Any type of a Cloud Provider in Hakuna Cloud is called simply provider. Essentially an AWS/EC2 provider is a container for an AWS Security Credentials.

Credentials

To configure an AWS/EC2 Cloud Provider in Hakuna Cloud, an access key is needed. It’s possible to generate one through the AWS Console in the IAM Section.

The following table show how the AWS Security Credentials are represented in Hakuna Cloud.

Configuration key Value Example
name :string Choose a name for this credentials set
accessKeyId :string The AWS Access Key ID
secretAccessKey :string The AWS Secret Access Key

AWS Policy

The user, for whom the access key has been generated, needs some specific permissions.

The following is an example of an AWS Policy (the first in YAML and the second one in JSON) with all permissions required by Hakuna Cloud to work correctly. You can copy and paste it in a cloudFormation stack or directly in the policy JSON in the IAM AWS Console.

Version: '2012-10-17'
Statement:
- Sid: VisualEditor0
  Effect: Allow
  Action:
  - ec2:AuthorizeSecurityGroupIngress
  - ec2:DeregisterImage
  - ec2:DescribeInstances
  - ec2:DescribeAddresses
  - ec2:DeleteTags
  - ec2:DescribeInstanceAttribute
  - ec2:CreateKeyPair
  - ec2:CreateImage
  - ec2:DescribePlacementGroups
  - ec2:GetLaunchTemplateData
  - ec2:DescribeVolumeStatus
  - ec2:DescribeNetworkInterfaces
  - ec2:StartInstances
  - ec2:DescribeAvailabilityZones
  - ec2:CreateSecurityGroup
  - ec2:DescribeVolumes
  - ec2:DescribeKeyPairs
  - ec2:DescribeInstanceStatus
  - ec2:AuthorizeSecurityGroupEgress
  - ec2:TerminateInstances
  - ec2:DescribeLaunchTemplates
  - ec2:DescribeTags
  - ec2:CreateTags
  - ec2:RegisterImage
  - ec2:RunInstances
  - ec2:StopInstances
  - ec2:DescribeVolumeAttribute
  - ec2:DescribeInstanceCreditSpecifications
  - ec2:DescribeImages
  - ec2:DeleteSecurityGroup
  - ec2:DescribeSubnets
  Resource: "*"
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "HakunaCloudPolicy",
			"Effect": "Allow",
			"Action": [
                            "ec2:AuthorizeSecurityGroupIngress",
                            "ec2:DeregisterImage",
                            "ec2:DescribeInstances",
                            "ec2:DescribeAddresses",
                            "ec2:DeleteTags",
                            "ec2:DescribeInstanceAttribute",
                            "ec2:CreateKeyPair",
                            "ec2:CreateImage",
                            "ec2:DescribePlacementGroups",
                            "ec2:GetLaunchTemplateData",
                            "ec2:DescribeVolumeStatus",
                            "ec2:DescribeNetworkInterfaces",
                            "ec2:StartInstances",
                            "ec2:DescribeAvailabilityZones",
                            "ec2:CreateSecurityGroup",
                            "ec2:DescribeVolumes",
                            "ec2:DescribeKeyPairs",
                            "ec2:DescribeInstanceStatus",
                            "ec2:AuthorizeSecurityGroupEgress",
                            "ec2:TerminateInstances",
                            "ec2:DescribeLaunchTemplates",
                            "ec2:DescribeTags",
                            "ec2:CreateTags",
                            "ec2:RegisterImage",
                            "ec2:RunInstances",
                            "ec2:StopInstances",
                            "ec2:DescribeVolumeAttribute",
                            "ec2:DescribeInstanceCreditSpecifications",
                            "ec2:DescribeImages",
                            "ec2:DeleteSecurityGroup",
                            "ec2:DescribeSubnets"
			],
			"Resource": "*"
		}
	]
}

Provider Creation with hakuna

A Cloud Provider in the hakuna CLI is called simply provider. In order to create and configure a provider of type AWS/EC2 follow the below instructions:

  • Open a terminal and type hakuna provider create;
  • Use arrow keys to select awsec2 between the supported Cloud Providers;
  • Type a name that identifies the new provider;
  • Copy the Access Key Id of the Access Key from the IAM AWS Console;
  • Copy the Access Secret Key of the Access Key from the IAM AWS Console;
  • Type the AWS Region in which the provider is going to be used (ex: us-east-1);
  • The CLI validate the credentials provided and, if the validation succeeds, save the credentials;
  • Verify the provider is correctly created typing hakuna provider list and look for the name provided before during the process.

If the credentials validation fails verify that the inserted AWS Security Credentials are corrected and that the Policy, associated with the user credentials, contains at least the permissions listed above at the AWS Policy paragraph.

At the moment it is not possible to use a single provider for different AWS Regions.