homeblogprovision aws infrastructure using puppet

Provision AWS Infrastructure using Puppet

Today we’re releasing a preview of a new approach to managing your AWS infrastructure with Puppet, the Puppet Labs AWS module. This module allows you to describe the components of your infrastructure using the Puppet language, and then lets you create that infrastructure in AWS. If you’ve ever found yourself manually launching new instances or forgetting to create a new security group this should help.

Amazon Web Services is Amazon’s popular infrastructure as a service platform, providing the compute power, storage and networks for customers all around the world. Puppet has had support for provisioning AWS instances using the Cloud Provisioner tool for a while, but that is simply a command line interface, it didn’t allow you to describe your infrastructure in code.

Show me the code

The best way of understanding this new approach is to see some sample code:

ec2_securitygroup { 'sample-group':
  ensure      => present,
  region      => 'us-west-1',
  description => 'Group used for testing Puppet AWS module',

ec2_instance { 'sample-instance':
  ensure            => present,
  region            => 'us-west-1',
  availability_zone => 'us-west-1a',
  image_id          => 'ami-696e652c',
  instance_type     => 't1.micro',
  security_groups   => ['sample-group'],

ec2_loadbalancer { 'sample-load-balancer':
  ensure             => present,
  region             => 'us-west-1',
  availability_zones => ['us-west-1a', 'us-west-1b'],
  instances          => ['sample-instance', 'another-instance'],
  security_groups    => ['sample-group'],
  listeners          => [{
    protocol => 'tcp',
    port     => 80,

The above describes an instance, security group and load balancer in AWS. Running the above code would ensure that they all exist, and if they don’t would create them. Run it again and we have a way of asserting our infrastructure is as we intended.

For more examples, and full installation instructions check out the code at https://github.com/puppetlabs/puppetlabs-aws.

Why Puppet?

At its heart Puppet is a domain specific language for describing how resources relate to each other, and then making that description a reality. For most people those resources are files, packages and services that live on an individual server. But it’s also possible to extend Puppet with types and providers to manage higher level resources like network devices, Google Compute Engine or the OpenStack platform.

Familiar DSL

For those already using Puppet to manage infrastructure the above code samples should look very familiar, even if the resources are new. This is a huge advantage, as you don’t need to learn an entire new syntax to get started. The maturity of the DSL also means you can take advantage of tools built around it, for instance writing tests using rspec-puppet or syntax highlighting in your editor of choice.

Declarative vs. Imperative

Unlike the original Cloud Provisioner this module takes a more declarative approach. Describe how you want your infrastructure to look and run the code to make it so. This has lots of advantages, from facilitating team discussion to demonstrating compliance and testing. Changes can take advantage of processes like version control, code review and continuous integration, too.

The Future

This initial release only supports the basic features of instances, security groups and load balancers, but we’re busy working on adding more resources, and more properties to existing resources. We’re also planning on testing with larger environments and improving the performance at scale.

More interesting than just supporting more of the AWS API we’ll be looking to integrate this with other parts of Puppet too, from working on improving certificate signing in dynamic environments to bootstrapping entire Puppet managed clusters with one command. We have lots of ideas.

This is an early release, we’re purposefully shipping before we have a fully baked product to get feedback from early adopters and people who would use it if only it had this one extra feature. Please take a minute to tell us what features you'd like to see next.


Please try the module out and let us know what you think. Ask on any of our community channels or report issues at https://github.com/puppetlabs/puppetlabs-aws.