README.md in kitchen-ec2-1.3.2 vs README.md in kitchen-ec2-1.4.0
- old
+ new
@@ -28,11 +28,11 @@
Once
that is done, create your kitchen file in your cookbook directory (or an empty
directory if you just want to get a feel for it):
-1. `kitchen init -D ec2`
+1. `kitchen init -D kitchen-ec2`
2. Edit `.kitchen.yml` and add the aws_ssh_key_id to driver and a transport with
an ssh_key:
```yaml
transport:
@@ -63,11 +63,12 @@
working with!
```yaml
platforms:
- name: centos-7
- image_id: ami-96a818fe
+ driver:
+ image_id: ami-96a818fe
```
image_id's have a format like ami-748e2903. The image_id values appear next to the image names when you select 'Launch Instance' from the AWS EC2 console. You can also see the list from the AWS CLI ````aws ec2 describe-images````.
#### `image_search`
@@ -121,10 +122,12 @@
platforms:
# The latest stable minor+patch release of rhel 6
- name: rhel-6
# The latest patch release of CentOS 6.3
- name: centos-6.3
+ # The latest patch release of Amazon Linux 2017.03
+ - name: amazon-2017.03
# 32-bit version of latest major+minor+patch release of Ubuntu
- name: ubuntu-i386
# 32-bit version of Debian 6
- name: debian-6-i386
# Latest 32-bit stable minor release of freebsd 10
@@ -242,25 +245,25 @@
the letter designation - will attach this to the region used.
If not specified, your instances will be placed in an AZ of AWS's choice in your
region.
-### <a name="config-instance_type"></a> `instance_type`
+#### <a name="config-instance_type"></a> `instance_type`
The EC2 [instance type][instance_docs] (also known as size) to use.
The default is `t2.micro` or `t1.micro`, depending on whether the image is `hvm`
or `paravirtual`. (`paravirtual` images are incompatible with `t2.micro`.)
-### `security_group_ids`
+#### `security_group_ids`
An Array of EC2 [security groups][group_docs] which will be applied to the
instance.
The default is `["default"]`.
-### `security_group_filter`
+#### `security_group_filter`
The EC2 [security group][group_docs] which will be applied to the instance,
specified by tag. Only one group can be specified this way.
The default is unset, or `nil`.
@@ -270,24 +273,24 @@
security_group_filter:
tag: 'Name'
value: 'example-group-name'
```
-### `region`
+#### `region`
**Required** The AWS [region][region_docs] to use.
If the environment variable `AWS_REGION` is populated that will be used.
Otherwise the default is `"us-east-1"`.
-### `subnet_id`
+#### `subnet_id`
The EC2 [subnet][subnet_docs] to use.
The default is unset, or `nil`.
-### `subnet_filter`
+#### `subnet_filter`
The EC2 [subnet][subnet_docs] to use, specified by tag.
The default is unset, or `nil`.
@@ -296,17 +299,17 @@
subnet_filter:
tag: 'Name'
value: 'example-subnet-name'
```
-### `tags`
+#### `tags`
The Hash of EC tag name/value pairs which will be applied to the instance.
The default is `{ "created-by" => "test-kitchen" }`.
-### `user_data`
+#### `user_data`
The user_data script or the path to a script to feed the instance.
Use bash to install dependencies or download artifacts before chef runs.
This is just for some cases. If you can do the stuff with chef, then do it with
chef!
@@ -315,45 +318,76 @@
On Windows instances we specify a default that enables winrm and
adds a non-administrator user specified in the `username` transport
options to the Administrator's User Group.
-### `iam_profile_name`
+#### `iam_profile_name`
-The EC2 IAM profile name to use.
+The EC2 IAM profile name to use. The default is `nil`.
-The default is `nil`.
+Note: The user, whose AWS credentials you have defined, not only needs `AmazonEC2FullAccess` permissions, but also the ability to execute `iam:PassRole`.
+Hence, use a policy like below when using this option:
+```json
+{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:*"
+ ],
+ "Resource": "*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": "iam:PassRole",
+ "Resource": "arn:aws:iam::123456789:role/RoleName"
+ }
+ ]
+}
+```
-### `spot_price`
+See [AWS documentation](https://aws.amazon.com/de/blogs/security/granting-permission-to-launch-ec2-instances-with-iam-roles-passrole-permission/) for more details.
+
+#### `spot_price`
+
The price you bid in order to submit a spot request. An additional step will be required during the spot request process submission. If no price is set, it will use an on-demand instance.
The default is `nil`.
-### `instance_initiated_shutdown_behavior`
+#### `instance_initiated_shutdown_behavior`
Control whether an instance should `stop` or `terminate` when shutdown is initiated from the instance using an operating system command for system shutdown.
The default is `nil`.
-### block_duration_minutes
+#### `block_duration_minutes`
The [specified duration](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html#fixed-duration-spot-instances) for a spot instance, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360).
If no duration is set, the spot instance will remain active until it is terminated.
The default is `nil`.
-### `http_proxy`
+#### `http_proxy`
Specify a proxy to send AWS requests through. Should be of the format `http://<host>:<port>`.
The default is `ENV["HTTPS_PROXY"] || ENV["HTTP_PROXY"]`. If you have these environment variables set and do not want to use a proxy when contacting aws set `http_proxy: nil`.
**Note** - The AWS command line utility allow you to specify [two proxies](http://docs.aws.amazon.com/cli/latest/userguide/cli-http-proxy.html), one for HTTP and one for HTTPS. The AWS Ruby SDK only allows you to specify 1 proxy and because all requests are `https://` this proxy needs to support HTTPS.
-### `ssl_verify_peer`
+#### `ssl_verify_peer`
If you need to turn off ssl certificate verification for HTTP calls made to AWS, set `ssl_verify_peer: false`.
+
+#### `vpc_mode`
+
+Can be used to place ec2 instance into vpc. Requires `vpc_id` and `subnet_id` to be set.
+
+#### `vpc_id`
+
+Needs `vpc_mode` to be set to true. Represents the ID of the vpc in which the instance should be placed.
### Disk Configuration
#### <a name="config-block_device_mappings"></a> `block_device_mappings`