Published on 2 February 2016 by

I’m pleased to share with all of you our new white paper, AWS Node Lifecycle Management with Puppet. This white paper is an encapsulation of best practices using new capabilities we’ve added to Puppet over the last two years that make working with AWS or any cloud platform much easier. In it, we cover the latest technologies we’ve introduced and examples you can adapt to your own organization’s environment.

I wrote this paper to provide an example solution that can be implemented using these new technologies. It provides documentation, example code, and a workflow that can be used to make things easier when managing Amazon EC2 Instances in a Puppet environment.

In this paper, I cover the following:

  • Policy-based auto-signing. No more matching on hostname! CSR attributes and policy-based auto-signing make certificate management so much easier.
  • Secure data. AKA, trusted facts. We’ve added information to Puppet certificates to allow you to brand an agent’s certificate permanently with metadata that can be used to securely classify nodes instead of having to rely solely on the certificate name.
  • PE-specific integrations. Also included are examples that use Puppet Enterprise's agent installation process to streamline the installation of Puppet.

Alongside the paper, I’m providing a GitHub repo with a starter kit containing the example code used in the paper. We are starting this repository to consolidate all of the examples that currently live in gists or our community's mailing lists in one place. If you have a great example or suggestion on how these can be improved, please participate there!

If you want to learn more about Puppet and AWS, here are a few great talks from PuppetConf 2015.

Chris Barker is a technical solutions engineer at Puppet Labs.

Learn more

Share via:
Posted in:

I do, I wrote the first PL Puppet module for it. But it's been many many years since I've done any work on it. I think now though, you're better of using something like what Martin Alfke had written, originally described here:, the repo should be in the blog post, so perhaps if you have any questions about how it works I'd ask those developers.

The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.