Bootstrapping Chef with configs stored in S3

Bootstrapping Chef with configs stored in S3 for fun and profit!

Create an S3 bucket, upload client.rb and chef-validator.pem

Within IAM Roles, create a new role (I used “chef-client”) of AWS Service Roles - Amazon EC2 type, with the following policy:

 1{
 2  "Version": "2012-10-17",
 3  "Statement": [
 4    {
 5      "Sid": "Stmt1405116665000",
 6      "Effect": "Allow",
 7      "Action": [
 8        "s3:ListBucket",
 9        "s3:GetObject"
10      ],
11      "Resource": [
12        "arn:aws:s3:::BUCKET-NAME",
13        "arn:aws:s3:::BUCKET-NAME/*"
14      ]
15    }
16  ]
17}

Launch an EC2 Instance, specify the IAM Role you just created, and place the following in the user-data

 1#!/bin/bash
 2
 3# install the omnibus client
 4true && curl -L https://www.opscode.com/chef/install.sh | bash
 5# make a directory for chef stuff
 6mkdir /etc/chef
 7
 8# Using awscli because it does some voodoo magic with IAM Roles specififed on an EC2 instance
 9easy_install pip
10pip install awscli
11
12# grab our private key for talking to hosted chef
13aws s3 cp --region AWS-REGION s3://BUCKET-NAME/chef-validator.pem /etc/chef/chef-validator.pem
14# grab a minimal client.rb for getting the chef-client registered
15aws s3 cp --region AWS_REGION s3://BUCKET-NAME/client.rb /etc/chef/client.rb
16
17#kick off the first chef run
18/usr/bin/chef-client