Ee support (aws-samples#301)

* updating instructions for EE

* updating hugo package

* adding template files

* updating with syntax output

* fixing role name

* updating role/account language

* adding tabbed interface for iam related instructions

* updating bucket insructions

* fixing cleanup instructions

* disable spot chapter

* disable cicd/codepipeline chapter

* fixing role example

* reordering ssh to follow setting the default region

* clarifying role matching

content/batch/artifact.md

@@ -11,10 +11,16 @@ Argo uses an artifact repository to pass data between jobs in a workflow, known
 
 Let's create a S3 bucket using the AWS CLI.
 
-```bash
-ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account)
+{{< tabs name="Create S3 Bucket" >}}
+{{{< tab name="Workshop at AWS event" >}}
+This S3 bucket has been created for you.<br>
+
+You can proceed with the next step.
+{{< /tab >}}
+{{< tab name="Workshop in your own account" codelang="bash" >}}
 aws s3 mb s3://batch-artifact-repository-${ACCOUNT_ID}/
-```
+{{< /tab >}}}
+{{< /tabs >}}
 
 Next, edit the workflow-controller ConfigMap to use the S3 bucket.
 
@@ -36,17 +42,32 @@ data:
 ### Create an IAM Policy
 In order for Argo to read from/write to the S3 bucket, we need to configure an inline policy and add it to the EC2 instance profile of the worker nodes.
 
-Collect the Instance Profile, Role name, and Account ID from the CloudFormation Stack.
+First, we will need to ensure the Role Name our workers use is set in our environment:
+
+```bash
+test -n "$ROLE_NAME" && echo ROLE_NAME is "$ROLE_NAME" || echo ROLE_NAME is not set
 ```
-INSTANCE_PROFILE_PREFIX=$(aws cloudformation describe-stacks | jq -r '.Stacks[].StackName' | grep eksctl-eksworkshop-eksctl-nodegroup)
-INSTANCE_PROFILE_NAME=$(aws iam list-instance-profiles | jq -r '.InstanceProfiles[].InstanceProfileName' | grep $INSTANCE_PROFILE_PREFIX)
-ROLE_NAME=$(aws iam get-instance-profile --instance-profile-name $INSTANCE_PROFILE_NAME | jq -r '.InstanceProfile.Roles[] | .RoleName')
-ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account)
+
+If you receive an error or empty response, expand the steps below to export.
+
+{{%expand "Expand here if you need to export the Role Name" %}}
+If `ROLE_NAME` is not set, please review: [/eksctl/test/](/eksctl/test/)
+{{% /expand %}}
+
+```text
+# Example Output
+ROLE_NAME is eks-workshop-nodegroup
 ```
 
 Create and policy and attach to the worker node role.
 
-```
+{{< tabs name="Create IAM policy and attach to the worker node role." >}}
+{{{< tab name="Workshop at AWS event" >}}
+This IAM policy has been created for you  and has been attached to the correct role.<br>
+
+You can proceed with the next step.
+{{< /tab >}}
+{{< tab name="Workshop in your own account" codelang="bash" >}}
 mkdir ~/environment/batch_policy
 cat <<EoF > ~/environment/batch_policy/k8s-s3-policy.json
 {
@@ -66,7 +87,10 @@ cat <<EoF > ~/environment/batch_policy/k8s-s3-policy.json
 }
 EoF
 aws iam put-role-policy --role-name $ROLE_NAME --policy-name S3-Policy-For-Worker --policy-document file://~/environment/batch_policy/k8s-s3-policy.json
-```
+{{< /tab >}}}
+{{< /tabs >}}
+
+
 
 Validate that the policy is attached to the role
 ```

content/batch/cleanup.md

@@ -15,20 +15,16 @@ argo delete --all
 
 #### Remove Artifact Repository Bucket
 
-```bash
-ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account)
-aws s3 rb s3://batch-artifact-repository-${ACCOUNT_ID}/ --force
-```
+{{< tabs name="Delete S3 Bucket" >}}
+{{{< tab name="Workshop at AWS event" >}}
+This S3 bucket will be deleted for you.<br>
 
-#### Remove permissions for Artifact Repository Bucket
-```bash
-INSTANCE_PROFILE_PREFIX=$(aws cloudformation describe-stacks | jq -r '.Stacks[].StackName' | grep eksctl-eksworkshop-eksctl-nodegroup)
-INSTANCE_PROFILE_NAME=$(aws iam list-instance-profiles | jq -r '.InstanceProfiles[].InstanceProfileName' | grep $INSTANCE_PROFILE_PREFIX)
-ROLE_NAME=$(aws iam get-instance-profile --instance-profile-name $INSTANCE_PROFILE_NAME | jq -r '.InstanceProfile.Roles[] | .RoleName')
-ACCOUNT_ID=$(aws sts get-caller-identity --output text --query Account)
-
-aws iam delete-role-policy --role-name $ROLE_NAME --policy-name S3-Policy-For-Worker
-```
+You can proceed with the next step.
+{{< /tab >}}
+{{< tab name="Workshop in your own account" codelang="bash" >}}
+aws s3 rb s3://batch-artifact-repository-${ACCOUNT_ID}/ --force
+{{< /tab >}}}
+{{< /tabs >}}
 
 #### Undeploy Argo
 

content/cleanup/workspace.md

@@ -5,12 +5,7 @@ weight: 50
 ---
 
 Since we no longer need the Cloud9 instance to have Administrator access
-to our account, we can delete the role we created:
-
-  - Go to [the IAM Console](https://console.aws.amazon.com/iam/home?#/roles/eksworkshop-admin)
-  - Click **Delete role** in the upper right corner
-
-Finally, let's delete our Cloud9 EC2 Instance:
+to our account, we can delete the workspace we created:
 
 - Go to your [Cloud9 Environment](https://console.aws.amazon.com/cloud9/home)
 - Select the environment named **eksworkshop** and pick **delete**

content/codepipeline/_index.md

@@ -2,7 +2,7 @@
 title: "CI/CD with CodePipeline"
 chapter: true
 weight: 42
-draft: false
+draft: true
 ---
 
 # CI/CD with CodePipeline

content/codepipeline/change.md

@@ -2,7 +2,7 @@
 title: "Trigger New Release"
 date: 2018-10-087T08:30:11-07:00
 weight: 15
-draft: false
+draft: true
 ---
 #### Update Our Application
 

content/codepipeline/cleanup.md

@@ -2,7 +2,7 @@
 title: "Cleanup"
 date: 2018-10-087T08:30:11-07:00
 weight: 16
-draft: false
+draft: true
 ---
 
 Congratulations on completing the CI/CD with CodePipeline module.
@@ -32,10 +32,3 @@ select the bucket, then empty the bucket and finally delete the bucket:
 
 ![S3 Delete](/images/codepipeline/s3_delete.png)
 
-Finally, we are going to delete the IAM role created for CodeBuild to permit changes to the EKS cluster:
-
-```
-aws iam delete-role-policy --role-name EksWorkshopCodeBuildKubectlRole --policy-name eks-describe
-
-aws iam delete-role --role-name EksWorkshopCodeBuildKubectlRole
-```

content/codepipeline/codepipeline.md

@@ -2,7 +2,7 @@
 title: "CodePipeline Setup"
 date: 2018-10-087T08:30:11-07:00
 weight: 14
-draft: false
+draft: true
 ---
 
 Now we are going to create the AWS CodePipeline using [AWS CloudFormation](https://aws.amazon.com/cloudformation/).

content/codepipeline/configmap.md

@@ -2,7 +2,7 @@
 title: "Modify aws-auth ConfigMap"
 date: 2018-10-087T08:30:11-07:00
 weight: 11
-draft: false
+draft: true
 ---
 
 Now that we have the IAM role created, we are going to add the role to the [aws-auth ConfigMap](https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html)
@@ -11,8 +11,6 @@ for the EKS cluster.
 Once the ConfigMap includes this new role, kubectl in the CodeBuild stage of the pipeline will be able to interact with the EKS cluster via the IAM role.
 
 ```
-ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
-
 ROLE="    - rolearn: arn:aws:iam::$ACCOUNT_ID:role/EksWorkshopCodeBuildKubectlRole\n      username: build\n      groups:\n        - system:masters"
 
 kubectl get -n kube-system configmap/aws-auth -o yaml | awk "/mapRoles: \|/{print;print \"$ROLE\";next}1" > /tmp/aws-auth-patch.yml

content/codepipeline/forksample.md

@@ -2,7 +2,7 @@
 title: "Fork Sample Repository"
 date: 2018-10-087T08:30:11-07:00
 weight: 12
-draft: false
+draft: true
 ---
 
 We are now going to [fork](https://help.github.com/articles/fork-a-repo/) the sample Kubernetes service

content/codepipeline/githubcredentials.md

@@ -2,7 +2,7 @@
 title: "GitHub Access Token"
 date: 2018-10-087T08:30:11-07:00
 weight: 13
-draft: false
+draft: true
 ---
 
 In order for CodePipeline to receive callbacks from GitHub, we need to generate a personal access token.

content/codepipeline/role.md

@@ -2,7 +2,7 @@
 title: "Create IAM Role"
 date: 2018-10-087T08:30:11-07:00
 weight: 10
-draft: false
+draft: true
 ---
 
 In an AWS CodePipeline, we are going to use AWS CodeBuild to deploy a sample Kubernetes service.
@@ -14,10 +14,14 @@ to interact with the EKS cluster via kubectl.
 
 Create the role:
 
-```
-cd ~/environment
+{{< tabs name="Create IAM ROLE for CI/CD" >}}
+{{{< tab name="Workshop at AWS event" >}}
+This IAM role and policy has been created for you.<br>
 
-ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+You can proceed with the next step.
+{{< /tab >}}
+{{< tab name="Workshop in your own account" codelang="go" >}}
+cd ~/environment
 
 TRUST="{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"arn:aws:iam::${ACCOUNT_ID}:root\" }, \"Action\": \"sts:AssumeRole\" } ] }"
 
@@ -26,4 +30,6 @@ echo '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "
 aws iam create-role --role-name EksWorkshopCodeBuildKubectlRole --assume-role-policy-document "$TRUST" --output text --query 'Role.Arn'
 
 aws iam put-role-policy --role-name EksWorkshopCodeBuildKubectlRole --policy-name eks-describe --policy-document file:///tmp/iam-role-policy
-```
+{{< /tab >}}}
+{{< /tabs >}}
+

content/eksctl/launcheks.files/eksworkshop.yml.template

@@ -0,0 +1,40 @@
+#################################################
+# EKSCTL Config for EKSworkshop.com
+# The eksctl config format is still young.
+# Work in progress here: https://github.com/weaveworks/eksctl/issues/508
+# For more examples, see: https://github.com/weaveworks/eksctl/blob/master/examples
+#################################################
+
+apiVersion: eksctl.io/v1alpha4
+kind: ClusterConfig
+metadata:
+  name: eksworkshop-eksctl
+  region: ${AWS_REGION}
+
+#vpc:
+#  securityGroup: "sg-0f2ae54eb340e8191"
+#  sharedNodeSecurityGroup: "sg-02a47cee779b317a7"
+#  subnets:
+#    Private:
+#      eu-north-1c:
+#          id: "subnet-065fe8f12d0910d06"
+#          cidr: "10.1.128.0/19"
+#      eu-north-1b:
+#          id: "subnet-06ebc3649c1321fc5"
+#          cidr: "10.1.96.0/19"
+
+iam:
+  serviceRoleARN: "arn:aws:iam::${ACCOUNT_ID}:role/eks-workshop-service-role"
+
+nodeGroups:
+  - name: eksworkshop-ng1
+    desiredCapacity: 3
+#    instanceType: m5.large
+#    privateNetworking: true
+#    securityGroups:
+#      withShared: true
+#      withLocal: false
+#      attachIDs: [sg-0b85ff315ea644478]
+    iam:
+      instanceProfileARN: "arn:aws:iam::${ACCOUNT_ID}:instance-profile/eks-workshop-nodegroup"
+      instanceRoleARN: "arn:aws:iam::${ACCOUNT_ID}:role/eks-workshop-nodegroup"

content/eksctl/launcheks.md

@@ -13,8 +13,8 @@ weight: 20
 **How do I check the IAM role on the workspace?**
 
 {{%expand "Expand here to see the solution" %}}
-Run `aws sts get-caller-identity` and validate that your _Arn_ contains `eksworkshop-admin` or `modernizer-workshop-cl9
-` (or the role created when starting the workshop) and an Instance Id.
+Run `aws sts get-caller-identity` and validate that your _Arn_ contains `eksworkshop-admin` or `TeamRole` 
+(or the role created when starting the workshop) and an Instance Id.
 
 ```output
 {
@@ -26,7 +26,7 @@ or
 {
     "Account": "123456789012", 
     "UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef", 
-    "Arn": "arn:aws:sts::123456789012:assumed-role/modernizer-workshop-cl9/i-01234567890abcdef"
+    "Arn": "arn:aws:sts::123456789012:assumed-role/TeamRole/i-01234567890abcdef"
 }
 ```
 
@@ -37,9 +37,25 @@ If you do see the correct role, proceed to next step to create an EKS cluster.
 
 ### Create an EKS cluster
 
-To create a basic EKS cluster, run:
+To create a basic EKS cluster, we can start by downloading a config template:
+```output
+cd ~/environment
+wget https://eksworkshop.com/eksctl/launcheks.files/eksworkshop.yml.template
 ```
-eksctl create cluster --name=eksworkshop-eksctl --nodes=3 --node-ami=auto --region=${AWS_REGION}
+
+Next, let's fill in the template variables with values from our environment:
+```output
+envsubst <eksworkshop.yml.template >eksworkshop.yml
+```
+
+We can examine the rendered output by viewing `eksworkshop.yml`:
+```output
+cat eksworkshop.yml
+```
+
+Finally, now that we have the proper config generated, we can launch EKS:
+```output
+eksctl create cluster -f eksworkshop.yml
 ```
 {{% notice info %}}
 Launching EKS and all the dependencies will take approximately 15 minutes

content/eksctl/test.md

@@ -13,8 +13,7 @@ kubectl get nodes
 Export the Worker Role Name for use throughout the workshop
 
 ```bash
-INSTANCE_PROFILE_PREFIX=$(aws cloudformation describe-stacks | jq -r '.Stacks[].StackName' | grep eksctl-eksworkshop-eksctl-nodegroup)
-INSTANCE_PROFILE_NAME=$(aws iam list-instance-profiles | jq -r '.InstanceProfiles[].InstanceProfileName' | grep $INSTANCE_PROFILE_PREFIX)
+INSTANCE_PROFILE_NAME=$(aws iam list-instance-profiles | jq -r '.InstanceProfiles[].InstanceProfileName' | grep nodegroup)
 ROLE_NAME=$(aws iam get-instance-profile --instance-profile-name $INSTANCE_PROFILE_NAME | jq -r '.InstanceProfile.Roles[] | .RoleName')
 echo "export ROLE_NAME=${ROLE_NAME}" >> ~/.bash_profile
 

content/logging/cleanup.md

@@ -6,15 +6,9 @@ weight: 50
 
 ```
 cd ~/environment
-INSTANCE_PROFILE_PREFIX=$(aws cloudformation describe-stacks | jq -r '.Stacks[].StackName' | grep eksctl-eksworkshop-eksctl-nodegroup)
-INSTANCE_PROFILE_NAME=$(aws iam list-instance-profiles | jq -r '.InstanceProfiles[].InstanceProfileName' | grep $INSTANCE_PROFILE_PREFIX)
-ROLE_NAME=$(aws iam get-instance-profile --instance-profile-name $INSTANCE_PROFILE_NAME | jq -r '.InstanceProfile.Roles[] | .RoleName')
 kubectl delete -f ~/environment/fluentd/fluentd.yml
 rm -rf ~/environment/fluentd/
 aws es delete-elasticsearch-domain --domain-name kubernetes-logs
 aws logs delete-log-group --log-group-name /eks/eksworkshop-eksctl/containers
-aws iam delete-role-policy --role-name $ROLE_NAME --policy-name Logs-Policy-For-Worker
-aws iam detach-role-policy --role-name lambda_basic_execution --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-aws iam delete-role --role-name lambda_basic_execution
 rm -rf ~/environment/iam_policy/
 ```

content/logging/configurecwl.md

@@ -14,9 +14,13 @@ Original instructions for this are available at:
 
 http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_ES_Stream.html
 
-Create Lambda Basic Execution Role
+{{< tabs name="Create Lambda Basic Execution Role" >}}
+{{{< tab name="Workshop at AWS event" >}}
+This IAM Role has been created for you.<br>
 
-```
+You can proceed with the next step.
+{{< /tab >}}
+{{< tab name="Workshop in your own account" codelang="go" >}}
 cat <<EoF > ~/environment/iam_policy/lambda.json
 {
    "Version": "2012-10-17",
@@ -35,7 +39,8 @@ EoF
 aws iam create-role --role-name lambda_basic_execution --assume-role-policy-document file://~/environment/iam_policy/lambda.json
 
 aws iam attach-role-policy --role-name lambda_basic_execution --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-```
+{{< /tab >}}}
+{{< /tabs >}}
 
 Go to the [CloudWatch Logs console](https://console.aws.amazon.com/cloudwatch/home?#logs:)