Step 2: Setup the bootstrap instance

1. From the local environment where you will access the bootstrap instance, configure the required AWS credentials to allow access to the bootstrap instance. The identity used must have permissions that allow ssm:StartSession on the deployed bootstrap instance and SSM document resource.

   Note

   We recommend being restrictive as to who has access to this bootstrap instance. Ideally, a deployment or admin role needs to have access to the bootstrap instance, as the bootstrap instance deploys resources into the given account.

   Example policy:

   {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": "ssm:StartSession",
    "Resource": [
    "arn:aws:ec2:us-west-2:12345678912:instance/<instance-id>",
    "arn:aws:ssm:us-west-2:12345678912:document/BootstrapShellDoc-<stage>-<region>"
    ]
    }
    ]
   }

2. To retrieve the instance id of the bootstrap instance that was deployed, run the following command:

   Note

   Alternatively, you can retrieve the instance id from the Amazon EC2 console.

   instance=$(aws ec2 describe-instances --filters 'Name=tag:Name,Values=bootstrap-*' --query 'Reservations[].Instances[].[InstanceId]' --output text)

3. Using the instance id obtained from the previous step, run the following command to access the bootstrap instance:

   Note

   Update the Stage if it isn’t dev, and update the Region if it isn’t us-east-1.

   aws ssm start-session --document-name BootstrapShellDoc-dev-us-east-1 --target $instance --region us-east-1

4. To prepare the bootstrap instance for deploying the migration pieces, run:

   Note

   The initial setup can take approximately 10-15 minutes.

   ./initBootstrap.sh && cd deployment/cdk/opensearch-service-migration