Unable to get started | Security Groups | AWS OpsWorks

mukherjee_mk · April 24, 2017, 7:57am

Hi team,

I am trying to get up and working with the AWS OpsWorks offering, but am unable to get off the ground. I hope someone is able to help me with this. Of course, the ideal way would be to use Terraform or CloudFormation to get this up, but to start with, I am using the manual way to create it.

The steps I did were -

Created a VPC in the Oregon region.
Ensured it has a public subnet associated to it.
Started the AWS OpsWorks creation (wizard?), got through the first 2 screens which asks to select the Automate Server Name, AWS region and the instance type and the SSH key. However, when I reach the third screen where I would need to select the VPC, subnet and security groups, I get erratic results.
On the first attempt, the VPC and Subnet information showed up fine. I selected the option to create a 'Generate a new one' in 'Security Groups'. But the Service role and Instance profile fields didn't get populated. When I went back and tried again, the VPC and Subnet fields didn't get populated (which worked fine in the earlier attempt).

I still need to check with the AWS admin at my organisation to see if the issue is related to permissions. I do see an error on the home page -

You don't have permissions to view the Chef Automate servers on this account

but it still allows me to proceed with the wizard.

What am I be missing?

mukherjee_mk · April 24, 2017, 10:00am

Answering it myself. this was related to permissions - which allowed me to move on to the next step.

However, at the last step when I attempt to 'launch' after the review screen, I get a message - 'unexpected error'. I am sure its related to permissions as well.

Question is - what are the exact set of roles required to get this working? The roles corresponding to me are -

        "Effect": "Allow",
        "Action": [
            "opsworks:*",
            "ec2:DescribeAvailabilityZones",
            "ec2:DescribeKeyPairs",
            "ec2:DescribeSecurityGroups",
            "ec2:DescribeAccountAttributes",
            "ec2:DescribeAvailabilityZones",
            "ec2:DescribeSecurityGroups",
            "ec2:DescribeSubnets",
            "ec2:DescribeVpcs",
            "elasticloadbalancing:DescribeInstanceHealth",
            "elasticloadbalancing:DescribeLoadBalancers",
            "iam:GetRolePolicy",
            "iam:ListInstanceProfiles",
            "iam:ListRoles",
            "iam:ListUsers",
            "iam:PassRole"

        "Effect": "Allow",
        "Action": [
            "opsworks-cm:*"
        ],
        "Effect": "Allow",
        "Action": [
            "iam:CreateRole",
            "iam:AttachRolePolicy"
        ],

kallistec · April 24, 2017, 10:05pm

Doesn’t look like he full set of required permissions are documented. Your best bet is probably to reach out to AWS support to get the full list.

Topic		Replies	Views
Opsworks/ec2 issues Chef Infra (archive)	1	285	August 1, 2013
Chef Automate AWS (Help to Add a runner) Chef Automate	0	555	December 21, 2017
AWS OpsWorks for Chef Automate - Questions? Chef Infra (archive)	1	596	January 12, 2017
Error uploading cookbook on AWS OpsWorks for Chef Automate Chef Infra (archive)	4	1411	December 20, 2016
Create Chef Automate server in AWS couldn't allocate user defined VPC Chef Automate	2	687	July 17, 2017

Unable to get started | Security Groups | AWS OpsWorks

Related topics