General discussion about Chef

[chef] Re: Re: kitchen-ec2 0.9.0 / iam_profile_name Something missing?


Chronological Thread 
  • From: Yoshi Spendiff < >
  • To: chef < >
  • Subject: [chef] Re: Re: kitchen-ec2 0.9.0 / iam_profile_name Something missing?
  • Date: Wed, 20 May 2015 15:38:33 -0700
I'm getting the same with a with an iam role/instance profile with the same name. Both of the following commands return correct values

aws iam get-role --role-name webServer
aws iam get-instance-profile --instance-profile-name webServer

In my .kitchen.yml I have:

driver:
  iam_profile_name: webServer

The iam role was created via the AWS console so the name definitely matches with the instance profile.


On Wed, May 20, 2015 at 11:50 AM, Noah Kantrowitz < " target="_blank"> > wrote:
Instance profiles are not the same as IAM roles. While normally there is a one-to-one mapping, I don't see any code in kitchen to automatically create instance profiles for you the way that some other tools do. Create the insp yourself and it should work.

--Noah

On May 20, 2015, at 11:16 AM, Luis Cosmes < "> > wrote:

> Hi,
>
> Testing the new iam_profile_name, which I understand can be used to set the role when creating a new instance via kitchen-ec2  I updated the corresponding .kitchen.yml file, but the instance does not get any role assigned.  Folowing is the config I used and the results from the created instance.  I am thinking maybe I missed something obvious that I can't see?
>
> Luis
>
> * .kitchen.yml config *
>
> Luis-Cosmes-MacBook-Pro:ffdc-common lcosmes$ head .kitchen.yml
> ---
> driver:
>   name: ec2
>   aws_ssh_key_id: [my_ssh_key_id]
>   region: us-east-1
>   availability_zone: us-east-1b
>   security_group_ids: ["sg-YYYYYY"]
>   subnet_id: "subnet-aaaaaaa"
>   instance_type: t2.small
>   iam_profile_name: master
>
>
>
> * "master" role exists in IAM *
> Luis-Cosmes-MacBook-Pro:ffdc-common lcosmes$ aws iam get-role --role-name master --query 'Role.{RoleName:RoleName,Arn:Arn}'
> {
>     "RoleName": "master",
>     "Arn": "arn:aws:iam::663255216447:role/master"
> }
>
>
>
> * kitchen converge creates the new instance, and doesn't spit any errors *
>
> Luis-Cosmes-MacBook-Pro:ffdc-common lcosmes$ kitchen converge def
> -----> Starting Kitchen (v1.4.0)
> $$$$$$ WARN: The driver[Kitchen::Driver::Ec2] config key `username` is deprecated, please use `transport.username`
> -----> Creating <default-amazon>...
>        Creating <>...
> If you are not using an account that qualifies under the AWS
> free-tier, you may be charged to run these suites. The charge
> should be minimal, but neither Test Kitchen nor its maintainers
> are responsible for your incurred costs.
>
>        Instance <i-b517ad65> requested.
>        EC2 instance <i-b517ad65> created.
> ...
>
>
>
> * The created instance, however, does not contain a role *
>
> Luis-Cosmes-MacBook-Pro:ffdc-common lcosmes$ aws ec2 describe-instances --instance-ids i-b517ad65 --query 'Reservations[*].Instances[*].IamInstanceProfile'
> [
>     []
> ]
>
>
> Are you creating an ERP FrankenCloud? Watch 2:11 video
>




--
Yoshi Spendiff
Ops Engineer
Indochino
Mobile: +1 778 952 2025

Archive powered by MHonArc 2.6.16.

§