Trusted repos allow you to share AWS resources across your account. This can come in handy for situations where you need a dedicated, secure, private, and protected resource set. Say, for example, you have a common set of Docker images used by several teams. A dedicated repo would be a great way to access those images commonly and securely.
This article will be broken into two parts. The first part will teach you how to set up a Trusted Repo in AWS and the steps. In the second part, we will work through how to use this new Trusted Repo.
Creating A Repo
Trusted repos are a great way to improve the security of your Elastic Stack. Creating a trusted repo is not hard, but there are some steps you need to take and some things you need to know before creating one. Let’s get started!
First, you will want to ensure that your setup is prepared to create trusted repos. This means having an AWS account and setting up Kibana and Elasticsearch. You will also want to have a basic understanding of AWS, emphasizing EC2 computing instances and IAM policies. If you can do all of these things, you are ready to create a trusted repo!
The following steps outline the process:
- Create an IAM policy in AWS that allows access through Gateway API only if the request comes from designated IP addresses or VPCs
- Create an AWS credential in Elasticsearch consisting of an Access key ID from the IAM user and a secret access key from the IAM user (note: this is sensitive data)
- Create a trusted repo using that previously created credential
Create an EC2 Machine Image in that Trusted Repo.
The next step is to create an EC2 Machine Image in that trusted repo.
You will want to use one of the popular machine images, such as Amazon Linux AMI or Ubuntu Server. Make sure your chosen image has all the software you need for your team’s project(s).
You can find and import a public AMI in AWS Marketplace or search for “Public Images” on the EC2 console.
Lastly, be sure to pick a machine image in the same region as your trusted repo.
Create An AMI From The EMI.
When you’ve verified that the EMI contains all the tools and packages necessary, you can create an Amazon Machine Image (AMI) from it. The AMI is used to launch instances of your trusted repository in AWS. You can then use the AMI to launch instances of your trusted repository in each availability zone across any region where you plan to deploy applications to make them available for application development teams.
To implement a trusted repo in AWS, create an Amazon Machine Image (AMI) from your Edaptive Intelligence Machine Image (EMI).
Create Another Trusted Repo.
- Create another trusted repo.
- Add another task that creates an EMI in the second trusted repo.
- Finally, create an AMI from the second EMI.
Create A New EMI.
To create a new EMI, you’ll need the following:
- An existing EC2 instance.
- An EBS volume of at least 100GB.
- A security group that enables incoming and outgoing communication from an external IP address over port 80.
You can create a new instance by selecting ‘Launch Instance’ from the EC2 Console Home Page, then select one or more of the following options:
- Instance Type – t3.nano (1 vCPU, 0.5 GiB memory) with EBS Storage of non-local NVMe SSDs (EBS Only).
- Storage Size – 20 GB (100 GB minimum is recommended).
Create An AMI From The Second EMI.
To create an Amazon Machine Image (AMI) from the second Elastic Machine Image (EMI), you need to start in the EMI console. Choose your EMI and select Actions, then AMI Copy. In the resulting pop-up, confirm that your machine is being copied into a new AMI by checking that “Copy” is selected under “Source Type.” You can also check which of your regions to store the resulting image in, depending on where it will be used. After this step is complete, you can optionally skip ahead to Creating a new Launch Configuration using the copied AMI created from your EMI above and proceed from there.
Implementing Trusted Repos Is Easy When Your Know-How.
As long as you follow the steps in this tutorial, creating and using a trusted repo should be easy. You should be able to implement and start using one in the afternoon.
There are various tools you can use to create your AMI. Still, we’re going to assume you’re already familiar with Packer and focus on how to upload that AMI into an AWS Trusted Repo. A quick Google search will reveal several options for publishing AMIs into AWS. The simplest is probably Snapshotter, which automatically handles all the complicated stuff (although it charges a fee).
A more open-source solution is CloudCoreo’s packer-AWS-trusted-image tool. It’s free, but it requires some technical know-how. It does the job just fine if you’re comfortable working with bash scripts and JSON files.
Our Final Thoughts for How To Implement A Trusted Repo In AWS
Hopefully, we can see that the AWS Trusted Repo is a powerful feature that will certainly come in handy. A lot of the features offered by this system are free and make implementing it very easy.
However, even though this feature is free, you will have to keep in mind the general costs of CloudFormation, which are incurred for each usage of AWS Trusted Repo. In most cases, developers will be fine with them as long as they don’t create multiple trusted repos, but sometimes it can add up fast. Hopefully, this article has given you a clear idea of what AWS Trusted Repo is and when to use it!
Contact us for services and solutions related to how to Implement a Trusted Repo in AWS.
Further blogs within this How To Implement A Trusted Repo In AWS category.