Using Amazon AWS with Juju

Juju already has knowledge of the AWS cloud, which means adding your AWS account to Juju is quick and easy.

You can see more specific information on Juju's AWS support (e.g. the supported regions) by running:

juju show-cloud aws

If at any point you believe Juju's information is out of date (e.g. AWS just announced support for a new region), you can update Juju's public cloud data by running:

juju update-clouds

Adding credentials

In order to access AWS, you will need to add some credentials for Juju to use. These can easily be set by either:

1. Using environment variables

If you already use your AWS account with other tools, you may find that the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are already set. Note that the the additional fallback environment variables AWS_ACCESS_KEY and AWS_SECRET_KEY are also supported.

These can easily be imported into Juju. Run the command:

juju autoload-credentials

This will scan known locations and environment variables for cloud credentials and ask which ones to use/what name to store them under.

2. Manually adding credentials

Amazon recommends the use of IAM (Identity and Access Management) to control access to AWS services and resources. IAM enables you to create users and groups with specific access rights and permissions, much like users and groups within a Unix-like environment. This is in contrast to the AWS-wide access that comes with using root-level secret keys.

To create both a user and a group for use with Juju, click on your name from the AWS Management Console at and select "My Security Credentials" from the drop-down menu.

Amazon accounts page with Security Creds

Unless already disabled, a warning will appear, notifying you that any generated account credentials will provide unlimited access to your AWS resources.

Click on "Get Started with IAM Users" and click "Add user" to initiate user creation.

Amazon IAM set user details

Enter a name for your user and set Programmatic access as the AWS access type before clicking "Next: Permissions" to continue.

On the next page you can create a group which, by default, will contain your new user. Give the group a name and enable AdministratorAccess, or adequate access that corresponds to your requirements and security policies.

Amazon IAM group creation

Click the "Create group" button and you'll see an overview of both the new user and the group details. Click "Create user" to accept these details.

The next page will declare user creation a success and include both the Access key ID and the Secret access key for your new user, as well as the option to download these details as an CSV.

Amazon Access Credentials page showing key values

Armed with these values, you can then use the interactive command line tool to add them to Juju:

juju add-credential aws

Alternately, you can also use this credential with Juju as a Service and create and deploy your model using its GUI.

3. Creating and using a YAML file

Place the AWS information in a ~/.aws/credentials file, or %USERPROFILE%/.aws/credentials on Windows. The file will contain YAML formatted information.

See Cloud credentials for more about adding credentials from a YAML file.

Creating a controller

You are now ready to create a Juju controller for cloud 'aws':

juju bootstrap aws aws-controller

Above, the name given to the new controller is 'aws-controller'. AWS will provision an instance to run the controller on.

For a detailed explanation and examples of the bootstrap command see the Creating a controller page.

AWS specific features

Features supported by Juju-owned instances running within AWS:

  • Consistent naming, tagging, and the ability to add user-controlled tags to created instances. See Instance naming and tagging for more information.

  • Juju's default AWS instance type is m3.medium. A different type can be selected via a constraint: juju add-machine --constraints 'instance-type=t2.medium'. For more information see Constraints. You can also view the list of Amazon EC2 instance types.

  • A controller can be placed in a specific virtual private cloud (VPC). See Passing a cloud-specific setting for instructions.

Next steps

A controller is created with two models - the 'controller' model, which should be reserved for Juju's internal operations, and a model named 'default', which can be used for deploying user workloads.

See these pages for ideas on what to do next:

© 2018 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.