To set up the environment(s):
With the Console:
- Create a temporary GitHub OAUTH token (we'll revoke it after setup)
- Log in as each team using their hash
- Set up a Secret in Secrets Manager:
- Click the
Store a new secret
button - Pick
Other types of secrets
- Click the
Plaintext
Tab and clear the contents so it is empty - Paste the OAUTH token into the now empty box then click the
Next
button - Name the secret
github-token
and clickNext
- Click
Next
and thenStore
- Click the
- Deploy the
EnvironmentStack.template.json
template in Oregon (us-west-2). This will:- Deploy a VPC
- Deploy a Cloud9 that will automatically download our repo on first start
- Deploy an EKS into that VPC using eksctl via CodePipeline/CodeBuild using an IAM role that is accessible both by CodeBuild and EC2
- Assign that same IAM Role to the Cloud9 instance
- Open the Cloud9 IDE, click the gear in the upper right, and flip off
AWS Managed Temporary Credentials
underAWS Settings
- Run
cd con317-reinvent19/
- Run
./setup_cloud9.sh
This will:- Install all the required tools
- Do an
aws eks update-kubeconfig
- Close all the window and open one big empty Terminal window so it is ready for the Attendee to connect
- Once you have finished all the setups for the day delete the OAUTH token from GitHub
On the commandline:
- aws secretsmanager create-secret --name github-token --secret-string
- aws cloudformation create-stack --stack-name Environment --template-body file://EnvironmentStack.template.json --capabilities CAPABILITY_IAM
TODO: Put this all in a public S3 bucket an reconfigure CodePipeline to use that instead so we don't need the OAUTH token
TODO: Work out how to get this to work across three AZs - I couldn't get CDK to let me do more than two without having to specify heaps of VPC parameters.