Closed adhorn closed 5 years ago
setheliot
commented
5 years ago @adhorn , is this PR a stand-alone change to enable Injecting Chaos using SSM? We still need to upload the SSM documents. Will we have students do that as part of the lab? Looks like you plan to have it part of the setup since you added the Chaos-SSM policy to the WebAppLambdaRole
setheliot
commented
5 years ago Also should we replace AmazonEC2RoleforSSM with AmazonSSMManagedInstanceCore?
adhorn
commented
5 years ago @setheliot not a stand alone PR. It includes other stuff like the database in the webserver and new url path (/ and /data)
adhorn
commented
5 years ago Also should we replace
AmazonEC2RoleforSSMwithAmazonSSMManagedInstanceCore?
Not sure I understand. What do you mean? where?
setheliot
commented
5 years ago Also should we replace
AmazonEC2RoleforSSMwithAmazonSSMManagedInstanceCore?Not sure I understand. What do you mean? where?
@adhorn ...
SSM chaos injection only works when the EC2 instances have SSM permissions. They currently have AmazonEC2RoleforSSM which will work fine. But as per this it has been replaced by AmazonSSMManagedInstanceCore . I caught this because I noted it was AmazonSSMManagedInstanceCore you recommended using in your blog :-)
setheliot
commented
5 years ago looks good. Tested
DEPENDS ON https://github.com/setheliot/aws-well-architected-labs/pull/34 Please merge it before.
Addressing Issues #27 #17 #18
Adding Database write and read on path / an /data
Adding role to enable run command on the ec2 instances with tag:SSMTage:chaos-ready
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.