Bootstrapping Chef with configs stored in S3

Bootstrapping Chef with configs stored in S3 for fun and profit!

Create an S3 bucket, upload client.rb and chef-validator.pem

Within IAM Roles, create a new role (I used “chef-client”) of AWS Service Roles - Amazon EC2 type, with the following policy:

 1 {
 2   "Version": "2012-10-17",
 3   "Statement": [
 4     {
 5       "Sid": "Stmt1405116665000",
 6       "Effect": "Allow",
 7       "Action": [
 8         "s3:ListBucket",
 9         "s3:GetObject"
10       ],
11       "Resource": [
12         "arn:aws:s3:::BUCKET-NAME",
13         "arn:aws:s3:::BUCKET-NAME/*"
14       ]
15     }
16   ]
17 }

Launch an EC2 Instance, specify the IAM Role you just created, and place the following in the user-data

 1 #!/bin/bash
 2 
 3 # install the omnibus client
 4 true && curl -L https://www.opscode.com/chef/install.sh | bash
 5 # make a directory for chef stuff
 6 mkdir /etc/chef
 7 
 8 # Using awscli because it does some voodoo magic with IAM Roles specififed on an EC2 instance
 9 easy_install pip
10 pip install awscli
11 
12 # grab our private key for talking to hosted chef
13 aws s3 cp --region AWS-REGION s3://BUCKET-NAME/chef-validator.pem /etc/chef/chef-validator.pem
14 # grab a minimal client.rb for getting the chef-client registered
15 aws s3 cp --region AWS_REGION s3://BUCKET-NAME/client.rb /etc/chef/client.rb
16 
17 #kick off the first chef run
18 /usr/bin/chef-client