Configuring AWS CLI For Use in Pacemaker Nodes

There are several AWS resource agents available to Pacemaker. Nearly all of these rely on the AWS CLI utility being installed on the Pacemaker nodes. This article quickly demonstrates how to configure the AWS CLI with an IAM user for this purpose.

Firstly you will need to login to the AWS web console and create an IAM user.

From the landing page select IAM service.
Select Users from the left navigation pane.
Click on Add User.
Select a username. This will be the login name.
- Do not select Provide user access to the AWS Management Console
Select Attach policies directly then find and select the AmazonEC2FullAccess policy.
Proceed to the review and create step. Add tags if required and finally then create the user.

Once the user is then created you will be returned to the IAM user page. From here you need to select the user and create and create an access key pair.

Click on the User’s name to open the details and configuration for that user.
Click on the Security credentials tab.
Locate and select the Create access key button.
Select the use case (Command Line Interface).
- Here you will be shown some safer more secure alternatives. We will just click next to proceed.
Add an optional tag for the user if desired. Then click Create access key.
You will now be presented with the key pair and an option to download a .csv file. Download this file to a secure location.
- This is the only time you can access the secret key. You cannot retrieve it again after this point.

Now on the cluster nodes where you have already installed the AWS CLI, enter the ‘aws configure’ command. This will prompt you for the access key ID, the Secret Access Key, a default region, and a default output format.

After completing the configuration, you can test that the AWS CLI works by running aws ec2 describe-instances. This should show JSON output that describes the running instances in the default region.

Written by DJV - 03/10/23 Reviewed by MDK - 03/10/23