Summary

Hakuna Cloud can automatize the provisioning and the disposal of EC2 instances.

Flavour: awsec2

Requirements

Any EC2 instance that match the following requirements can be managed by Hakuna Cloud

Requirement Description
EBS Storage Only EBS root volumes are supported

Supported triggers

Trigger Supported Description
HTTP/HTTPS ModProxy Switch on the instance if an HTTP/S request is received
Metrics Switch off the instance if the CPU is low
Schedule Switch on or off the instance following a predefined schedule
SSH Enable SSH connection (eg: git)

Supported stop status

An instance can be disposed as described in the table below.

Status Description Billing status
stopped The EC2 instance state is stopped AWS will bill only for EBS disk usage, not for EC2 instance.
terminated The EC2 instance is going to be terminated EBS and instance are not billed by aws. Customer pay an EBS snapshot stored on S3

Configuration

Required IAM User

Hakuna Cloud requires an IAM user to call AWS API on user behalf, in order to start and stop EC2 instances. In order to correctly configure an aws/ec2 provider, please create an IAM user configured with:

  • Programmatic access enabled: create an access key ID and a secret access key and use these credentials in the Cloud Provider configuration
  • AWS Management Console access disabled
  • Add to the IAM User the following IAM Policy:
Version: '2012-10-17'
Statement:
- Sid: HakunaCloudPolicy
  Effect: Allow
  Action:
      - ec2:AuthorizeSecurityGroupIngress
      - ec2:DeregisterImage
      - ec2:DescribeInstances
      - ec2:DescribeAddresses
      - ec2:DeleteTags
      - ec2:DescribeInstanceAttribute
      - ec2:CreateKeyPair
      - ec2:CreateImage
      - ec2:DescribePlacementGroups
      - ec2:GetLaunchTemplateData
      - ec2:DescribeVolumeStatus
      - ec2:DescribeNetworkInterfaces
      - ec2:StartInstances
      - ec2:DescribeAvailabilityZones
      - ec2:CreateSecurityGroup
      - ec2:DescribeVolumes
      - ec2:DescribeKeyPairs
      - ec2:DescribeInstanceStatus
      - ec2:AuthorizeSecurityGroupEgress
      - ec2:TerminateInstances
      - ec2:DescribeLaunchTemplates
      - ec2:DescribeTags
      - ec2:CreateTags
      - ec2:RegisterImage
      - ec2:RunInstances
      - ec2:StopInstances
      - ec2:DescribeVolumeAttribute
      - ec2:DescribeInstanceCreditSpecifications
      - ec2:DescribeImages
      - ec2:DeleteSecurityGroup
      - ec2:DescribeSubnets
  Resource: "*"

Create a Provider

The following table show how the AWS Security Credentials are represented in Hakuna Cloud.

Configuration key Value Example
name :string Choose a name for this credentials set
identity :string The AWS Access Key ID
credential :string The AWS Secret Access Key

Provider Creation with the hakuna CLI

A Cloud Provider in the hakuna CLI is called simply provider. In order to create and configure a provider of type AWS/EC2 follow the below instructions:

  • Open a terminal and type hakuna provider create;
  • Use arrow keys to select awsec2 between the supported Cloud Providers;
  • Type a name that identifies the new provider;
  • Copy the Access Key Id of the Access Key from the IAM AWS Console;
  • Copy the Access Secret Key of the Access Key from the IAM AWS Console;
  • Type the AWS Region in which the provider is going to be used (ex: us-east-1);
  • The CLI validate the credentials provided and, if the validation succeeds, save the credentials;
  • Verify the provider is correctly created typing hakuna provider list and look for the name provided before during the process.