May 30


How to provision a new AWS Virtual Private Cloud (VPC) instance using Foreman

Digital Craftsmen recently released our AWS Automator tool, which lets you  build a Multi-Availability Zone, Virtual Private Cloud on Amazon Web Services in less than 30 minutes, using Foreman, Puppet, Graylog and a VPN Server.

 AWS Automator uses CloudFormation to provision AWS services, key management instances and automates the installation of a configuration management system like Foreman. As a result AWS Automator delivers fully working environments to companies on demand.

Once created, environments can be controlled via a Foreman web interface; both the configuration and provisioning of instances.

The Foreman web interface enables users to effectively manage the environment and access to it. All instances in the environment can be remotely controlled from the Foreman web interface and are configured to send logs to Graylog (a centralised log visualisation system) to assist developers working with the system and provide them with real-time feedback.

In this technical guide, we look at how to provision a new AWS Virtual Private Cloud (VPC) using Foreman.


Step 1: Create a New Host on AWS

New Hosts are AWS instances provisioned on your AWS account. You can choose from 3 different Linux distributions during this process, which all come with recent and critical system updates (CentOS 7, Debian 8 and Ubuntu 14.04 LTS).

The AWS VPC is split into public and private subnets in 3 Availability Zones.  Instances in the public subnets must have a public IP or EIP in order to communicate with the internet. Instances in the private subnets communicate with the internet via the inbuilt NAT gateway.

All instances have private IP addresses within the VPC CIDR.

Some default AWS Security Groups are made available to you, they all allow internal SSH within the VPC CIDR.  If you need to update or add new Security Groups; make them available to your users by adding them into the EC2 section of your AWS account.


1.1 From the Hosts -> New Host section you can start to provision a new instance.



1.2 Enter a name for the Host, select default as the HostGroup and deploy it on your awsEC2 compute resource.



1.3 On the Puppet Classes tab dcl_dev_default will be included by default, you can add more puppet modules to the system here or later if required (by editing the host).



1.4 There are no need for changes on the interfaces tab, AWS controls instance IP via DHCP and routing via cloud-init



1.5 Select the Architecture (only x86_64 available by default), your Operating System, the Image to use and then enter a password for your devadmin user; which will be created by the provisioning template. Finally press resolve to ensure the right user_data template is selected.



Step 2: Setting up the VPC instance


2.1 On the Virtual Machine tab, you will need to select your instance type (referred to as flavour here). The subnet for your instance and at least one Security Group.  You should also choose whether to assign a Public or Private IP address.


Foreman is not aware of the differences between AWS Public and Private subnets, Instances deployed to Public Subnets must have a Public IP address for internet connectivity.  By default the subnets are laid out as below:




Step 3: Check your details and start the build


3.1 Press Submit and the system will start to provision your new instance.



3.2 Once the instance has launched you will be presented with the Host overview page. When the build is complete the ‘Cancel build’ will change to ‘Build’.  You should also start reviewing reports on this screen from any Puppet runs on the instance.



That’s it, your new host has been provisioned with the following features:

  • devadmin user for SSH access
  • Local DNS Entry in the VPC (alongside all other instances provisioned by Foreman)
  • Puppet Installed
  • Syslog Configured to send logs to Graylog
  • Remote Execution Keys added so you can control the instance via the Foreman Gui
  • Public or Private IP Address
  • Permanent Hostname on AWS


You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Keep up to date with the latest developments in server security