Creating an EC2 Instance with an IAM Role is easy when you do it via the AWS Console but doing this with CloudFormation is not as direct. You will need an Instance Profile to connect an EC2 with an IAM Role.
TL;DR: See the CloudFormation Template below.
Continue reading EC2 with IAM Role: CloudFormation Sample TemplateThe ChefDK is a package that includes everything you need to start using Chef. You will need this if you want to develop using chef.
Since I always use Amazon Web Services (AWS) EC2, I tend to choose Amazon Linux 2 even for projects using Chef.
Below is a step-by-step tutorial on how to install ChefDK in an EC2 instance running Amazon Linux 2.
SSH to your Amazon Linux 2 EC2 Instance and run the command below.
curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -c current -P chefdkThis will install the latest version of ChefDK.
For production systems we should specify the specific version of ChefDK or else this will install the version. To do this we need to add the -v option in the end of the command.
Below is an example where we install ChefDK version 4.7.73.
curl https://omnitruck.chef.io/install.sh | sudo bash -s -- -c current -P chefdk -v 4.7.73Next is to check if chef was installed properly. Go to the Verification section of this post.
Go to https://downloads.chef.io/chefdk.
You may select your desired version for ChefDK. Default is the latest stable version.
Copy the URL for the latest version of Red Hat Enterprise Linux.
Continue reading How to install ChefDK in Amazon Linux 2Grafana is an open source software to create visualization of time-series data. This can graph AWS CloudWatch Metrics too.
As a security best practice when using Grafana on an EC2 Instance it is recommended to use an IAM Role. Using a credentials file may expose access to your AWS Account if ever other people gain access to your Grafana Server.
Follow the step-by-step instructions below on how to attach an IAM Role to your Grafana EC2 Instance and set Grafana to access CloudWatch.
Create an IAM policy with the below permission in JSON. Name this GrafanaAccessPolicy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowReadingMetricsFromCloudWatch",
"Effect": "Allow",
"Action": [
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData"
],
"Resource": "*"
},
{
"Sid": "AllowReadingTagsInstancesRegionsFromEC2",
"Effect": "Allow",
"Action": ["ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeRegions"],
"Resource": "*"
},
{
"Sid": "AllowReadingResourcesForTags",
"Effect": "Allow",
"Action": "tag:GetResources",
"Resource": "*"
}
]
}Then create an IAM Role with the following properties.
| Trusted Entity Type | EC2 |
| Policies | GrafanaAccessPolicy |
| Role name | GrafanaAccessRole |
Grafana is an open source software that specializes in creating graphs and visualizations for users to easily understand the time-series data.
On this step-by-step guide, we will be launching an EC2 Instance with Amazon Linux 2 as the operating system, then install and run Grafana.
Launch an EC2 Instance using the Amazon Linux 2 AMI.
For reference here are the settings of my EC2 Instance.
| AMI | Amazon Linux 2 |
| Instance Type | t2.micro (free tier) or t3a.nano (cheapest) |
| Storage | 8GB General Purpose SSD (gp2) |
| Tags | Key: Name Value: Grafana-Server |
| Security Group | See below (EC2 Security Group Setup) |
Note: This post is about installing Grafana on Amazon Linux 2. Launching an EC2 Instance will not be discussed here.
For the EC2 Instance Security Group I opened SSH (22) and default Grafana port (3000) to the internet (0.0.0.0/0).
I have an existing key pair that was generated via AWS Console. Since I do not want to create another set of Key Pair for the other regions, I would like to use the same Key Pair. Is it possible to copy the Key Pair to another Region? How can I do this?
Dany
Hi Dany, the short answer to your question is yes, it is possible to copy your existing AWS generated Key Pair to another region and even copy this to another AWS account.
Generating the Key Pairs via AWS Console is easy, it gives you the Private Key and you can launch EC2 instances and associate it with your instance by adjusting the settings during EC2 Instance Launch. Then you can SSH to your EC2 Instance via the Private Key.
The issue here is the Public Key. AWS does not provide the Public Key during creation or any time after that.
Do not worry, we can still get the Public Key. It is not easy as clicking on the console then selecting copy to other region, but it is still doable.
See the steps below.
For this tutorial, I have created an AWS Key Pair in N. Virginia Region (us-east-1) – radishlogic_key.
The goal is to copy the Key Pair to Oregon Region (us-west-2).
Here are screenshots of my Key Pair.
Launch a temporary Linux EC2 Instance in where the Key Pair is located (us-east-1). Any Linux Image will do.
Continue reading Copying a Key Pair Generated by AWS to Another Region (with Screenshots)If you are studying Kubernetes and having a hard time running Minikube on an EC2 Instance, you are not alone. I had a hard time doing it when it was my first time.
Below are the steps (and some comments) that I took to help me run Minikube on my EC2 Instance.
| AMI | Ubuntu Server 18.04 LTS (HVM), SSD Volume Type |
| Instance Type | t3.micro (2 vCPU, 1GB Memory) |
| Storage | 8 GB (gp2) |
| Tags | – Key: Name – Value: Minikube |
| Security Group | Name: Minikube Security Group – SSH, 0.0.0.0/0Later we will be editing this. |
| Key Pair | Create your own keypair. You will need this to SSH to your EC2 Instance |
Update: I changed the Instance Type from t2.micro (1 vCPU) to t3.micro (2 vCPU). An update to Minikube required a minimum of 2 vCPUs. The error when running with t2.micro was Requested cpu count 1 is less than the minimum allowed of 2.
t3.micro is no longer in the Free Tier, make sure to stop or terminate the instance after you are done testing to avoid a huge AWS bill.
Thank you to everyone in the comments section who pointed this change.
ssh ubuntu@<ipv4_public_ip> -i <keypair>.pem
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
sudo apt-get update && \
sudo apt-get install docker.io -y
Minikube requires Docker. Continue reading Running Minikube in AWS EC2 (Ubuntu)
When I create Windows Instances in AWS EC2, I usually forget to add a drive or two. With this step-by-step tutorial, I will walk you through how to create a new Volume for EC2 Instances, then make Windows use the new Volume without a reboot.
I launched a EC2 Windows 2016 Server with only 1 Block Device (/dev/sda1), which is also my Root Device.
Note the Availability Zone where your instance is located, you will need this later. Mine is in us-east-1a.
Looking inside Windows it only has 1 volume.
Now we need to attach a new Volume for our Windows Server.
Go to AWS EC2 Console, on the left sidebar click on <strong>Volumes</strong>.
Problem: You are running a critical Windows Server on AWS EC2 and the C: drive is almost full (storage volume) but it should zero downtime (No Restart, No Stop then Start). Is this possible on AWS EC2?
Yes, it is possible.
Check the instructions below.
| AMI | Microsoft Windows Server 2016 Base |
| Instance Type | t2.micro |
| Storage | 30 GiB – General Purpose SSD (gp2) |
We are increasing the Storage size from 30 GiB to the target size of 50 GiB.
You can set any size that you want as long as it is bigger than the current size.
To resize the volume of the Windows Drive on AWS you can follow the steps below. Continue reading Resizing Storage Volume for AWS EC2 Windows without Restarts/Downtime
