cloud9 - cirelledo-csa/herd GitHub Wiki

cloud9

AWS cloud9 is a cloud based integrated development environment (IDE). IDE's are a matter of personal preference and we are describing here how it can be used to bootstrap a development environment for programmatic access to AWS.

Creating a cloud9 env

  • get into console and create a cloud9 environment
  • choose a name
  • give it a description
  • Choose ubuntu if you want an env that mimics automation environment
  • choose a size (hint if you need to compile a lot and find yourself waiting, t3.medium, otherwise default size is fine)
  • Use default settings mostly unless you know what you're doing.
  • Fire away

Hints: use vim mode in c9 editor More details on cool things to do in c9...

NOTES: the role used to create cloud9 is used to create an instance role that is attached to cloud9 instances. This is what allows the instance to assume the same permissions you have when logged into the AWS console. It also means you have to continue to use the same role to access cloud9 environmentas as you used to create a cloud9 environment with.

Howto assume roles for cross account access

Install latest aws-vault binary for your system, eg for linux

sudo curl -L -o /usr/local/bin/aws-vault https://github.com/99designs/aws-vault/releases/download/v5.4.4/aws-vault-linux-amd64
sudo chmod 755 /usr/local/bin/aws-vault

Add the following to your ~/.bashrc:

echo 'export AWS_VAULT_BACKEND="file"' >> ~/.bashrc
source ~/.bashrc

Add access keys

aws-vault add $user-profile

Then add to ~/.aws/config the profiles you need to assume:

 [profile my-role-profile]
 mfa_serial=arn:aws:iam::111111111111:mfa/user-profile
 parent_profile=user-profile
 role_arn=arn:aws:iam::2222222222222:role/path/my-role
 source_profile=user-profile

Now try assuming a role"

aws-vault exec my-role-profile
aws sts get-caller-identity

Howto embiggen c9 instance

# Get the ID of the envrionment host Amazon EC2 instance.

INSTANCEID=$(curl http://169.254.169.254/latest/meta-data//instance-id)

# Get the ID of the Amazon EBS volume associated with the instance.

VOLUMEID=$(aws ec2 describe-instances --instance-id $INSTANCEID | jq -r .Reservations[0].Instances[0].BlockDeviceMappings[0].Ebs.VolumeId)

# grow volume by how ever much you need, here's an example of changing to 40 GB

aws ec2 modify-volume --volume-id  $VOLUMEID --size 40
aws ec2 describe-volumes --volume-ids $VOLUMEID

# figure out which disk you want to embiggen, here's an example using ubuntu c9 instance

sudo growpart /dev/nvme0n1 1
#ext filesystem
sudo resize2fs /dev/nvme0n1p1
#xfs filesystem
sudo xfs_growfs /

How to simulate codebuild

You can reverse engineer buildspec.yaml if you want to manually run things like "cdk synth", "cdk diff", "cdk deploy", etc. But wouldn't you rather just run codebuild locally to test your infrastructure as code? Here's how:

  • clone code to build local codebuild docker image in ~/environment
mkdir -p ~/github/aws/ /tmp/artifacts
git clone https://github.com/aws/aws-codebuild-docker-images.git ~/github/aws/aws-codebuild-docker-images
  • build local docker image to run codebuild, this will take some time and take ~10GB disk space. see hints down below for how to embiggen a c9 instance for more disk space.
cd ~/github/aws/aws-codebuild-docker-images/ubuntu/standard/4.0/
docker build -t aws/codebuild/standard:4.0 .
  • set region so docker runtime will inherit with -c
export AWS_REGION="us-west-2"
  • run codebuild locally
~/github/aws/aws-codebuild-docker-images/local_builds/codebuild_build.sh -i aws/codebuild/standard:4.0 -a /tmp/artifacts -s ~/your/app/repo/with/buildspec/at/root -c

Boom!