aws cli and salt

Install

Create your Access Keys by clicking on your user name in the web console and selecting Security Credentials

Install the command line tool and then configure:

pip install awscli
aws configure

Enter your access key and secret key:

AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: eu-west-1
Default output format [None]: table

I chose eu-west-1 and table for the output format.

The following two commands will get the command line tool running:

aws ec2 describe-regions
aws ec2 describe-availability-zones

Security Group

Find your external IP address:

curl ifconfig.me

From Using Security Groups

Create a security group:

aws ec2 create-security-group \
    --group-name MySecurityGroup \
    --description "My Security Group"
aws ec2 authorize-security-group-ingress \
    --group-name MySecurityGroup \
    --cidr 198.51.100.100/32 \
    --protocol tcp \
    --port 22
aws ec2 authorize-security-group-ingress \
    --group-name MySecurityGroup \
    --protocol tcp \
    --cidr 0.0.0.0/0 \
    --port 80
aws ec2 authorize-security-group-ingress \
    --group-name MySecurityGroup \
    --protocol tcp \
    --cidr 0.0.0.0/0 \
    --port 443

Note

Replace the IP address (198.51.100.100) above with your own!

If you want to allow ssh access from anywhere, replace the second rule with the following:

aws ec2 authorize-security-group-ingress \
    --group-name MySecurityGroup \
    --cidr 0.0.0.0/0 \
    --protocol tcp \
    --port 22

Tip

authorize-security-group-ingress can be repeated as required.

Tip

To remove a rule, use revoke-security-group-ingress with the same parameters as authorize-security-group-ingress.

To view the details for the security group:

aws ec2 describe-security-groups --group-names MySecurityGroup

To delete a security group:

aws ec2 delete-security-group --group-name MySecurityGroup

Salt Master

To allow inbound connections to a Salt master…

Create the security group:

aws ec2 create-security-group \
    --group-name SaltMaster \
    --description "Salt Master"
aws ec2 authorize-security-group-ingress \
    --group-name SaltMaster \
    --protocol tcp \
    --cidr 0.0.0.0/0 \
    --port 4505
aws ec2 authorize-security-group-ingress \
    --group-name SaltMaster \
    --protocol tcp \
    --cidr 0.0.0.0/0 \
    --port 4506

Assign the group to the Salt Master:

Find the InstanceId, current group id and the new group id:

# find the instance id (in this example, the name is 'master-ec2')
# filter by the 'Name' tag.
aws ec2 describe-instances --filter Name=tag:Name,Values=master-ec2

# find the id of the new group
aws ec2 describe-security-groups --group-names SaltMaster

Assign the old group id and the new group id to the instance:

ec2-modify-instance-attribute i-6b9cf329 --group-id sg-fd35ea98
aws ec2 modify-instance-attribute --instance-id i-6b9cf329 --groups sg-fd35ea98 sg-85d41fe0

assyrian technical blog