Salt Server via CloudFormation

Brett Gillett

Recently, I’ve been preparing for the AWS Developer Professional Certification. During my prep work, I’ve been reading quite a bit about “Infrastructure as Code.” via CloudFormation and wanted to implement some of the concepts that I had been reading about by working them into a project.

I decided that the project would be to stand up a SaltStack Master server in a VPC by using CloudFormation. Relatively speaking it was quite easy. The most difficult part was figuring out the cfn-init section of the templates responsible for installing the Salt server.

SaltStack architecture in AWS Building a SaltStack server in AWS with CloudFormation

I’ve made the templates available on GitHub, so if you’re interested in checking it out download a copy and give it a whirl. Just a quick word of caution. This worked for me in my testing environment, but I can’t guarantee that it’ll work for you. I highly recommend testing it somewhere safe before running it in your production environment.

I’ve attempted to make the template as flexible as possible. It should run in ten regions, and can use several different instance types and sizes for the SaltStack server. In this version the bastion host is configured to run on the same sized instance as the Salt Server.

Here’s what the template will build

  • A Virtual Private Cloud (VPC) in a single Availability Zone (AZ) with two subnets - one public and one private.
  • An EC2 instance in the private subnet for your Salt Server and an EC2 instance in the public subnet that will act as a ‘bastion’ host.
  • Security groups for both the Salt server and the bastion host.
  • It will also create a NAT Gateway and assign an Elastic IP Address to the ‘bastion’ host.
  • It creates an IAM role and sets a default policy for the SaltStack server.
  • Finally, it patches the Salt server and installs the SaltStack application.

Brett Gillett


Like what you read? Why not subscribe to the weekly Orbit newsletter and get content before everyone else?