Juju already has knowledge of the AWS cloud, which means adding your AWS account to Juju is quick and easy.
You can see more specific information on Juju's AWS support (e.g. the supported regions) by running:
juju show-cloud aws
If at any point you believe Juju's information is out of date (e.g. AWS just announced support for a new region), you can update Juju's public cloud data by running:
Amazon recommends the use of IAM (Identity and Access Management) to control access to AWS services and resources. IAM enables you to create users and groups with specific access rights and permissions, much like users and groups within a Unix-like environment. This is in contrast to the AWS-wide access that comes with using root-level secret keys.
To create both a user and a group for use with Juju, click on your name from the AWS Management Console at http://console.aws.amazon.com and select "My Security Credentials" from the drop-down menu.
Unless already disabled, a warning will appear, notifying you that any generated account credentials will provide unlimited access to your AWS resources.
Click on "Get Started with IAM Users" and click "Add user" to initiate user creation.
Enter a name for your user and set
Programmatic access as the AWS access type
before clicking "Next: Permissions" to continue.
On the next page you can create a group which, by default, will contain your
new user. Give the group a name and enable
AdministratorAccess, or adequate
access that corresponds to your requirements and security policies.
Click the "Create group" button and you'll see an overview of both the new user and the group details. Click "Create user" to accept these details.
The next page will declare user creation a success and include both the
Access key ID and the
Secret access key for your new user, as well as the
option to download these details as an CSV.
The Cloud credentials page offers a full treatment of credential management.
In order to access AWS, you will need to add credentials to Juju. This can be done in one of three ways.
Armed with the gathered information, you can add credentials with the command:
juju add-credential aws
The command will interactively prompt you for the information needed for the chosen cloud.
Alternately, you can use these credentials with Juju as a Service where you can deploy charms using a web GUI.
A YAML-formatted file, say
mycreds.yaml, can be used to store credential
information for any cloud. This information is then added to Juju by pointing
add-credential command to the file:
juju add-credential aws -f mycreds.yaml
See section Adding credentials from a file on the Credentials page for guidance on what such a file looks like.
With AWS you have the option of adding credentials using the following environment variables that may already be present (and set) on your client system:
Add this credential information to Juju in this way:
For any found credentials you will be asked which ones to use and what name to store them under.
On Linux systems, files
$HOME/.aws/config may be
used to define these variables and are parsed by the above command as part of
the scanning process.
For background information on this method read section Adding credentials from environment variables.
You are now ready to create a Juju controller for cloud 'aws':
juju bootstrap aws aws-controller
Above, the name given to the new controller is 'aws-controller'. AWS will provision an instance to run the controller on.
For a detailed explanation and examples of the
bootstrap command see the
Creating a controller page.
Features supported by Juju-owned instances running within AWS:
Consistent naming, tagging, and the ability to add user-controlled tags to created instances. See Instance naming and tagging for more information.
Juju's default AWS instance type is m3.medium. A different type can be selected via a constraint:
juju add-machine --constraints 'instance-type=t2.medium'. For more information see Constraints. You can also view the list of Amazon EC2 instance types.
A controller can be placed in a specific virtual private cloud (VPC). See Passing a cloud-specific setting for instructions.
A controller is created with two models - the 'controller' model, which should be reserved for Juju's internal operations, and a model named 'default', which can be used for deploying user workloads.
See these pages for ideas on what to do next: