Skip to main content
SaltStack Support

Using Salt Cloud with AWS

Amazon EC2 is a very widely used public cloud platform and one of the core platforms Salt Cloud has been built to support. The following example illustrates some of the options that can be set. These parameters are discussed in more detail below.

Setup the Amazon cloud provider file /etc/salt/cloud.providers.d/amazon.conf

# Note: This example is for /etc/salt/cloud.providers or any file in the
# /etc/salt/cloud.providers.d/ directory.

  # Set up the location of the salt master

  # Set the EC2 access credentials (see below)
  key: 'kdjgfsgm;woormgl/aserigjksjdhasdfgn'

  # Make sure this key is owned by root with permissions 0400.
  private_key: /etc/salt/my_test_key.pem
  keyname: my_test_key
  securitygroup: default

  provider: ec2

Access Credentials

Note:  The id and key settings may be found in the Security Credentials area of the AWS Account page:

Both are located in the Access Credentials area of the page, under the Access Keys tab. The id setting is labelled Access Key ID, and the key setting is labelled Secret Access Key.

Key Pairs

In order to create an instance with Salt installed and configured, a key pair will need to be created. This can be done in the EC2 Management Console, in the Key Pairs area. These key pairs are unique to a specific region. Keys in the us-east-1 region can be configured at:

Keys in the us-west-1 region can be configured at

...and so on. When creating a key pair, the browser will prompt to download a pem file. This file must be placed in a directory accessible by Salt Cloud, with permissions set to either 0400 or 0600.

Security Group

An instance on EC2 needs to belong to a security group. Like key pairs, these are unique to a specific region. These are also configured in the EC2 Management Console. Security groups for the us-east-1 region can be configured at:

...and so on.

A security group defines firewall rules which an instance will adhere to. If the salt-master is configured outside of EC2, the security group must open the SSH port (usually port 22) in order for Salt Cloud to install Salt.

Once the provider configuration file has been created you want to create a cloud instance profile.

Cloud Instance Profile

Set up an initial profile at /etc/salt/cloud.profiles:

 provider: amazon
 image: ami-a49665cc
 size: t1.micro
 ssh_username: ubuntu

 provider: amazon
 image: ami-018c9568
 size: t1.micro
 ssh_username: ubuntu

The profile can now be realized with a salt command:

# salt-cloud -p micro_ubuntu_12_4_ec2
# salt-cloud -p micro_ubuntu_14_4_ec2

This will create an instance named in EC2. The minion that is installed on this instance will have an id of If the command was executed on the salt-master, its Salt key will automatically be signed on the master.

Once the instance has been created with salt-minion installed, connectivity to it can be verified with Salt:

# salt ''
  • Was this article helpful?