forked from cloudfoundry/docs-bosh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinit-aws.html.md.erb
188 lines (124 loc) · 7.03 KB
/
init-aws.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
---
title: Creating environment on AWS
---
<p class="note">Note: See <a href="init-aws-v1.html">Initializing BOSH environment on AWS</a> for using bosh-init instead of CLI v2. (Not recommended)</p>
This document shows how to set up new [environment](terminology.html#environment) on Amazon Web Services (AWS).
## <a id="prepare-aws"></a>Step 1: Prepare an AWS Account
If you do not have an AWS account, [create one](http://goo.gl/MaAybK).
To configure your AWS account:
* [Obtain AWS credentials](#credentials)
* [Create a Virtual Private Cloud (VPC)](#create-vpc)
* [Create an Elastic IP](#create-eip)
* [Create a Key Pair](#create-key-pair)
* [Create and Configure Security Group](#create-security)
---
### <a id="credentials"></a> Obtain AWS Credentials
Your AWS credentials consist of an Access Key ID and a Secret Access Key. Follow [Creating IAM Users](aws-iam-users.html#create) to create a new IAM user.
---
### <a id="create-vpc"></a> Create a Virtual Private Cloud (VPC)
1. In the upper-right corner of the AWS Console, select a Region.
<%= image_tag("images/deploy-microbosh-to-aws/account-dashboard-region-menu.png") %>
1. On the AWS Console, select **VPC** to get to the VPC Dashboard.
<%= image_tag("images/deploy-microbosh-to-aws/account-dashboard-vpc.png") %>
1. Click **Start VPC Wizard**.
<%= image_tag("images/deploy-microbosh-to-aws/vpc-dashboard-start.png") %>
1. Select **VPC with a Single Public Subnet** and click **Select**.
1. Complete the VPC form with the following information:
* **IP CIDR block**: 10.0.0.0/16
* **VPC name**: bosh
* **Public subnet**: 10.0.0.0/24
* **Availability Zone**: us-east-1a
* **Subnet name**: public
* **Enable DNS hostnames**: Yes
* **Hardware tenancy**: Default
<%= image_tag("images/deploy-microbosh-to-aws/create-vpc.png") %>
1. Click **Create VPC** and click **OK** once VPC is successfully created.
1. Click **Subnets** and locate the "public" subnet in the VPC. Replace `SUBNET-ID` and `AVAILABILITY-ZONE` in your deployment manifest with the "public" subnet **Subnet ID**, **Availability Zone** and **Region** (AZ without the trailing character).
<%= image_tag("images/deploy-microbosh-to-aws/list-subnets.png") %>
---
### <a id="create-eip"></a> Create an Elastic IP
1. On the VPC Dashboard, click **Elastic IPs** and click **Allocate New Address**.
<%= image_tag("images/deploy-microbosh-to-aws/create-elastic-ip.png") %>
1. In the Allocate Address dialog box, click **Yes, Allocate**.
1. Replace `ELASTIC-IP` in your deployment manifest with the allocated Elastic IP Address.
<%= image_tag("images/deploy-microbosh-to-aws/list-elastic-ips.png") %>
---
### <a id="create-key-pair"></a> Create a Key Pair
1. In the AWS Console, select **EC2** to get to the EC2 Dashboard.
1. Click **Key Pairs** and click **Create Key Pair**.
<%= image_tag("images/deploy-microbosh-to-aws/list-key-pairs.png") %>
1. In the Create Key Pair dialog box, enter "bosh" as the Key Pair name and click **Create**.
<%= image_tag("images/deploy-microbosh-to-aws/create-key-pair.png") %>
1. Save private key to `~/Downloads/bosh.pem`.
---
### <a id="create-security"></a> Create and Configure Security Group
1. On the EC2 Dashboard, click **Security Groups** and then click **Create Security Group**.
<%= image_tag("images/deploy-microbosh-to-aws/list-security-groups.png") %>
1. Complete the Create Security Group form with the following information:
* **Security group name**: bosh
* **Description**: BOSH deployed VMs
* **VPC**: Select the "bosh" VPC that you created in [Create a Virtual Private Cloud](#create-vpc).
1. Click **Create**
<%= image_tag("images/deploy-microbosh-to-aws/create-security-group.png") %>
1. Select the created security group with group name "bosh", click the **Inbound** tab and click **Edit**.
<%= image_tag("images/deploy-microbosh-to-aws/open-edit-security-group-modal.png") %>
1. Fill out the Edit inbound rules form and click **Save**.
<p class="note"><strong>Note</strong>: It highly discouraged to run any production environment with <code>0.0.0.0/0</code> source or to make any BOSH management ports publicly accessible.</p>
<table border="1" class="nice">
<tr>
<th>Type</th>
<th>Port Range</th>
<th>Source</th>
<th>Purpose</th>
</tr>
<tr><td>Custom TCP Rule</td><td>22</td><td>(My IP)</td><td>SSH access from CLI</td></tr>
<tr><td>Custom TCP Rule</td><td>6868</td><td>(My IP)</td><td>BOSH Agent access from CLI</td></tr>
<tr><td>Custom TCP Rule</td><td>25555</td><td>(My IP)</td><td>BOSH Director access from CLI</td></tr>
<tr><td>All TCP</td><td>0 - 65535</td><td>ID of this security group</td><td>Management and data access</td></tr>
<tr><td>All UDP</td><td>0 - 65535</td><td>ID of this security group</td><td>Management and data access</td></tr>
</table>
<p class="note"><strong>Note</strong>: To enter your security group as a *Source*, select *Custom IP*, and enter "bosh". Note: The AWS Console should autocomplete the security group ID (e.g. "sg-12ab34cd").</p>
<%= image_tag("images/deploy-microbosh-to-aws/edit-security-group-rules.png") %>
---
## <a id="deploy"></a> Step 2: Deploy
1. Install [CLI v2](./cli-v2.html).
1. Use `bosh create-env` command to deploy the Director.
<pre class='terminal'>
# Create directory to keep state
$ mkdir bosh-1 && cd bosh-1
# Clone Director templates
$ git clone https://github.com/cloudfoundry/bosh-deployment
# Fill below variables (replace example values) and deploy the Director
$ bosh create-env bosh-deployment/bosh.yml \
--state=state.json \
--vars-store=creds.yml \
-o bosh-deployment/aws/cpi.yml \
-v director_name=bosh-1 \
-v internal_cidr=10.0.0.0/24 \
-v internal_gw=10.0.0.1 \
-v internal_ip=10.0.0.6 \
-v access_key_id=AKI... \
-v secret_access_key=wfh28... \
-v region=us-east-1 \
-v az=us-east-1a \
-v default_key_name=bosh \
-v default_security_groups=[bosh] \
--var-file private_key=~/Downloads/bosh.pem \
-v subnet_id=subnet-ait8g34t
</pre>
If running above commands outside of an AWS VPC, refer to [Exposing environment on a public IP](init-external-ip.html) for additional CLI flags.
See [AWS CPI errors](aws-cpi.html#errors) for list of common errors and resolutions.
1. Connect to the Director.
<pre class="terminal">
# Configure local alias
$ bosh alias-env bosh-1 -e 10.0.0.6 --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
# Log in to the Director
$ export BOSH_CLIENT=admin
$ export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`
# Query the Director for more info
$ bosh -e bosh-1 env
</pre>
1. Save the deployment state files left in your deployment directory `bosh-1` so you can later update/delete your Director. See [Deployment state](cli-envs.html#deployment-state) for details.
---
[Back to Table of Contents](index.html#install)
Previous: [Create an environment](init.html)