From a8c89ccb9e7f355ccb36a1a492d3d5b696c9db7d Mon Sep 17 00:00:00 2001 From: Anooptej Thotapalli Date: Mon, 10 Aug 2020 17:47:12 +0530 Subject: [PATCH 1/8] Updating the AWS EC2 Adding detailed and correct steps to Configure AWS EC2 with Spinnaker --- setup/install/providers/aws/aws-ec2.md | 29 +++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/setup/install/providers/aws/aws-ec2.md b/setup/install/providers/aws/aws-ec2.md index 43b3f78b8f..eefcd5eb1d 100644 --- a/setup/install/providers/aws/aws-ec2.md +++ b/setup/install/providers/aws/aws-ec2.md @@ -25,10 +25,12 @@ Use this option to deploy Spinnaker, if you are familar with deployment using [A 1. Navigate to [Console](https://console.aws.amazon.com/){:target="\_blank"} > CloudFormation and [select](https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/getting-started.html#select-region) your preferred region. 2. Download [the template](https://d3079gxvs8ayeg.cloudfront.net/templates/managing.yaml) locally to your workstation. - 2.a (Optional). Add additional managed account as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded template file. + 2.a Search for ‘SpinnakerInstanceProfileArn’ and comment out the line. + + 2.b (Optional). Add additional managed account as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded template file. 3. Creating the CloudFormation Stack * __Create Stack__ > __Upload a template to Amazon S3__ > __Browse to template you downloaded in Step-2 above__ > __Next__ - * Enter __Stack Name__ as spinnaker-**managing**-infrastructure-setup and follow the prompts on screen to create the stack + * Enter __Stack Name__ as spinnaker-**managing**-infrastructure-setup and follow the prompts on screen to create the stack, from the dropdown select **‘UseAccessKeyForAuthentication’** as True to get the Access and Secret Key. 4. Once the stack is select the stack you created in Step-3 > Outputs and note the values. You will need these values for subsequent configurations. @@ -93,6 +95,25 @@ Option number 1 is useful for creation of user with AWS Access Key and secret. T 2. Using AWS IAM Roles Option 2 uses the IAM roles *ManagingRole* and *ManagedRoles*. This setting is applied on some environments that have extra security considerations. +### Spinaker AssumeRole Policy +1. Incase, if you miss to add append the Line 158, then Manually create a Policy by Navigating to Console > IAM > Policies +2. Click on Create New Policy, click on JSON and add the below code +3. Name the policy as “Spinnaker AssumeRole Policy” + +```JSON +{ + "Version": "2012-10-17", + "Statement": [{ + "Action": "sts:AssumeRole", + "Resource": [ + "arn:aws:iam:::role/spinnakerManaged", + "arn:aws:iam:::role/spinnakerManaged" + ], + "Effect": "Allow" + }] +} +``` + ## Halyard Configurations After the AWS IAM user, roles, policies and trust relationship have been set up, the next step is to add the AWS configurations to Spinnaker via Halyard CLI: @@ -106,7 +127,9 @@ After the AWS IAM user, roles, policies and trust relationship have been set up, ```bash hal config provider aws edit --access-key-id ${ACCESS_KEY_ID} \ - --secret-access-key # do not supply the key here, you will be prompted + --secret-access-key # do not supply the key here, you will be prompted +hal config provider aws bakery edit --aws-access-key ${ACCESS_KEY_ID} \ + --aws-secret-key # do not supply the key here, you will be prompted ``` ### Configure Halyard to add AWS Accounts From 98921b0cc8ad988002f753153e6c0e4e02f8b3f0 Mon Sep 17 00:00:00 2001 From: Anooptej Thotapalli Date: Thu, 13 Aug 2020 12:51:40 +0530 Subject: [PATCH 2/8] Update setup/install/providers/aws/aws-ec2.md Co-authored-by: Dave Dorbin --- setup/install/providers/aws/aws-ec2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/install/providers/aws/aws-ec2.md b/setup/install/providers/aws/aws-ec2.md index eefcd5eb1d..b1a765cc7a 100644 --- a/setup/install/providers/aws/aws-ec2.md +++ b/setup/install/providers/aws/aws-ec2.md @@ -97,7 +97,7 @@ Option 2 uses the IAM roles *ManagingRole* and *ManagedRoles*. This setting is a ### Spinaker AssumeRole Policy 1. Incase, if you miss to add append the Line 158, then Manually create a Policy by Navigating to Console > IAM > Policies -2. Click on Create New Policy, click on JSON and add the below code +2. Click on **Create New Policy**, then click on **JSON** and add the code shown below. 3. Name the policy as “Spinnaker AssumeRole Policy” ```JSON From 67c169867294ec2ce978de9e31e2681101c4f80b Mon Sep 17 00:00:00 2001 From: Anooptej Thotapalli Date: Thu, 13 Aug 2020 12:52:06 +0530 Subject: [PATCH 3/8] Update setup/install/providers/aws/aws-ec2.md Co-authored-by: Dave Dorbin --- setup/install/providers/aws/aws-ec2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/install/providers/aws/aws-ec2.md b/setup/install/providers/aws/aws-ec2.md index b1a765cc7a..5a06b7a57e 100644 --- a/setup/install/providers/aws/aws-ec2.md +++ b/setup/install/providers/aws/aws-ec2.md @@ -98,7 +98,7 @@ Option 2 uses the IAM roles *ManagingRole* and *ManagedRoles*. This setting is a ### Spinaker AssumeRole Policy 1. Incase, if you miss to add append the Line 158, then Manually create a Policy by Navigating to Console > IAM > Policies 2. Click on **Create New Policy**, then click on **JSON** and add the code shown below. -3. Name the policy as “Spinnaker AssumeRole Policy” +3. Name the policy “Spinnaker AssumeRole Policy” ```JSON { From e0137de6328b8fed0c2e8e9569f8e1069ee42cc5 Mon Sep 17 00:00:00 2001 From: Anooptej Thotapalli Date: Thu, 13 Aug 2020 12:53:13 +0530 Subject: [PATCH 4/8] Update setup/install/providers/aws/aws-ec2.md Co-authored-by: Dave Dorbin --- setup/install/providers/aws/aws-ec2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/install/providers/aws/aws-ec2.md b/setup/install/providers/aws/aws-ec2.md index 5a06b7a57e..65194abcdb 100644 --- a/setup/install/providers/aws/aws-ec2.md +++ b/setup/install/providers/aws/aws-ec2.md @@ -96,7 +96,7 @@ Option number 1 is useful for creation of user with AWS Access Key and secret. T Option 2 uses the IAM roles *ManagingRole* and *ManagedRoles*. This setting is applied on some environments that have extra security considerations. ### Spinaker AssumeRole Policy -1. Incase, if you miss to add append the Line 158, then Manually create a Policy by Navigating to Console > IAM > Policies +1. Incase, if you miss to add append the Line 158, then Manually create a Policy by Navigating to **Console > IAM > Policies**. 2. Click on **Create New Policy**, then click on **JSON** and add the code shown below. 3. Name the policy “Spinnaker AssumeRole Policy” From 7e75609f28115e0523caaeed1fb85767ef8581ac Mon Sep 17 00:00:00 2001 From: Anooptej Thotapalli Date: Thu, 13 Aug 2020 12:54:24 +0530 Subject: [PATCH 5/8] Update setup/install/providers/aws/aws-ec2.md Co-authored-by: Dave Dorbin --- setup/install/providers/aws/aws-ec2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/install/providers/aws/aws-ec2.md b/setup/install/providers/aws/aws-ec2.md index 65194abcdb..d640aad7ce 100644 --- a/setup/install/providers/aws/aws-ec2.md +++ b/setup/install/providers/aws/aws-ec2.md @@ -28,7 +28,7 @@ Use this option to deploy Spinnaker, if you are familar with deployment using [A 2.a Search for ‘SpinnakerInstanceProfileArn’ and comment out the line. 2.b (Optional). Add additional managed account as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded template file. -3. Creating the CloudFormation Stack +3. Create the CloudFormation Stack: * __Create Stack__ > __Upload a template to Amazon S3__ > __Browse to template you downloaded in Step-2 above__ > __Next__ * Enter __Stack Name__ as spinnaker-**managing**-infrastructure-setup and follow the prompts on screen to create the stack, from the dropdown select **‘UseAccessKeyForAuthentication’** as True to get the Access and Secret Key. 4. Once the stack is select the stack you created in Step-3 > Outputs and note the values. You will need these values for subsequent configurations. From ff1bf77491529c2f6b39a45308866c10c7232a87 Mon Sep 17 00:00:00 2001 From: Anooptej Thotapalli Date: Thu, 13 Aug 2020 12:54:57 +0530 Subject: [PATCH 6/8] Update setup/install/providers/aws/aws-ec2.md Co-authored-by: Dave Dorbin --- setup/install/providers/aws/aws-ec2.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/install/providers/aws/aws-ec2.md b/setup/install/providers/aws/aws-ec2.md index d640aad7ce..b68254e941 100644 --- a/setup/install/providers/aws/aws-ec2.md +++ b/setup/install/providers/aws/aws-ec2.md @@ -30,7 +30,8 @@ Use this option to deploy Spinnaker, if you are familar with deployment using [A 2.b (Optional). Add additional managed account as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded template file. 3. Create the CloudFormation Stack: * __Create Stack__ > __Upload a template to Amazon S3__ > __Browse to template you downloaded in Step-2 above__ > __Next__ - * Enter __Stack Name__ as spinnaker-**managing**-infrastructure-setup and follow the prompts on screen to create the stack, from the dropdown select **‘UseAccessKeyForAuthentication’** as True to get the Access and Secret Key. + * Enter __Stack Name__ as spinnaker-**managing**-infrastructure-setup and follow the prompts on screen to create the stack. + * From the dropdown select **‘UseAccessKeyForAuthentication’** as True to get the Access and Secret Key. 4. Once the stack is select the stack you created in Step-3 > Outputs and note the values. You will need these values for subsequent configurations. From 0709ae48d863627abd703939b3af2d97b1c588b6 Mon Sep 17 00:00:00 2001 From: Dave Dorbin Date: Thu, 13 Aug 2020 11:28:56 -0400 Subject: [PATCH 7/8] Update setup/install/providers/aws/aws-ec2.md --- setup/install/providers/aws/aws-ec2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/install/providers/aws/aws-ec2.md b/setup/install/providers/aws/aws-ec2.md index b68254e941..cbe3118d12 100644 --- a/setup/install/providers/aws/aws-ec2.md +++ b/setup/install/providers/aws/aws-ec2.md @@ -99,7 +99,7 @@ Option 2 uses the IAM roles *ManagingRole* and *ManagedRoles*. This setting is a ### Spinaker AssumeRole Policy 1. Incase, if you miss to add append the Line 158, then Manually create a Policy by Navigating to **Console > IAM > Policies**. 2. Click on **Create New Policy**, then click on **JSON** and add the code shown below. -3. Name the policy “Spinnaker AssumeRole Policy” +3. Name the policy “Spinnaker AssumeRole Policy”. ```JSON { From ca006ee718e4397d331f3a3c1e945a9e35f1bfa3 Mon Sep 17 00:00:00 2001 From: Anooptej Thotapalli Date: Thu, 13 Aug 2020 22:16:21 +0530 Subject: [PATCH 8/8] Update setup/install/providers/aws/aws-ec2.md Co-authored-by: Dave Dorbin --- setup/install/providers/aws/aws-ec2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/install/providers/aws/aws-ec2.md b/setup/install/providers/aws/aws-ec2.md index cbe3118d12..fdffda2d2e 100644 --- a/setup/install/providers/aws/aws-ec2.md +++ b/setup/install/providers/aws/aws-ec2.md @@ -27,7 +27,7 @@ Use this option to deploy Spinnaker, if you are familar with deployment using [A 2.a Search for ‘SpinnakerInstanceProfileArn’ and comment out the line. - 2.b (Optional). Add additional managed account as shown on line 158 in the SpinnakerAssumeRolePolicy section of the downloaded template file. + 2.b (Optional). Add additional managed account as shown in the `SpinnakerAssumeRolePolicy` section of the downloaded template file. 3. Create the CloudFormation Stack: * __Create Stack__ > __Upload a template to Amazon S3__ > __Browse to template you downloaded in Step-2 above__ > __Next__ * Enter __Stack Name__ as spinnaker-**managing**-infrastructure-setup and follow the prompts on screen to create the stack.