Install aws cli and ansible modules on control machine
- check if you have aws cli installed
if not - install it following these instructions. The simplest way is to use
pip install awscli --upgrade --user
Mac systems with homebrew installed:
brew install awscli
- Also, use
pipto install the following python packages required by ansible:
sudo pip install boto sudo pip install boto3
Configuring AWS account
Minimum node recommendations:
* Size: t3.medium, a larger instance is preferable.
* Storage: SSD rather than HDD (see here for more information).
Register (if you haven’t already) and login to the AWS management console: https://aws.amazon.com/console/
to create credentials for cli, open IAM home https://console.aws.amazon.com/iam/home, select “Users” on the left hand side navigation bar and then click “Add user”. Pick a username, and check “Programmatic access” for “Access type”. NOTE: For clarity we recommend using identical usernames on your Ansible Control Station and your remote node. For example, one can create a user named “ubuntu” on both your Ansible Control Station and your remote note.
Click “Next: Permissions” - you can choose any of the available options, and “Attach existing policies directly” is the simplest one. In the list of policy types, search for and then check “AmazonEC2FullAccess”. Click “Next:Review”. Review your account and click “Create user” to proceed.
it is very important that you copy “Access Key ID” and “Secret Access Key” without leaving this page, because there is no other way to retrieve “Secret Access Key” later and you will have to start again and create another user. After copying this important information, select “Close”.
after you’ve copied and saved your AWS secret keys, the next step is to upload your SSH public key. In the top left corner of the page select “Services -> EC2”. On the left sidebar select “Network & Security” -> “Key Pairs”. Click “Import Key Pair”. Give a name to this keypair, otherwise base name of the file will be used (by default
id_rsa). Browse your Ansible Control Station file system for the public key.
configure aws cli:
provide your credentials (Access Key ID and Secret Access Key) from earlier. Choose a region for your account (e.g.
us-east-2) and output format (
json is recommended).
- check that keypair was correctly imported:
aws ec2 describe-key-pairs
you should see your keypair name in the list.
- choose available aws VPC and Subnet. Run this command to list subnets
aws ec2 describe-subnets
select any subnet with
"State": "available" and non-zero
AvailableIpAddressCount. You need to note
VpcId of this subnet for later use.
- clone repository with ansible playbooks and checkout branch corresponding to Kovan:
git clone https://github.com/poanetwork/deployment-playbooks.git cd deployment-playbooks git checkout kovan
- go to
- create configuration file
cp group_vars/all.yml.example group_vars/all.yml
- edit this file in your favorite text editor (e.g.
and provide the following configuration parameters
access_key: "your aws access key" secret_key: "your aws secret key" awskeypair_name: "aws keypair name" region: "us-east-1" # you can choose a different region vpc_id: "your VpcId" vpc_subnet_id: "your SubnetId"
leave other parameters unchanged
- run the playbook (run from the aws folder)
ansible-playbook validator.yml --private-key ~/.ssh/id_rsa
If the path to your private key is different, use that instead of
~/.ssh/id_rsa. If successful, you should see a successful play recap.
open aws console, go to ec2 instances and check that new instance is created, note it’s IP address for later use.
Next you must run a second Ansible playbook from the root directory to complete the setup - Return to step III. Ansible Playbook Configuration in Kovan Node setup instructions
[WARNING] provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match ‘all’.
Make sure you are in the aws subdirectory when running the playbook (step 13).
Syntax error while loading YAML
Check that variables are tabbed properly
[ami-XXX] does not exist.
ami is tied to the aws region your chose, ie east-region-2. To find the ami, go to the ec2 console at us-east-1 region, find the AMI tab and enter the current AMI. It will show you something similar to
ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180205 which is the AMI name. Go to your region and enter the name at the same search string. Copy the AMI id from the output.