Juju already has knowledge of the AWS cloud, so unlike previous versions there is no need to provide a specific configuration for it, it 'just works'. AWS will appear in the list of known clouds when you issue the command:
And you can see more specific information (e.g. the supported regions) by running:
juju show-cloud aws
If at any point you believe Juju's information is out of date (e.g. Amazon just announced support for a new region), you can update Juju's public cloud data by running:
In order to access AWS, you will need to add some credentials for Juju to use. These can easily be set by either:
If you already use your AWS account with other tools, you may find that the
already set. Note that the the additional fallback environment variables
AWS_SECRET_KEY are also supported.
These can easily be imported into Juju. Run the command:
This will scan known locations and environment variables for cloud credentials and ask which ones to use/what name to store them under.
Amazon recommends the use of IAM (Identity and Access Management) to control access to AWS services and resources. IAM enables you to create users and groups with specific access rights and permissions, much like users and groups within a Unix-like environment. This is in contrast to the AWS-wide access that comes with using root-level secret keys.
To create both a user and a group for use with Juju, click on your name from the AWS Management Console at http://console.aws.amazon.com and select "My Security Credentials" from the drop-down menu.
Unless already disabled, a warning will appear, notifying you that any generated account credentials will provide unlimited access to your AWS resources.
Click on "Get Started with IAM Users" and click "Add user" to initiate user creation.
Enter a name for your user and set
Programmatic access as the AWS access type
before clicking "Next: Permissions" to continue.
On the next page you can create a group which, by default, will contain your
new user. Give the group a name and enable
AdministratorAccess, or adequate
access that corresponds to your requirements and security policies.
Click the "Create group" button and you'll see an overview of both the new user and the group details. Click "Create user" to accept these details.
The next page will declare user creation a success and include both the
Access key ID and the
Secret access key for your new user, as well as the
option to download these details as an CSV.
Armed with these values, you can then use the interactive command line tool to add them to Juju:
juju add-credential aws
Alternately, you can also use this credential with Juju as a Service and create and deploy your model using its GUI.
Place the AWS information in a
~/.aws/credentials file, or
%USERPROFILE%/.aws/credentials on Windows. The file will contain YAML
See Cloud credentials for more about adding credentials from a YAML file.
To create the controller for AWS, you then need to run:
juju bootstrap aws mycloud
Features supported by Juju-owned instances running within AWS: