There are several AWS resource agents available to Pacemaker. Nearly all of these rely on the AWS CLI utility being installed on the Pacemaker nodes. This article quickly demonstrates how to configure the AWS CLI with an IAM user for this purpose.
Firstly you will need to login to the AWS web console and create an IAM user.
- From the landing page select "IAM service".
- Select "Users" from the lefthand navigation pane.
- Click on "Add User".
- Select a username. This will be the login name.
- Do not select "Provide user access to the AWS Management Console"
- Select "Attach policies directly" then find and select the "AmazonEC2FullAccess" policy.
- Proceed to the review and create step. Add tags if required and finally then create the user.
Once the user is then created you will be returned to the IAM user page. From here you need to select the user and create and create an access key pair.
- Click on the User's name to open the details and configuration for that user.
- Click on the "Security credentials" tab.
- Locate and select the "Create access key" button.
- Select the use case (Command Line Interface).
- Here you will be shown some safer more secure alternatives. We will just click next to proceed.
- Add an optional tag for the user if desired. Then click "Create access key".
- You will now be presented with the keypair and an option to download a .csv file. Download this file in a secure location.
- This is the only time you can access the secret key. You cannot retrieve it again after this point.
Now on the cluster nodes where you have already installed the AWS CLI, call the 'aws configure' command. This will prompt you for the access key ID, the Secret Access Key, a default region, and a default output format.
Once complete with the configuration you can test that the AWS CLI works by running 'aws ec2 describe-instances'. This should output json describing the running instances in the default region.
- Written by DJV - 03/10/23
- Reviewed by MDK - 03/10/23