AWS EC2 Launch Templates Setup
Setup and Rollout Guidelines for AWS EC2 Launch Templates
Please note that you should only proceed with this if you have AWS EC2 configured as a cloud provider. These features require 1.24 (although some features were launched in previous releases leading up to 1.24).
AWS uses launch templates to specify instance configuration information. Launch templates are the successor of launch configurations. This means that any new instance configuration feature from AWS will only be supported by launch templates.
Spinnaker still supports launch configurations for backwards compatibility, but recommends enabling launch templates to access any new features that AWS adds.
Setup Steps
This section summarizes the steps required to set up launch templates if you are new to using AWS in Spinnaker or if you have already been using AWS as one of your cloud providers.
New to AWS
If you are new to Spinnaker or even just new to AWS in Spinnaker, we recommend immediately enabling launch template support for all applications.
Update your Clouddriver configuration file, usually
clouddriver.yml
, to enable launch templates for all applications.aws.features.launch-templates.enabled: true
aws.features.launch-templates.all-applications.enabled: true
Read through the available launch template supported features to determine which features make sense for your users.
Update AWS settings in Deck to enable launch templates and the features you identified. Ensure that
enableLaunchTemplates
istrue
.providers: {
aws: {
serverGroups: {
enableLaunchTemplates: true,
enableIPv6: true,
enableIMDSv2: true,
enableCpuCredits: true,
}
}
}
Current AWS User
If you already use AWS as a cloud provider in Spinnaker, we recommend migrating to launch templates. Since there may be pre-existing dependencies on launch configurations, we have created some rollout configurations you can utilize for testing and/or migration.
Update
clouddriver.yml
. This step can be repeated as needed throughout your rollout. This is an example config where launch templates is rolled out to two applications in production and all of the test account. It also excludes one application completely:aws.features.launch-templates.enabled: true
aws.features.launch-templates.allowed-applications: "myapp:prod:us-east-1,anotherapp:prod:us-east-1"
aws.features.launch-templates.allowed-accounts: "test"
aws.features.launch-templates.excluded-applications: "dangerousapp"
Review the rollout configurations and determine which of these you can temporarily utilize for your rollout. If you do not need to rollout, stop here and follow the new AWS users steps instead.
Read through the available launch template supported features to determine which features make sense for your users.
Update AWS settings in Deck to enable launch templates and the features you identified. Ensure that
enableLaunchTemplates
istrue
.// enable launch templates for AWS
window.spinnakerSettings.providers.aws.serverGroups.enableLaunchTemplates = true;
window.spinnakerSettings.providers.aws.serverGroups.enableIPv6 = true;
window.spinnakerSettings.providers.aws.serverGroups.enableIMDSv2 = true;
window.spinnakerSettings.providers.aws.serverGroups.enableCpuCredits = true;
``
When you are ready for a complete rollout, enable launch templates for all applications and clean up rollout config in
clouddriver.yml
.aws.features.launch-templates.enabled: true
aws.features.launch-templates.all-applications.enabled: true
Rollout Configuration
If you already use AWS, then your applications may have some dependencies on launch configurations that prevent simple feature enabling. The configuration options below were created to aid with testing or a rollout period. Feel free to use whatever combination is best for you. If you would prefer to skip a rollout, use the configuration in New to AWS .
Config | Type | Description | Example |
---|---|---|---|
allowed-applications | String | A comma-separated list of one or more allowed applications scoped by account-region pairs (“app:account:region”). This helps with preliminary controlled testing on a handful of applications. | “testapp:prod:us-east-1” |
allowed-accounts-regions | String | A comma-separated list of allowed account-region pairs. This is good for incrementally rolling out to regions within accounts. | “test:us-east-1” |
allowed-accounts | String | A comma-separated list of allowed accounts. This is good for incrementally rolling out launch templates from test to production accounts. | “test” |
excluded-accounts | String | A comma-separated list of accounts to exclude from rollout. | “prod” |
excluded-applications | String | A comma-separated list of applications to exclude from rollout. This helps prevent any edge cases from delaying a wide rollout.. | “myapp1,myapp2” |
all-applications.enabled | Boolean | Allows launch templates on any application, except for those that have been excluded. This will override any of the allowed lists, and widely rollout launch templates. | true |
Feature Configuration
Learn more about the feature set along with sample API requests here .
Last modified July 7, 2021: docs(aws): Fixing formatting, minor changes (#110) (bd0359b)