AWS CloudFormation
User Guide (Version )

AWS::OpsWorksCM::Server

The AWS::OpsWorksCM::Server resource creates an AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise configuration management server. For more information, see Create a Chef Automate Server in AWS CloudFormation or Create a Puppet Enterprise Master in AWS CloudFormation in the AWS OpsWorks User Guide, and CreateServer in the AWS OpsWorks CM API Reference.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::OpsWorksCM::Server", "Properties" : { "AssociatePublicIpAddress" : Boolean, "BackupId" : String, "BackupRetentionCount" : Integer, "DisableAutomatedBackup" : Boolean, "Engine" : String, "EngineAttributes" : [ EngineAttribute, ... ], "EngineModel" : String, "EngineVersion" : String, "InstanceProfileArn" : String, "InstanceType" : String, "KeyPair" : String, "PreferredBackupWindow" : String, "PreferredMaintenanceWindow" : String, "SecurityGroupIds" : [ String, ... ], "ServerName" : String, "ServiceRoleArn" : String, "SubnetIds" : [ String, ... ] } }

YAML

Type: AWS::OpsWorksCM::Server Properties: AssociatePublicIpAddress: Boolean BackupId: String BackupRetentionCount: Integer DisableAutomatedBackup: Boolean Engine: String EngineAttributes: - EngineAttribute EngineModel: String EngineVersion: String InstanceProfileArn: String InstanceType: String KeyPair: String PreferredBackupWindow: String PreferredMaintenanceWindow: String SecurityGroupIds: - String ServerName: String ServiceRoleArn: String SubnetIds: - String

Properties

AssociatePublicIpAddress

Associate a public IP address with a server that you are launching. Valid values are true or false. The default value is true.

Required: No

Type: Boolean

Update requires: Replacement

BackupId

If you specify this field, AWS OpsWorks CM creates the server by using the backup represented by BackupId.

Required: No

Type: String

Maximum: 79

Update requires: Replacement

BackupRetentionCount

The number of automated backups that you want to keep. Whenever a new backup is created, AWS OpsWorks CM deletes the oldest backups if this number is exceeded. The default value is 1.

Required: No

Type: Integer

Minimum: 1

Update requires: No interruption

DisableAutomatedBackup

Enable or disable scheduled backups. Valid values are true or false. The default value is true.

Required: No

Type: Boolean

Update requires: No interruption

Engine

The configuration management engine to use. Valid values include ChefAutomate and Puppet.

Required: No

Type: String

Update requires: Replacement

EngineAttributes

Optional engine attributes on a specified server.

Attributes accepted in a Chef createServer request:

  • CHEF_AUTOMATE_PIVOTAL_KEY: A base64-encoded RSA public key. The corresponding private key is required to access the Chef API. When no CHEF_AUTOMATE_PIVOTAL_KEY is set, a private key is generated and returned in the response. When you are specifying the value of CHEF_AUTOMATE_PIVOTAL_KEY as a parameter in the AWS CloudFormation console, you must add newline (\n) characters at the end of each line of the pivotal key value.

  • CHEF_AUTOMATE_ADMIN_PASSWORD: The password for the administrative user in the Chef Automate web-based dashboard. The password length is a minimum of eight characters, and a maximum of 32. The password can contain letters, numbers, and special characters (!/@#$%^&+=_). The password must contain at least one lower case letter, one upper case letter, one number, and one special character. When no CHEF_AUTOMATE_ADMIN_PASSWORD is set, one is generated and returned in the response.

Attributes accepted in a Puppet createServer request:

  • PUPPET_ADMIN_PASSWORD: To work with the Puppet Enterprise console, a password must use ASCII characters.

  • PUPPET_R10K_REMOTE: The r10k remote is the URL of your control repository (for example, ssh://git@your.git-repo.com:user/control-repo.git). Specifying an r10k remote opens TCP port 8170.

  • PUPPET_R10K_PRIVATE_KEY: If you are using a private Git repository, add PUPPET_R10K_PRIVATE_KEY to specify a PEM-encoded private SSH key.

Required: No

Type: List of EngineAttribute

Update requires: No interruption

EngineModel

The engine model of the server. Valid values in this release include Monolithic for Puppet and Single for Chef.

Required: No

Type: String

Update requires: Replacement

EngineVersion

The major release version of the engine that you want to use. For a Chef server, the valid value for EngineVersion is currently 12. For a Puppet server, the valid value is 2017.

Required: No

Type: String

Update requires: Replacement

InstanceProfileArn

The ARN of the instance profile that your Amazon EC2 instances use.

Required: Yes

Type: String

Pattern: arn:aws:iam::[0-9]{12}:instance-profile/.*

Update requires: Replacement

InstanceType

The Amazon EC2 instance type to use. For example, m5.large.

Required: Yes

Type: String

Update requires: Replacement

KeyPair

The Amazon EC2 key pair to set for the instance. This parameter is optional; if desired, you may specify this parameter to connect to your instances by using SSH.

Required: No

Type: String

Update requires: Replacement

PreferredBackupWindow

The start time for a one-hour period during which AWS OpsWorks CM backs up application-level data on your server if automated backups are enabled. Valid values must be specified in one of the following formats:

  • HH:MM for daily backups

  • DDD:HH:MM for weekly backups

The specified time is in coordinated universal time (UTC). The default value is a random, daily start time.

Example: 08:00, which represents a daily start time of 08:00 UTC.

Example: Mon:08:00, which represents a start time of every Monday at 08:00 UTC. (8:00 a.m.)

Required: No

Type: String

Update requires: No interruption

PreferredMaintenanceWindow

The start time for a one-hour period each week during which AWS OpsWorks CM performs maintenance on the instance. Valid values must be specified in the following format: DDD:HH:MM. The specified time is in coordinated universal time (UTC). The default value is a random one-hour period on Tuesday, Wednesday, or Friday. See TimeWindowDefinition for more information.

Example: Mon:08:00, which represents a start time of every Monday at 08:00 UTC. (8:00 a.m.)

Required: No

Type: String

Update requires: No interruption

SecurityGroupIds

A list of security group IDs to attach to the Amazon EC2 instance. If you add this parameter, the specified security groups must be within the VPC that is specified by SubnetIds.

If you do not specify this parameter, AWS OpsWorks CM creates one new security group that uses TCP ports 22 and 443, open to 0.0.0.0/0 (everyone).

Required: No

Type: List of String

Update requires: Replacement

ServerName

The name of the server. The server name must be unique within your AWS account, within each region. Server names must start with a letter; then letters, numbers, or hyphens (-) are allowed, up to a maximum of 40 characters.

Required: No

Type: String

Minimum: 1

Maximum: 40

Pattern: [a-zA-Z][a-zA-Z0-9\-]*

Update requires: Replacement

ServiceRoleArn

The service role that the AWS OpsWorks CM service backend uses to work with your account. Although the AWS OpsWorks management console typically creates the service role for you, if you are using the AWS CLI or API commands, run the service-role-creation.yaml AWS CloudFormation template, located at https://s3.amazonaws.com/opsworks-cm-us-east-1-prod-default-assets/misc/opsworks-cm-roles.yaml. This template creates a CloudFormation stack that includes the service role and instance profile that you need.

Required: Yes

Type: String

Pattern: arn:aws:iam::[0-9]{12}:role/.*

Update requires: Replacement

SubnetIds

The IDs of subnets in which to launch the server EC2 instance.

Amazon EC2-Classic customers: This field is required. All servers must run within a VPC. The VPC must have "Auto Assign Public IP" enabled.

EC2-VPC customers: This field is optional. If you do not specify subnet IDs, your EC2 instances are created in a default subnet that is selected by Amazon EC2. If you specify subnet IDs, the VPC must have "Auto Assign Public IP" enabled.

For more information about supported Amazon EC2 platforms, see Supported Platforms.

Required: No

Type: List of String

Update requires: Replacement

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the server's ARN, such as arn:aws:OpsWorksCM:us-east-1:123456789012:server/server-a1bzhi.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the server, such as arn:aws:OpsWorksCM:us-east-1:123456789012:server/server-a1bzhi.

Endpoint

A DNS name that can be used to access the engine. Example: myserver-asdfghjkl.us-east-1.opsworks.io.

Examples

Create an AWS OpsWorks for Chef Automate server

The following example creates an AWS OpsWorks for Chef Automate server.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { "PivotalKey": { "Type": "String" }, "Password": { "Type": "String" } }, "Resources": { "MyChefServer": { "Type": "AWS::OpsWorksCM::Server", "Properties": { "BackupRetentionCount": "12", "DisableAutomatedBackup": false, "Engine": "ChefAutomate", "EngineVersion": "2", "EngineAttributes": [ { "Name": "CHEF_AUTOMATE_PIVOTAL_KEY", "Value": { "Ref": "PivotalKey" } }, { "Name": "CHEF_AUTOMATE_ADMIN_PASSWORD", "Value": { "Ref": "Password" } } ], "EngineModel": "Single", "InstanceProfileArn": "INSTANCE-PROFILE-ARN", "InstanceType": "r5.xlarge", "PreferredBackupWindow": "08:00", "PreferredMaintenanceWindow": "Fri:08:00", "ServiceRoleArn": "SERVICE-ROLE-ARN" } } }, "Outputs": { "endpoint": { "Description": "OpsWorksCM Server Endpoint", "Value": { "Fn::GetAtt": [ "MyChefServer", "Endpoint" ] } } } }

YAML

AWSTemplateFormatVersion: '2010-09-09' Parameters: PivotalKey: Type: String Password: Type: String Resources: MyChefServer: Type: AWS::OpsWorksCM::Server Properties: BackupRetentionCount: '12' DisableAutomatedBackup: False Engine: 'ChefAutomate' EngineVersion: '2' EngineAttributes: - Name: "CHEF_AUTOMATE_PIVOTAL_KEY" Value: Ref: PivotalKey - Name: "CHEF_AUTOMATE_ADMIN_PASSWORD" Value: Ref: Password EngineModel: 'Single' InstanceProfileArn: "INSTANCE-PROFILE-ARN" InstanceType: 'r5.xlarge' PreferredBackupWindow: '08:00' PreferredMaintenanceWindow: 'Fri:08:00' ServiceRoleArn: "SERVICE-ROLE-ARN" Outputs: endpoint: Description: OpsWorksCM Server Endpoint Value: !GetAtt [MyChefServer, Endpoint]

Create an AWS OpsWorks for Puppet Enterprise server

The following example creates an AWS OpsWorks for Puppet Enterprise server.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "My OpsWorksCM Managed Server", "Parameters": { "AdminPassword": { "Type": "String" } }, "Resources": { "TestServerDeleteMe": { "Type": "AWS::OpsWorksCM::Server", "Properties": { "AssociatePublicIpAddress": true, "BackupRetentionCount": "12", "DisableAutomatedBackup": false, "Engine": "Puppet", "EngineVersion": "2017", "EngineAttributes": [ { "Name": "PUPPET_ADMIN_PASSWORD", "Value": { "Ref": "AdminPassword" } } ], "EngineModel": "Single", "InstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/MyInstanceProfile", "InstanceType": "m4.xlarge", "PreferredBackupWindow": "08:00", "PreferredMaintenanceWindow": "Fri:08:00", "ServiceRoleArn": "arn:aws:iam::123456789012:role/MyServiceRole" } } } }

YAML

AWSTemplateFormatVersion: '2010-09-09' Description: IAM Resources for the AWS OpsWorks Managed Server. Parameters: AdminPassword: Type: String Resources: MyPuppetServer: Type: AWS::OpsWorksCM::Server Properties: BackupRetentionCount: '12' DisableAutomatedBackup: False Engine: 'Puppet' EngineVersion: '2017' EngineAttributes: - Name: "PUPPET_ADMIN_PASSWORD" Value: Ref: AdminPassword EngineModel: 'Monolithic' InstanceProfileArn: "INSTANCE-PROFILE-ARN" InstanceType: 'm4.large' PreferredBackupWindow: '08:00' PreferredMaintenanceWindow: 'Fri:08:00' ServiceRoleArn: "SERVICE-ROLE-ARN" Outputs: endpoint: Description: OpsWorksCM Server Endpoint Value: !GetAtt [MyPuppetServer, Endpoint]

See Also