Question 1

How to use the aws cookbook with IAM instance roles?

Accepted Answer

The cookbook automatically picks up credentials from IAM roles assigned to instances via the metadata API. Ensure the role has necessary policies, like those for EBS or resource tagging shown in the README, and omit credential properties in resources.

Question 2

Best practices for storing AWS credentials in Chef recipes?

Accepted Answer

Store credentials in encrypted data bags and load them in recipes, as recommended in the README. Avoid hardcoding in node attributes to prevent exposure, and use IAM roles for instances when possible.

Question 3

AWS cookbook vs Terraform: which should I use for infrastructure?

Accepted Answer

Use the aws cookbook if you're already invested in Chef for configuration management and want to integrate AWS resources into Chef runs. Terraform is better for declarative, standalone infrastructure provisioning with state management outside Chef.

Question 4

How to create an S3 bucket with the aws cookbook?

Accepted Answer

Use the aws_s3_bucket resource with the :create action, specifying properties like region and versioning. Example code in the README shows bucket creation with optional encryption and deletion safeguards.

Question 5

What IAM permissions are needed for the aws_ebs_volume resource?

Accepted Answer

The README includes sample IAM policies for EBS management, requiring actions like ec2:CreateVolume and ec2:AttachVolume. Tailor policies to least-privilege based on your specific volume operations.

Question 6

How to handle MFA authentication with the aws cookbook?

Accepted Answer

Assume an STS role with MFA by creating Aws::AssumeRoleCredentials, passing the session token to resources. The README provides detailed examples using token codes and serial numbers for secure access.

aws

What is aws?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions