: + Fn::Join: + - '' + - - https:// + - Ref: AWS::Region + - ".console.aws.amazon.com/eks/home" + - "?region=" + - Ref: AWS::Region + - "#/clusters/" + - Ref: EKSClusterName + EKSClusterVersion: + Value: !Ref EKSClusterVersion diff --git a/content/using_ec2_spot_instances_with_eks/prerequisites/update_workspace_settings.md b/content/using_ec2_spot_instances_with_eks/prerequisites/update_workspace_settings.md new file mode 100644 index 00000000..1c886b7e --- /dev/null +++ b/content/using_ec2_spot_instances_with_eks/prerequisites/update_workspace_settings.md @@ -0,0 +1,30 @@ +--- +title: "Update Workshop Settings" +chapter: false +disableToc: true +hidden: true +--- + + +{{% notice info %}} +Cloud9 normally manages IAM credentials dynamically. This isn't currently compatible with +the EKS IAM authentication, so we will disable it and rely on the IAM role instead. +{{% /notice %}} + + +- Return to your workspace and click the sprocket, or launch a new tab to open the Preferences tab +- Select **AWS SETTINGS** +- Turn off **AWS managed temporary credentials** +- Close the Preferences tab +![c9disableiam](/images/using_ec2_spot_instances_with_eks/prerequisites/c9disableiam.png) + +To ensure temporary credentials aren't already in place we will also remove +any existing credentials file: +``` +rm -vf ${HOME}/.aws/credentials +``` + + + diff --git a/content/using_ec2_spot_instances_with_eks/prerequisites/update_workspaceiam.md b/content/using_ec2_spot_instances_with_eks/prerequisites/update_workspaceiam.md index 46c4df5f..ac0c0834 100644 --- a/content/using_ec2_spot_instances_with_eks/prerequisites/update_workspaceiam.md +++ b/content/using_ec2_spot_instances_with_eks/prerequisites/update_workspaceiam.md @@ -4,23 +4,7 @@ chapter: false weight: 60 --- -{{% notice info %}} -Cloud9 normally manages IAM credentials dynamically. This isn't currently compatible with -the EKS IAM authentication, so we will disable it and rely on the IAM role instead. -{{% /notice %}} - - -- Return to your workspace and click the sprocket, or launch a new tab to open the Preferences tab -- Select **AWS SETTINGS** -- Turn off **AWS managed temporary credentials** -- Close the Preferences tab -![c9disableiam](/images/using_ec2_spot_instances_with_eks/prerequisites/c9disableiam.png) - -To ensure temporary credentials aren't already in place we will also remove -any existing credentials file: -``` -rm -vf ${HOME}/.aws/credentials -``` +{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/prerequisites/update_workspace_settings.md" %}} We should configure our aws cli with our current region as default: ``` @@ -33,21 +17,5 @@ aws configure set default.region ${AWS_REGION} aws configure get default.region ``` -### Validate the IAM role {#validate_iam} - -Use the [GetCallerIdentity](https://docs.aws.amazon.com/cli/latest/reference/sts/get-caller-identity.html) CLI command to validate that the Cloud9 IDE is using the correct IAM role. - -``` -aws sts get-caller-identity - -``` - -{{% notice note %}} -**Select the tab** and validate the assumed role… -{{% /notice %}} -{{< tabs name="Region" >}} - {{< tab name="...ON YOUR OWN" include="on_your_own_validaterole.md" />}} - {{< tab name="...AT AN AWS EVENT" include="at_an_aws_validaterole.md" />}} -{{< /tabs >}} - +{{% insert-md-from-file file="using_ec2_spot_instances_with_eks/prerequisites/validate_workspace_role.md" %}} diff --git a/content/using_ec2_spot_instances_with_eks/prerequisites/validate_workspace_role.md b/content/using_ec2_spot_instances_with_eks/prerequisites/validate_workspace_role.md new file mode 100644 index 00000000..01b04d65 --- /dev/null +++ b/content/using_ec2_spot_instances_with_eks/prerequisites/validate_workspace_role.md @@ -0,0 +1,29 @@ +--- +title: "Validate Workshpace Role" +chapter: false +disableToc: true +hidden: true +--- + + +### Validate the IAM role {#validate_iam} + +Use the [GetCallerIdentity](https://docs.aws.amazon.com/cli/latest/reference/sts/get-caller-identity.html) CLI command to validate that the Cloud9 IDE is using the correct IAM role. + +``` +aws sts get-caller-identity + +``` + +{{% notice note %}} +**Select the tab** and validate the assumed role… +{{% /notice %}} + +{{< tabs name="Region" >}} + {{< tab name="...ON YOUR OWN" include="on_your_own_validaterole.md" />}} + {{< tab name="...AT AN AWS EVENT" include="at_an_aws_validaterole.md" />}} +{{< /tabs >}} + + diff --git a/content/using_ec2_spot_instances_with_eks/prerequisites/workspace_at_launch.md b/content/using_ec2_spot_instances_with_eks/prerequisites/workspace_at_launch.md new file mode 100644 index 00000000..bc8505d2 --- /dev/null +++ b/content/using_ec2_spot_instances_with_eks/prerequisites/workspace_at_launch.md @@ -0,0 +1,18 @@ +--- +title: "Workspace at Launch" +chapter: false +disableToc: true +hidden: true +--- + +- When it comes up, customize the environment by closing the **welcome tab** +and **lower work area**, and opening a new **terminal** tab in the main work area: +![c9before](/images/using_ec2_spot_instances_with_eks/prerequisites/c9before.png) + +- Your workspace should now look like this: +![c9after](/images/using_ec2_spot_instances_with_eks/prerequisites/c9after.png) + +- If you like this theme, you can choose it yourself by selecting **View / Themes / Solarized / Solarized Dark** +in the Cloud9 workspace menu. diff --git a/layouts/shortcodes/insert-md-from-file.html b/layouts/shortcodes/insert-md-from-file.html new file mode 100644 index 00000000..8fe5f61e --- /dev/null +++ b/layouts/shortcodes/insert-md-from-file.html @@ -0,0 +1,7 @@ +
+ {{ $file := .Get "file" }} + {{ $page := .Site.GetPage $file }} + {{ with $page }} + {{ .Content }} + {{ end }} +
diff --git a/static/images/using_ec2_spot_instances_with_eks/prerequisites/cnf_output.png b/static/images/using_ec2_spot_instances_with_eks/prerequisites/cnf_output.png new file mode 100644 index 00000000..5eda44b3 Binary files /dev/null and b/static/images/using_ec2_spot_instances_with_eks/prerequisites/cnf_output.png differ