Bootstrapping an AWS Environment for Cloud Foundry
Page last updated:
This topic describes how to set up an environment for Cloud Foundry on Amazon Web Services (AWS) using
bosh aws create. This command-line bootstrap tool creates all of the structures that underlie your deployment.
bosh aws create command creates many structures within AWS. If it does not complete successfully, or you want to abort the process, you can clean up the AWS environment with a companion destroy command.
Note: The destroy command deletes all user-created structures in your AWS account, not just the ones created by
bosh aws create.
Select a DNS domain name for your Cloud Foundry instance. For example, if you select the domain name cloud.example.com, Cloud Foundry deploys each of your applications as
From the AWS Route 53 dashboard, click Hosted zones.
Click the Create Hosted Zone button.
Under Domain Name, enter the domain name you chose above, for AWS to host.
Under Type choose Public Hosted Zone. This creates four name server (NS) records for your hosted zone.
From your domain registrar, delegate DNS authority for your hosted zone to your four Amazon Route 53 name servers. To do this, replace your registrar’s NS records for the domain with the NS record values you created in the last step.
Note: You can also find your NS record values by selecting your domain under the Hosted zones tab.
$ gem install bundler
$ mkdir deployments
deploymentsdirectory, make a sub-directory named
cf-exampleto hold the gems and configuration information that BOSH needs to create your environment:
$ cd deployments $ mkdir cf-example
cf-examplesub-directory, create a file named
Gemfilemodeled after the following contents, but with the
rubyargument matching the Ruby version that you are running:
source 'https://rubygems.org' ruby "2.2.2" gem "bosh_cli_plugin_aws"
bundle installto install the
bosh_cli_plugin_awsgem and its dependencies.
$ bundle install ... Bundle complete! 1 Gemfile dependency, 85 gems now installed. Use `bundle show [gemname]` to see where a bundled gem is installed.
- For a new user, click Create New Users and enter a user name.
- For an existing user, choose the user, select the Security Credentials tab, and click Create Access Key.
Click Show User Security Credentials and record both the Access Key ID and Secret Access Key.
Make sure your user has permissions to create an environment for Cloud Foundry on AWS.
- Select the Permissions tab on the user’s page.
- Click Attach Policy.
- Select the checkbox next to AdministratorAccess. This setting provides your user with full access to AWS services and resources.
- Click Attach Policy at lower right.
Note: For more security, you can restrict the IAM user to a finer-grained set of permissions, but generally Administrator permissions will do.
Create a file named
bosh_environmentand add the following contents, replacing the values in each line to match your configuration as described below:
export BOSH_VPC_DOMAIN=example.com export BOSH_VPC_SUBDOMAIN=my-subdomain export BOSH_AWS_ACCESS_KEY_ID=AWS_ACCESS_KEY_ID export BOSH_AWS_SECRET_ACCESS_KEY=AWS_SECRET_ACCESS_KEY export BOSH_AWS_REGION=us-east-1 export BOSH_VPC_PRIMARY_AZ=us-east-1a export BOSH_VPC_SECONDARY_AZ=us-east-1b
- The values for
BOSH_VPC_SUBDOMAINmust correspond to the DNS domain name that you set up when configuring Route 53. This example uses
BOSH_SECRET_ACCESS_KEY, use the key pair you created above as AWS access key credentials.
- For the
BOSH_AWS_REGIONproperty, use your AWS region. This example uses
- For the
BOSH_VPC_SECONDARY_AZproperties, choose an availability zone that is listed as “operating normally” in the Health Status section of the AWS Console for your region. This example uses
- The values for
source bosh_environmentto set the environment variables required for the AWS bootstrap tool,
bosh aws create.
$ source bosh_environment
bosh aws createto create a VPC Internet Gateway, VPC subnets, three RDS databases, and a NAT VM for Cloud Foundry subnet routing. This command generates two receipt files,
aws_vpc_receipt.yml, that you use when deploying Cloud Foundry.
$ bosh aws create Executing migration CreateKeyPairs allocating 1 KeyPair(s) Executing migration CreateVpc ... details in S3 receipt: aws_rds_receipt and file: aws_rds_receipt.yml Executing migration CreateS3 creating bucket xxxx-bosh-blobstore creating bucket xxxx-bosh-artifacts
Note: RDS database creation may take 20 or more minutes.
Note: If the
bosh aws createcommand returns an error, you can destroy the AWS environment, as described in the next section.
From the AWS EC2 Dashboard, navigate to Elastic IPs.
Click Allocate New Address or select an existing Elastic IP that does not already list an associated instance.
With the IP address selected, associate it with the NAT VM instance by clicking Actions and selecting Associate Address.
In the Associate Address popup, click into the Instance field and select the instance listed as running
You can use
bosh aws destroy to delete all user-created structures in your AWS environment. This is useful if
bosh aws create does not complete successfully and you want to reset your environment, or if you want to tear down your AWS structures for any other reason.
$ bosh aws destroy
This command prompts you to delete EC2 instances, EBS volumes, RDS databases, S3 buckets, VPCs, key pairs, Elastic IPs, security groups, and NS/SOA records in your account.
WARNING: The command
bosh aws destroy destroys
everything in your AWS account, including all S3 buckets and all instances.
Do not use this command unless you want to lose all content
from your AWS account, including objects and files unrelated to your Cloud