# AWS

## 1. Declare secrets for AWS credentials

* From the menu, navigate to **configuration** -> **secrets**
* Click "**declare**"
* Give a name to your secret
* Select "**aws credentials**" as secret type
* Retrieve your tokens from your AWS account and fill-in the fields in the form:
  * aws\_access\_key\_id
  * aws\_secret\_access\_key
  * aws\_session\_token
* Click "**Save**"

## 2. Declare SSH keys

In order to connect securely to the linux targets once created, a pair of SSH keys must be generated and the **private key** must be transferred to the instances.

1. Generate a SSH key:

SSH keys can be generated from any machine running openSSH with the "ssh-keygen" command

Example:

```bash
$ ssh-keygen -b 4096 -m PEM -t rsa -f sshkey -q -N ""
```

2. Copy the content of the **private key** file:

```bash
##This is just an example, generate your own private key

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABASDILVb1
MiZ78g848c6Dk6KYwkJZXloSIruLe+Sid0Xd+Lb1rAxbwzAhXWRMzzBT5k3WciXk2fMhUD
p4YSahpYvquZK950aXiZNDOJpKZP8wjf4g4nQyiJZ/0G0J9mIaI2h/fr8TA67KHYtu/Eyf
PN9bKJwII3aiGlu5/Viq2cgYT8jJ01AK8cY3tSqKdlrN2GyxllBFl42QplbxA2USPJ1E6v
VIjtbmJjdz[...........................................]qAc4HxP02t/N2ZN
q+dDNWeShfVz4zjApPQCzdiGqLAlzUy67KNxQgljhaOEaYTQgrLE8XNGsIFNZwGvsEo/xZ
XnN2p
-----END OPENSSH PRIVATE KEY-----
```

3. Give an explicit name to your secret and paste the entirety of the **private key** into the corresponding field of the form.
4. Click "**Save**"

## 3. Declare your infrastructure

* From the menu, navigate to "**Infrastructures**"
* Click the "**declare**" button
* Give a name to your infrastructure (:warning: : "\_" character is not supported in infrastructure names)
* Select your provider ("**aws**" in the present example)
* Get the required information from your AWS account and fill-in the form with (see ["declare infrastructures"](https://dbi-services.gitbook.io/yak-user-doc/manage-infrastructures/manage-infrastructure#aws-settings) section for more details)::
  * **Region ID** (the AWS region where your instances will be deployed)
  * **Security Group ID** (your EC2 security group)
  * **Subnet ID** (your VPC subnet)
* Create infrastructure tags (optional)
  * Tags are key-value pairs applied to a resource to hold metadata about that resource.
  * Servers (AWS instances) inherit the tags from the infrastructure they belong to.
  * More info on AWS documentation :<https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/what-are-tags.html>
* Click "**Save**"

## 4. Attach your AWS and SSH secret

* From the menu, navigate to "**Infrastructures**"
* Select the AWS infrastructure in the list
* Click the "**Action**" button
* Click "**Attach secret**"
* Select the secret created in step 1 from the list
* Click "**Attach**"

:point\_up:Repeat the same operation to attach your SSH key

## 5. Declare a server

* Navigate to the "**Servers**" menu
* Click "**declare**"
* Give it a name
* Select the **infrastructure** to deploy your servers to
* Select an **image** to install\
  (YaK comes with a list of default images, but more images can be added manually - see [dedicated section](https://dbi-services.gitbook.io/yak-user-doc/configuration/images))
* Select a server **shape**\
  (YaK comes with a list of default shapes, but more shapes can be added manually - see [dedicated section](https://dbi-services.gitbook.io/yak-user-doc/configuration/shapes))
* Add custom tags as per your need (optional)
* IP address : fill in as per your need or use automatic IP with public address. Assign IP addresses according to your AWS strategy and internal rules.
* Admin access checkbox : This defines the IP address used to connect to the instance for configuration purpose.
* As the server is part of an infrastructure and secrets have been attached to this infrastructure, the server automatically inherits the secrets.
  * Secrets can be overriden at server level if required.

## 6. Deploy server

* Select your server(s) in the list
* Click "**Deploy**" from the "**Actions**" menu
* Confirm "**Deploy**" in the pop up box

## 7. Start your server

Once deployed to your provider, select your server(s) in the list and click the "**start**" button to start your server.

## 8. Job status

Status of your deployment can be followed from the "**Jobs**" menu.

{% hint style="warning" %}
To create a Windows Server on AWS, not only a cert\_key for winrm is required, but also a sshkey. This is specific to AWS and is required to recover the Windows Server Administrator password from AWS Portal.
{% endhint %}