-
Notifications
You must be signed in to change notification settings - Fork 264
Examples
Although existing templates that serves as examples as well can be found on the awless templates repo, following are some walk through examples of one-liners or short ones.
- Provision an instance on launch from a gist
- Attach/Detach security groups from instances
- Create a security group to SSH from your IP only
- Attach/Detach policies, groups and users
- Upload a local file to S3
- Create and SSH to instance with a locally generated keypair
With a create instance
one-liner you can use the userdata
param to fetch either the data from a local file or from a http link:
create instance name=my_machine image=ami-3f1bd150 keypair={keypair.name} subnet={main.subnet} securitygroup={securitygroup} userdata=https://gist.github.com/simcap/360dffae4c6d76ab0e89621dd824a244
Or to provision from a local file:
create instance name=my_machine image=ami-3f1bd150 keypair={keypair.name} subnet={main.subnet} securitygroup={securitygroup} userdata=./launchinstance.sh
(Note that usually you would specify the security group of an instances during instance creation)
Define a AWS security group so that give access on port 22 to all IPs:
sgroup = create securitygroup vpc={instance.vpc} description=ssh-access name=ssh-from-internet
update securitygroup id=$sgroup inbound=authorize protocol=tcp cidr=0.0.0.0/0 portrange=22
Add this security group to an instance:
attach securitygroup id=@ssh-from-internet instance=@my-instance
Detach it:
detach securitygroup id=@ssh-from-internet instance=@my-instance
By running two one-liners form the command line, the security group created will give access only to your IP on port 22. Note awless
will prompt you and help you with autocomplete on your VPC id and the new security group ID
$ awless create securitygroup description=ssh-from-my-ip-only name=ssh-from-my-ip
$ awless update securitygroup inbound=authorize protocol=tcp cidr=$(awless whoami --ip-only)/32 portrange=22
Define a AWS policy for a user:
awless attach policy user=jsmith service=ec2 access=full
or any policy via full its full arn
awless attach policy user=jsmith arn=arn:aws:iam::aws:policy/AmazonEC2FullAccess
You can remove the association by reverting the previous action:
awless revert {execution_id}
or explicitly
awless detach policy user=jsmith arn=arn:aws:iam::aws:policy/AmazonEC2FullAccess
or detach with
awless detach policy user=jsmith service=ec2 access=full
As well as a user you can define a policy for a group:
awless attach policy group=admins arn=arn:aws:iam::aws:policy/AmazonEC2FullAccess
Add a user to a group via:
awless attach user name=jsmith group=admins
Revert the action with awless revert
or explicitly with:
awless detach user name=jsmith group=admins
Create a s3 object from a given local file with:
awless create s3object bucket=my-existing-bucket file=./todolist.txt
If you want to upload it with a different name than its local filename:
awless create s3object bucket=my-existing-bucket name=todo.txt file=./todolist.txt
List your newly uploaded file:
awless ls s3objects --filter bucket=my-existing-bucket
To create the new instance we want to SSH in, we are going to use this existing awless
template.
Let's run this remote template from default repository (repo:
) with awless run
:
awless run repo:instance_ssh
You will be prompted to fill in:
- your new instance name
- id/name of an existing subnet in which your instance should be provisioned (Note that the subnet must be public (
awless update subnet public=true
) in order to be able to access to the new instance from the Internet.) - the id or name of an existing VPC in which will be created the security group allowing to open TCP port 22 (for SSH). It must contain the subnet which will contain the instance.
- the name of your locally generated RSA SSH key
For instance, here is a prompt example. Note that we use here aliases (i.e. name of resources prefixed with '@')
Please specify (Ctrl+C to quit, Tab for completion):
instance.name ? my-new-instance-name
instance.subnet ? @my-existing-subnet
instance.vpc ? @my-existing-vpc
keypair.name ? my-new-keyname
On validation, a new SSH key is generated locally on your computer, and stored in ~/.awless/keys/my-new-keyname.pem
.
Wait at least one minute for your instance to boot, and connect to the instance using the useful awless ssh
(i.e. which resolves the IP address, the keyname and the default AWS SSH user):
awless ssh my-new-instance-name