From 7f87f51a0364eebcd122225704a659d55cce3108 Mon Sep 17 00:00:00 2001 From: Glenn Schlereth Date: Mon, 13 Dec 2021 18:31:15 -0300 Subject: [PATCH] Implemented architecture choice 'arm' or amd 'x86_64' for EC2 cloud (#14289) New `arch` config.cfg parameter is used along with the image name parameter to find the most recent OS image to be used in hosted ec2 instance. This allows the user to choose arm based instance types which was causing algo failure during cloud formation. --- config.cfg | 1 + docs/cloud-amazon-ec2.md | 2 ++ docs/deploy-from-ansible.md | 10 +++++++++- roles/cloud-ec2/tasks/main.yml | 3 ++- 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/config.cfg b/config.cfg index a1c31564e..96ade9b56 100644 --- a/config.cfg +++ b/config.cfg @@ -182,6 +182,7 @@ cloud_providers: size: t2.micro image: name: "ubuntu-focal-20.04" + arch: x86_64 owner: "099720109477" # Change instance_market_type from "on-demand" to "spot" to take advantage of # simplified spot launch options diff --git a/docs/cloud-amazon-ec2.md b/docs/cloud-amazon-ec2.md index 2c8856040..5fccee82b 100644 --- a/docs/cloud-amazon-ec2.md +++ b/docs/cloud-amazon-ec2.md @@ -12,6 +12,8 @@ The cheapest EC2 plan you can choose is the "Free Plan" a.k.a. the "AWS Free Tie As of the time of this writing (July 2018), the Free Tier limits include "750 hours of Amazon EC2 Linux t2.micro instance usage" per month, 15 GB of bandwidth (outbound) per month, and 30 GB of cloud storage. Algo will not even use 1% of the storage limit, but you may have to monitor your bandwidth usage or keep an eye out for the email from Amazon when you are about to exceed the Free Tier limits. +Addtional configurations are documented in the [EC2 section of the deploy from ansible guide](https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md#amazon-ec2) + ### Create an AWS permissions policy In the AWS console, find the policies menu: click Services > IAM > Policies. Click Create Policy. diff --git a/docs/deploy-from-ansible.md b/docs/deploy-from-ansible.md index a0a58a66c..01ecf21ff 100644 --- a/docs/deploy-from-ansible.md +++ b/docs/deploy-from-ansible.md @@ -110,8 +110,16 @@ Possible options can be gathered via cli `aws ec2 describe-regions` Additional variables: -- [encrypted](https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/) - Encrypted EBS boot volume. Boolean (Default: false) +- [encrypted](https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/) - Encrypted EBS boot volume. Boolean (Default: true) - [size](https://aws.amazon.com/ec2/instance-types/) - EC2 instance type. String (Default: t2.micro) +- [image](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-images.html) - AMI `describe-images` search parameters to find the OS for the hosted image. Each OS and architecture has a unique AMI-ID. The OS owner, for example [Ubuntu](https://cloud-images.ubuntu.com/locator/ec2/), updates these images often. If parameters below result in multiple results, the most recent AMI-ID is chosen + ``` + # Example of equivalent cli comand + aws ec2 describe-images --owners "099720109477" --filters "Name=architecture,Values=arm64" "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-focal-20.04*" + ``` + - [owners] - The operating system owner id. Default is [Canonical](https://help.ubuntu.com/community/EC2StartersGuide#Official_Ubuntu_Cloud_Guest_Amazon_Machine_Images_.28AMIs.29) (Default: 099720109477) + - [arch] - The architecture (Default: x86_64, Optional: arm64) + - [name] - The wildcard string to filter available ami names. Algo appends this name with the string "-\*64-server-\*", and prepends with "ubuntu/images/hvm-ssd/" (Default: ubuntu-focal-20.04) - [instance_market_type](https://aws.amazon.com/ec2/pricing/) - Two pricing models are supported: on-demand and spot. String (Default: on-demand) * If using spot instance types, one additional IAM permission along with the below minimum is required for deployment: ``` diff --git a/roles/cloud-ec2/tasks/main.yml b/roles/cloud-ec2/tasks/main.yml index edc75a68d..3b47b50f0 100644 --- a/roles/cloud-ec2/tasks/main.yml +++ b/roles/cloud-ec2/tasks/main.yml @@ -12,7 +12,8 @@ owners: "{{ cloud_providers.ec2.image.owner }}" region: "{{ algo_region }}" filters: - name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*" + architecture: "{{ cloud_providers.ec2.image.arch }}" + name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-*64-server-*" register: ami_search - name: Set the ami id as a fact