Setting Up an Amazon AWS Account
If you do not have an Amazon AWS account, you can sign up for one easily at http://aws.amazon.com/. Signing up is free and you will only pay for the services that are used. As an example, if you do a load test of 50,000 users for an hour the approximate cost is $2.00 and would be charged to your account on Amazon. There is no fee from RedLine.
AWS Identity and Access Management (IAM) Setup Instructions
There are 2 ways to upload AWS credentials. The Cross Account Role method is the preferred method.
- Login to the AWS IAM console at https://console.aws.amazon.com/iam/home.
- Click the “Policies” link, then the “Create Policy” button.
- Select the “JSON” tab, then past the following Policy JSON document.
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "iam:GetUser", "iam:SimulatePrincipalPolicy", "iam:PassRole", "iam:CreateServiceLinkedRole", "ec2:CreateTags", "ec2:DescribeInstances", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSpotInstanceRequests", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "ec2:DescribeAccountAttributes", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/redline": "T" } } } ] }The iam:GetUser, iam:SimulatePrincipalPolicy, iam:PassRole actions are not required, but allow Redline to validate your policy.
- iam:PassRole
- Used for extended security to limit termination to instance-profiles.
You will need to also change the condition for stop and terminate to specify the instance profile with privileges.
"ec2:InstanceProfile": "arn:aws:iam::ACCOUNT:instance-profile/NAME_OF_INSTANCE_PROFILE"- CreateServiceLinkedRole
- May be needed if you haven’t used spot instances before and allows AWS to launch instances on your behalf.
- SimulatePrincipalPolicy
- Used to test a policy for permissions
The actions following the skipped line are not essential, but recommended.
- DescribeAccountAttributes
- Used to determine account settings to help us prevent you from starting servers that are incompatible with your AWS account settings
- DescribeSubnets
- Used to show list of subnets in a drop down
- DescribeSecurityGroups
- Used to show your list of security groups when creating a test
The actions in the second action step are not required, but are limited to only resources tagged with the redline tag.- StopInstances
- Used to stop instances
- TerminateInstances
- Used to terminate instances from the UI or automated if we find unresponsive redline13 load agent
- Click "Review Policy"
- Enter a policy name (e.g. “RedlineAccess”). Optionally a description.
- Click "Create Policy". You should see 'Policy Name' has been created.
- Click the “Roles” link, then the “Create Role” button.
- Select the “Another AWS Account” option.
- Enter Account ID “635144173025”, check “Require external ID”, and enter the External ID listed on the RedLine13 account setup screen.
- On the next step, Select the policy that you created above.
- On the Review page, enter a Role Name (E.g. “RedlineAccess”), then click “Create Role”.
- On the roles page select (click into) your newly created role
- Copy the Role ARN and enter into the RedLine13 form, then submit the form.
- Login to the AWS IAM console at https://console.aws.amazon.com/iam/home.
- Click the "Create a New Group of Users" button.
- Enter a Group Name (E.g. "RedlineAccess"), then click continue.
- Select "Custom Policy", then enter a policy name and the following policy document text.
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "iam:GetUser", "iam:SimulatePrincipalPolicy", "iam:PassRole", "iam:CreateServiceLinkedRole", "ec2:CreateTags", "ec2:DescribeInstances", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSpotInstanceRequests", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "ec2:DescribeAccountAttributes", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/redline": "T" } } } ] }The iam:GetUser, iam:SimulatePrincipalPolicy, iam:PassRole actions are not required, but allow Redline to validate your policy.
- iam:PassRole
- Used for extended security to limit termination to instance-profiles.
You will need to also change the condition for stop and terminate to specify the instance profile with privileges.
"ec2:InstanceProfile": "arn:aws:iam::ACCOUNT:instance-profile/NAME_OF_INSTANCE_PROFILE"- CreateServiceLinkedRole
- May be needed if you haven’t used spot instances before and allows AWS to launch instances on your behalf.
- SimulatePrincipalPolicy
- Used to test a policy for permissions
The actions following the skipped line are not essential, but recommended.
- DescribeAccountAttributes
- Used to determine account settings to help us prevent you from starting servers that are incompatible with your AWS account settings
- DescribeSubnets
- Used to show list of subnets in a drop down
- DescribeSecurityGroups
- Used to show your list of security groups when creating a test
The actions in the second action step are not required, but are limited to only resources tagged with the redline tag.- StopInstances
- Used to stop instances
- TerminateInstances
- Used to terminate instances from the UI or automated if we find unresponsive redline13 load agent
- Add a user name (E.g. "redline") and ensure that "Generate an access key for each User" is checked. Make sure to place this user in the newly created group.
- Review and submit the form, then copy the AWS key and AWS secret.
Spot Request Limits
Please refer to http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-limits.html for more details on EC2's spot instance limits. Amazon limits the maximum spot price and the maximum number of spot requests per region (this may be as low as 5 servers). The AWS link above includes information on requesting higher limits.