fix: use instance profile ARN to start instance

Sladuca · Sladuca · commit c20871efb745 · 2023-10-18T15:58:44.000-04:00
diff --git a/packages/actions/.env.default b/packages/actions/.env.default
@@ -48,6 +48,8 @@ AWS_REGION="YOUR-AWS-REGION"
 AWS_AMI_ID="ami-022e1a32d3f742bd8"
 # The EC2 instance role to access S3
 AWS_ROLE_ARN="YOUR-AWS-ROLE-ARN"
+# The IAM instance profile for the EC2 instance to assume
+AWS_INSTANCE_PROFILE_ARN="YOUR-AWS-INSTANCE-PROFILE-ARN"
 
 ### AUTHENTICATION ###
 ### These configs are related to the authentication of users.
diff --git a/packages/actions/src/helpers/services.ts b/packages/actions/src/helpers/services.ts
@@ -34,6 +34,7 @@ export const getAWSVariables = (): AWSVariables => {
         !process.env.AWS_SECRET_ACCESS_KEY ||
         !process.env.AWS_REGION ||
         !process.env.AWS_ROLE_ARN ||
+        !process.env.AWS_INSTANCE_PROFILE_ARN ||
         !process.env.AWS_AMI_ID
     )
         throw new Error(
@@ -45,6 +46,7 @@ export const getAWSVariables = (): AWSVariables => {
         secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!,
         region: process.env.AWS_REGION || "us-east-1",
         roleArn: process.env.AWS_ROLE_ARN!,
+        instanceProfileArn: process.env.AWS_INSTANCE_PROFILE_ARN!,
         amiId: process.env.AWS_AMI_ID!
     }
 }
diff --git a/packages/actions/src/helpers/vm.ts b/packages/actions/src/helpers/vm.ts
@@ -153,7 +153,7 @@ export const createEC2Instance = async (
     diskType: DiskTypeForVM
 ): Promise<EC2Instance> => {
     // Get the AWS variables.
-    const { amiId, roleArn } = getAWSVariables()
+    const { amiId, instanceProfileArn } = getAWSVariables()
 
     // Parametrize the VM EC2 instance.
     const params: RunInstancesCommandInput = {
@@ -163,7 +163,7 @@ export const createEC2Instance = async (
         MinCount: 1,
         // nb. to find this: iam -> roles -> role_name.
         IamInstanceProfile: {
-            Arn: roleArn
+            Arn: instanceProfileArn
         },
         // nb. for running commands at the startup.
         UserData: Buffer.from(commands.join("\n")).toString("base64"),
diff --git a/packages/actions/src/types/index.ts b/packages/actions/src/types/index.ts
@@ -25,6 +25,7 @@ export type AWSVariables = {
     secretAccessKey: string
     region: string
     roleArn: string
+    instanceProfileArn: string
     amiId: string
 }
 
diff --git a/packages/backend/.default.env b/packages/backend/.default.env
@@ -16,6 +16,8 @@ AWS_CEREMONY_BUCKET_POSTFIX="-ph2-ceremony"
 AWS_AMI_ID="ami-022e1a32d3f742bd8"
 # The EC2 instance role to access S3
 AWS_ROLE_ARN="YOUR-AWS-ROLE-ARN"
+# The IAM instance profile for the EC2 instance to assume
+AWS_INSTANCE_PROFILE_ARN="YOUR-AWS-INSTANCE-PROFILE-ARN"
 # The SNS topic ARN to publish notifications 
 AWS_SNS_TOPIC_ARN="YOUR-AWS-SNS-TOPIC-ARN"
 

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@ export const getAWSVariables = (): AWSVariables => {`
`34`	`34`	`!process.env.AWS_SECRET_ACCESS_KEY \|\|`
`35`	`35`	`!process.env.AWS_REGION \|\|`
`36`	`36`	`!process.env.AWS_ROLE_ARN \|\|`
	`37`	`+ !process.env.AWS_INSTANCE_PROFILE_ARN \|\|`
`37`	`38`	`!process.env.AWS_AMI_ID`
`38`	`39`	`)`
`39`	`40`	`throw new Error(`
`@@ -45,6 +46,7 @@ export const getAWSVariables = (): AWSVariables => {`
`45`	`46`	`secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!,`
`46`	`47`	`region: process.env.AWS_REGION \|\| "us-east-1",`
`47`	`48`	`roleArn: process.env.AWS_ROLE_ARN!,`
	`49`	`+ instanceProfileArn: process.env.AWS_INSTANCE_PROFILE_ARN!,`
`48`	`50`	`amiId: process.env.AWS_AMI_ID!`
`49`	`51`	`}`
`50`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ export type AWSVariables = {`
`25`	`25`	`secretAccessKey: string`
`26`	`26`	`region: string`
`27`	`27`	`roleArn: string`
	`28`	`+ instanceProfileArn: string`
`28`	`29`	`amiId: string`
`29`	`30`	`}`
`30`	`31`