IBM Cloud Docs
Automating your AWS location setup with a Schematics template

Automating your AWS location setup with a Schematics template

Automate your AWS setup with templates that use IBM Cloud® Schematics to create a Satellite location, provision hosts in your AWS account, and set up the Satellite location control plane for you.

You can clone and modify these Terraform templates from the Satellite Terraform GitHub repository. Or, you can manually attach AWS hosts to a Satellite location.

For IBM Cloud Satellite to perform actions on your behalf in a cloud provider, you must provide credentials to the cloud provider. The credentials that you provide are stored and encrypted in etcd of the Satellite location management plane. For more information, see Securing your data.

Creating your location with a Schematics template

Before you begin, make sure that you have the correct IBM Cloud permissions to create locations, including to Satellite and Schematics. To create the template and manage its resources, Satellite automatically creates an IBM Cloud IAM API key. You can optionally provide the value of an existing API key that has the correct permissions in the same account.

Do not reuse the same name for multiple locations, even after the other location is deleted. If you use the same name 5 times or more within 7 days, you might reach the Let's Encrypt Duplicate Certificate rate limit.

  1. In your AWS cloud provider, set up your account credentials.
  2. From the Satellite console, click Create location.
  3. In the Setup section, click Amazon Web Services.
  4. In the AWS credentials section, enter the AWS access key ID and AWS secret access key values that you previously created.
  5. Click Fetch options from AWS.
  6. Review the Satellite location details. If you edited the AWS EC2 instances, you might want to click the Edit pencil icon to change details such as the description, API key, or IBM Cloud multizone region that the location is managed from.
  7. In the Summary pane, review the cost estimate.
  8. Click Create location. Your location might take about 30 minutes to finish provisioning.
  9. Optional: To review the provisioning progress, review the logs in the Schematics workspace that is automatically created for you.
    1. Click Manage in Schematics. If you see an error, navigate to the Schematics workspaces console and click the name of your workspace, such as us.east.cartOrder....
    2. From the Activity tab, find the current activity row and click View log to review the log details.
    3. Wait for the Schematics action to finish and the workspace to enter an Active state.

Well done, your Satellite location is creating! You can review the Satellite console to see when your location is in a Normal state and ready to use.

What does this template create?

The following resources are created by the template in your AWS cloud account.

  • 1 virtual private cloud (VPC).
  • 1 subnet for each of the 3 zones in the region.
  • 1 security group to meet the host networking requirements for Satellite.
  • 6 RHEL 8 EC2 instances, spread evenly across zones, or the number of hosts that you specified.

The following resources are created by the template in your IBM Cloud account.

  • 1 Satellite location.
  • 3 Satellite hosts that represent the EC2 instances in AWS, attached to the location and assigned to the Satellite location control plane.
  • 3 Satellite hosts that represent the EC2 instances in AWS, attached to the location, unassigned, and available to use for services such as a Red Hat OpenShift cluster. If you added more than 6 hosts, If you added more than 6 hosts, the additional hosts are unassigned and available for use in the control plane or by services.

If you are using this template for demonstration purposes, do not assign all your hosts to your control plane. Hosts that are assigned to the control plane cannot be used for other purposes, such as worker nodes for your cluster. For more information, see Understanding Satellite locations.

AWS credentials

Retrieve the Amazon Web Services (AWS) credentials that Satellite can use to create Satellite resources in your AWS cloud on your behalf.

  1. Verify that you have the required permissions in your AWS account to create a Satellite location from a template.
  2. Create a separate IAM user that is scoped to EC2 access.
  3. Retrieve the access key ID and secret access key credentials for the IAM user.
  4. Optional: To provide the credentials during the creation of a Satellite location, format the credentials in a JSON file. The client_id is the ID of the access key and the client_secret is the secret access key that you created for the IAM user in AWS.
    {
    "client_id":"string",
    "client_secret": "string"
}

I created a Satellite location, what's next?

Now that your Satellite location is set up, you are ready to start using IBM Cloud services.

  1. Add compute capacity to your location by attaching more hosts to the location so that you can run Satellite-enabled IBM Cloud service.
  2. Create a Satellite-enabled IBM Cloud service, such as a Red Hat OpenShift cluster. You assign the additional hosts that you previously attached as worker nodes to provide the compute power for the cluster. You can even register existing Red Hat OpenShift clusters to your location to use as deployment targets.
  3. Manage your applications with Satellite Config.
  4. Create Satellite cluster storage templates.
  5. Learn more about the Satellite Link component and how you can use endpoints to manage the network traffic between your location and IBM Cloud.

Need help? Check out Getting support where you can find information about cloud status, issues, and logging; contacting support; and setting your email notification preferences for IBM Cloud platform-related items.