OpsWorks for Puppet Enterprise IAM role for nodes

“To allow your Puppet nodes to connect to your server, you have to create an AWS Identity and Access Management (IAM) role to use as your EC2 instance profile.”
That’s what the Puppet Enterprise Starter Kit manual says.

Step 1 of the guide says: “Here’s the policy. Create IAM role to use it. For information about how to create an IAM role, see our docs.”

I think we can do better than that. And automate it.

We’ll define both the policy and the role, then create them and register with one another. It is actually very simple. Let’s see.

We have our policy document:

and our role document, which should allow it to be assumed by EC2 instances:

Let’s define names and descriptions to be used for our new policy and role:

Generic, but will do. And is also usable right out of the box.

To create a new policy we’re using a self-explanatory New-IAMPolicy cmdlet:

We’re capturing the output in a variable. Both because we can then check if it actually got created and because we need its ARN to register it with the role.

Speaking of role, we’ll use cmdlet equally logically named New-IAMRole.

Cmdlet displays Great success! on creation. We don’t really need that message so we’re suppressing it by piping the output to Out-Null

And, finally, it’s time to register the policy with the role. Register-IAMRolePolicy , again a cmdlet with a predictable name, is to be used for it:

And that’s it! Role created and ready to be assumed by your fleet of Puppet nodes!

Hope you liked this short “PowerShell and IAM 101” post 🙂

Here’s the full script, with some basic error checking – for those situations where you use the incorrect account and lack the necessary IAM permissions for policy and role creation 😉

Get the code (and any potential updates) from GitHub:

You can also run the script directly by invoking the remote command – but keep in mind what we say about running the foreign code. Check it out, copy to your own location and run from there.

Full code below. Enjoy! 🙂

Leave a Comment