Working with AWS¶
This guide covers setting up kindplane for AWS provider development.
Prerequisites¶
- AWS account with appropriate permissions
- AWS CLI configured (optional but recommended)
Configuration¶
Basic AWS Setup¶
cluster:
name: aws-dev
crossplane:
version: "1.15.0"
providers:
- name: provider-aws
package: xpkg.upbound.io/upbound/provider-aws:v1.1.0
credentials:
aws:
source: env
Family Providers (Smaller Footprint)¶
For a smaller memory footprint, use family providers:
crossplane:
version: "1.15.0"
providers:
- name: provider-aws-s3
package: xpkg.upbound.io/upbound/provider-aws-s3:v1.1.0
- name: provider-aws-iam
package: xpkg.upbound.io/upbound/provider-aws-iam:v1.1.0
- name: provider-aws-ec2
package: xpkg.upbound.io/upbound/provider-aws-ec2:v1.1.0
Credential Configuration¶
Using Environment Variables¶
Set your credentials:
export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
export AWS_REGION="eu-west-1" # Optional
Configure in kindplane:
Using AWS CLI Profile¶
If you use AWS CLI profiles:
Configure in kindplane:
Using Credentials File¶
Bootstrap and Verify¶
Expected output:
NAME INSTALLED HEALTHY PACKAGE AGE
provider-aws True True xpkg.upbound.io/upbound/provider-aws:v1.1.0 5m
Creating AWS Resources¶
S3 Bucket Example¶
apiVersion: s3.aws.upbound.io/v1beta1
kind: Bucket
metadata:
name: my-test-bucket
spec:
forProvider:
region: eu-west-1
providerConfigRef:
name: default
Apply and check:
RDS Instance Example¶
apiVersion: rds.aws.upbound.io/v1beta1
kind: Instance
metadata:
name: my-postgres
spec:
forProvider:
region: eu-west-1
instanceClass: db.t3.micro
engine: postgres
engineVersion: "15"
allocatedStorage: 20
username: admin
passwordSecretRef:
name: db-password
namespace: default
key: password
skipFinalSnapshot: true
providerConfigRef:
name: default
Using Compositions¶
Database Composition¶
Create an XRD:
apiVersion: apiextensions.crossplane.io/v1
kind: CompositeResourceDefinition
metadata:
name: xdatabases.aws.example.org
spec:
group: aws.example.org
names:
kind: XDatabase
plural: xdatabases
claimNames:
kind: Database
plural: databases
versions:
- name: v1alpha1
served: true
referenceable: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
size:
type: string
enum: [small, medium, large]
region:
type: string
required:
- size
Create a Composition:
apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: database-aws
labels:
provider: aws
spec:
compositeTypeRef:
apiVersion: aws.example.org/v1alpha1
kind: XDatabase
resources:
- name: rds
base:
apiVersion: rds.aws.upbound.io/v1beta1
kind: Instance
spec:
forProvider:
engine: postgres
skipFinalSnapshot: true
patches:
- fromFieldPath: spec.region
toFieldPath: spec.forProvider.region
- type: FromCompositeFieldPath
fromFieldPath: spec.size
toFieldPath: spec.forProvider.instanceClass
transforms:
- type: map
map:
small: db.t3.micro
medium: db.t3.small
large: db.t3.medium
Troubleshooting¶
Provider Unhealthy¶
Check provider status:
Check provider logs:
Invalid Credentials¶
If you see credential errors:
-
Verify credentials are correct:
-
Check the secret:
-
Reconfigure credentials:
Insufficient Permissions¶
If resources fail to create, check IAM permissions:
Look for error messages in the Status.Conditions.
Best Practices¶
- Use family providers for smaller footprint
- Test locally first before production
- Use skipFinalSnapshot for development resources
- Clean up resources with
kubectl deletebeforekindplane down - Use separate AWS accounts for development and production