Contributors30 minutesTest Kitchen enables you to specify details about your virtual machine. When working with EC2, this includes its Amazon Machine Image (AMI), instance type, security groups, and how to run Chef – including which recipes and which tests to run. Test Kitchen is the interface you use to create, destroy, and run Chef on your instances.
Here you'll make sure that your workstation is set up for Chef development. You'll also prepare your AWS account to create test instances.
If you don't have an AWS account, their one-year free account gives you 750 hours per month of usage on the t2.micro tier.
| In this module you'll use CentOS, a free computing platform that's functionally compatible with Red Hat Enterprise Linux. CentOS typically costs less to run on EC2, and is an ideal way to quickly test out your Chef code. |
1. Set up your workstation for Chef development
Although this module doesn't involve the Chef server or bootstrapping a node, we recommend that you complete Manage a Red Hat Enterprise Linux node with Chef server before starting this module.
If you prefer to learn about local development now, before learning how to bootstrap a node, perform these steps to set up your workstation. Then come back to this page.
At this point, your workstation should:
- have the latest version of Chef Workstation.
- have a programmer's text editor that you're comfortable working with.
- have the
~/learn-chef directory for you to work in. - have Git and an SSH client.
Having Git is important because you'll use it to download starter code to work with.
Having an SSH client is important because you can use it to log in to your CentOS instance to verify your work.
If your workstation is running Windows, remember to open the Chef Workstation desktop shortcut. The desktop shortcut brings up a PowerShell session that's configured to work with Chef.
2. Prepare your AWS account
You'll use Test Kitchen to create an EC2 instance later in this module. For now, let's ensure you have everything you'll need to create and connect to your instance.
In this part, you'll:
- Ensure your IAM role grants permission to launch instances
- Create your credentials file
- Note your region and availability zone
- Note your VPC subnet
- Create a security group
- Get the AMI ID for CentOS 7 in your region
- Prepare your key pair file
You can use this table as a checklist of the things you'll need.
| Item | Example |
|---|
| AWS credentials file | See example |
| Region and availability zone | us-east-1b |
| VPC subnet ID | subnet-eacb348e |
| Security group ID | sg-2d3b3b48 |
| CentOS 7 AMI ID | ami-6d1c2007 |
| AWS key pair file | See example |
You may want to talk to your AWS administrator if you're unsure of which settings to use.
2.1. Ensure your IAM role grants permission to launch instances
If you've used EC2 in the past, your IAM role likely already grants permission to launch instances.
If you're unable to manually launch an EC2 instance, learn how to update your IAM role to grant permission or ask your AWS administrator for help.
2.2. Create your credentials file
There are a few ways to authenticate with AWS from Test Kitchen. One way is to write your AWS secret access key to a credentials file on your workstation.
If you're using Linux or macOS for your workstation, add the following to ~/.aws/credentials. If you're using Windows, add it to %USERPROFILE%.aws\credentials. Replace ACCESS_KEY and SECRET_KEYwith your values.
Editor: ~/.aws/credentials
1
2
3
| [default]
aws_access_key_id = ACCESS_KEY
aws_secret_access_key = SECRET_KEY |
This blog post explains how central AWS credential storage works in more detail.
2.3. Note your region and availability zone
Note the region and availability zone where you want your instances to run, for example, us-east-1b.
2.4. Note your VPC subnet
A VPC subnet is repsonsible for routing network traffic and for allocating IP addresses to instances. You'll need a subnet that allocates IP addresses that are reachable from your workstation. If you use a VPN connection to connect to EC2 instances, then you might use a subnet that allocates IP address on the private network. Others might find it appropriate to use a subnet that allocates IP addresses on the public Internet.
Choose the subnet that best matches how you connect to EC2 instances and note its name, for example, subnet-eacb348e.
If you don't have a subnet that you can use, see the AWS documentation to learn how to create one.
2.5. Create a security group
When you launch an instance, you associate one or more security groups with the instance.
Ensure that you have security groups available in your region that allow inbound access on these ports:
- 22 (SSH)
- 80 (HTTP)
- 443 (HTTPS)
2.6. Get the AMI ID for CentOS 7 in your region
There are multiple ways to get the AMI ID for CentOS 7 for your region.
If you don't have a preference, you can get the ID from the AWS Marketplace.
From the Manual Launch tab, note the ID for your region. Here's an example for the EU (Ireland) region. Don't launch the instance now – you'll launch from Test Kitchen in the next part.
| The ID can change when a new AMI is released with security updates, so be sure to get the latest ID from the AWS Marketplace. |
2.7. Prepare your key pair file
You'll need an EC2 key pair file on your workstation so that Test Kitchen can connect to your instance over SSH.
If you don't have your key pair file set up, the AWS documentation shows you how.
