home
Naukri Code 360
expand-more
Library
expand-more
DevOps
expand-more
Infrastructure as a Code
expand-more
Configuration Management
expand-more
Puppet
expand-more
Important Steps for AWS Opsworks in Puppet Enterprise
Table of contents
1.
Introduction
2.
Creating a PEM
2.1.
Using the AWS Management Console
2.2.
Using the AWS CLI
3.
Configuring the Puppet Master Using the Starter Kit
3.1.
Install the PMC
3.2.
Generate Short-term Token
4.
Set Up the Starter Kit Apache
5.
Adding Nodes for the Puppet Master to Manage
6.
Sign in to the Puppet Enterprise Console
7.
Frequently Asked Questions
7.1.
What is the OpsWorks stack?
7.2.
What are AWS artifacts?
7.3.
What is a puppet, and how it works?
8.
Conclusion
Last Updated: Mar 27, 2024
Easy

Important Steps for AWS Opsworks in Puppet Enterprise

Author Sagar Mishra
1 upvote
Career growth poll
Do you think IIT Guwahati certified course can help you in your career?

Introduction

Hey Ninjas! Have you ever heard about Amazon Cloud Service, aka AWS? AWS is a tool made up of many different cloud computing products and services. AWS helps companies with various workloads, such as game development, warehousing, and development.

Important Steps for AWS Opsworks in Puppet Enterprise

Today, we will learn one of the AWS topics: Important Steps for AWS Opsworks in Puppet Enterprise. If you are new to this, it is suggested to first go through the basics of AWS Opsworks for Puppet Enterprise.

Creating a PEM

PEM is Puppet Enterprise Master. The Puppet Master is a centralized configuration server with the definitions and instructions to install apps and server roles. There are ways to create Puppet Master.

⭐Using the AWS Management Console.

⭐Using the AWS CLI.

Let's discuss both one by one.

Using the AWS Management Console

Follow the steps given below to create a Puppet Enterprise Master using the AWS Management Console.

✍🏻 Now, sign in to the AWS Management Console and open the AWS OpsWorks console here.

✍🏻 Click on Go to OpsWorks for Puppet Enterprise on the home page.

✍🏻 Select Create Puppet Enterprise server.

Puppet Enterprise Server

✍🏻 Fill in the server name, server region, and EC2 instance type in Set name, region, and type.

✍🏻 You can either mention a key pair name in the Configure Server Page or leave the selection as default in the SSH key drop-down list. In case you have the private key, you can paste it into the R10K private key. It is not required if you are using HTTP Authentication. Click Next.

Configure Server Page

✍🏻 Leave the Specify server endpoint as the default unless you want a custom domain server for yourself. Go to the next step to configure a custom domain.

✍🏻 Provide a VPC, subnet, and one or more security groups in the Network and security area.

✍🏻 Set the day and time in the System Maintenance to the time when the server has low demands in working hours.

✍🏻 By default, Automated backup is turned on. You can disable it by clicking on No.

✍🏻 Click on Next when you are done with configuring the advanced setting.

✍🏻 Click on Launch after reviewing your choice in the Review Section.

Using the AWS CLI

The AWS CLI is AWS Command Line Interface, a tool that manages AWS services. AWS OpsWorks can create a simple security group for the user if they do not specify one in the AWS CLI. Note that it does not create a service role by default. You must give a service role ARN as part of your create-server command.

Install the AWS CLI if you do not have it in your system.

✒️ First thing you need while creating AWS CLI is a subnet ID, so you must have a VPC.

✒️ Now, you have to create a service role and an instance profile. For creating both of these, AWS Opsworks provides an AWS CloudFormation template. Run the command below to create the AWS CloudFormation stack.

aws cloudformation create-stack --stack-name OpsWorksCMRoles --template-url https://s3.amazonaws.com/opsworks-cm-us-east-1-prod-default-assets/misc/opsworks-cm-roles.yaml --capabilities CAPABILITY_NAMED_IAM

 

✒️ Now, Find and copy the ARNs of service roles in your account after you are done with AWS CloudFormation.

aws iam list-roles --path-prefix "/service-role/" --no-paginate

 

Make a note of the given service role ARNs entries. This will help you while creating the Puppet Enterprise Master.

{
    "AssumeRolePolicyDocument": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": "sts:AssumeRole",
                "Effect": "Allow",
                "Principal": {
                    "Service": "ec2.amazonaws.com"
                }
            }
        ]
    },
    "RoleId": "AROZZZZZZZZZZQG6R22HC",
    "CreateDate": "2022-10-16T20:42:20Z",
    "RoleName": "aws-opsworks-cm-ec2-role",
    "Path": "/service-role/",
    "Arn": "arn:aws:iam::000000000000:role/service-role/aws-opsworks-cm-ec2-role"
},
{
    "AssumeRolePolicyDocument": {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": "sts:AssumeRole",
                "Effect": "Allow",
                "Principal": {
                    "Service": "opsworks-cm.amazonaws.com"
                }
            }
        ]
    },
    "RoleId": "AROZZZZZZZZZZZZZZZ6QE",
    "CreateDate": "2022-10-16T20:42:20Z",
    "RoleName": "aws-opsworks-cm-service-role",
    "Path": "/service-role/",
    "Arn": "arn:aws:iam::000000000000:role/service-role/aws-opsworks-cm-service-role"
}

 

✒️ Now, Find the instance profile ARNs in your account and copy them.

aws iam list-instance-profiles --no-paginate

 

Make a note of the given instance profile ARNs entries. This will help you while creating the Puppet Enterprise Master.

{
    "Path": "/",
    "InstanceProfileName": "aws-opsworks-cm-ec2-role",
    "InstanceProfileId": "EXAMPLEDC6UR3LTUW7VHK",
    "Arn": "arn:aws:iam::123456789012:instance-profile/aws-opsworks-cm-ec2-role",
    "CreateDate": "2022-10-16T20:42:20Z",
    "Roles": [
        {
            "Path": "/service-role/",
            "RoleName": "aws-opsworks-cm-ec2-role",
            "RoleId": "EXAMPLEE4STNUQG6R22HC",
            "Arn": "arn:aws:iam::123456789012:role/service-role/aws-opsworks-cm-ec2-role",
            "CreateDate": "2022-10-16T20:42:20Z",
            "AssumeRolePolicyDocument": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": "ec2.amazonaws.com"
                        },
                        "Action": "sts:AssumeRole"
                    }
                ]
            }
        }
    ]
},

 

✒️ Run create-server to create the OpsWorks for Puppet Enterprise Master. 

aws opsworks-cm create-server --engine "Puppet" --engine-model "Monolithic" --engine-version "2019" --server-name "server_name" --instance-profile-arn "instance_profile_ARN" --instance-type "instance_type" --engine-attributes '{"PUPPET_ADMIN_PASSWORD":"ASCII_password"}' --key-pair "key_pair_name" --preferred-maintenance-window "ddd:hh:mm" --preferred-backup-window "ddd:hh:mm" --security-group-ids security_group_id1 security_group_id2 --service-role-arn "service_role_ARN" --subnet-ids subnet_ID

 

Let's understand the creation of PEM using an example.

aws opsworks-cm create-server \
    --engine "Puppet" \
    --engine-model "Monolithic" \
    --engine-version "2019" \
    --server-name "puppet-02" \
    --instance-profile-arn "arn:aws:iam::111122223333:instance-profile/aws-opsworks-cm-ec2-role" \
    --instance-type "m5.xlarge" \
    --engine-attributes '{"PUPPET_ADMIN_PASSWORD":"zZZzDj2DLYXSZFRv1d"}' \
    --key-pair "amazon-test" 
    --preferred-maintenance-window "Mon:08:00" \
    --preferred-backup-window "Sun:02:00" \
    --security-group-ids sg-b00000001 sg-b0000008 \
    --service-role-arn "arn:aws:iam::111122223333:role/service-role/aws-opsworks-cm-service-role" \
    --subnet-ids subnet-383daa71 \
    --tags [{\"Key\":\"Stage\",\"Value\":\"Production\"},{\"Key\":\"Department\",\"Value\":\"Marketing\"}]

 

✒️ This may take time. Do not close the tab, as it may contain important data that is not shown again.

Use the Endpoint attribute if you are using a custom domain. Here is an example.

"Endpoint": "puppet-07-exampleexample.opsworks-cm.us-east-1.amazonaws.com"

 

✒️ If you are not using the custom domain, you can directly go to the next step.

Now our section is to Configure the Puppet Master Using the Starter Kit.

Configuring the Puppet Master Using the Starter Kit

The Starter Kit carries a README file with data and examples defining how to finish setup and administrator credentials for the Puppet Enterprise console. Each time you download the Starter Kit, new credentials are created, and the old one gets invalidated.

Install the PMC

You must install the PMC (Puppet Master Certificate) to work with the Puppet master and add nodes to manage. Follow the command below to install the PMC.

aws --region region opsworks-cm describe-servers --server-name server_name --query "Servers[0].EngineAttributes[?Name=='PUPPET_API_CA_CERT'].Value" --output text > .config/ssl/cert/ca.pem

Generate Short-term Token

Although using the Puppet Enterprise console is not required, you must create a short-term token to use the Puppet API. Follow the command below to generate the token.

puppet-access login --config-file .config/puppetlabs/client-tools/puppet-access.conf --lifetime 8h

Set Up the Starter Kit Apache

The Starter Kit has two folders: control-repo and control-repo-example. Push the control-repo-example production branch to your Git remote and run the below command in your Starter Kit root directory.

cd  control-repo-example
git remote add origin r10kRemoteUrl
git push origin production

 

Deploy the code to download your Puppet code from your Git repository. 

puppet-code deploy --all --wait --config-file .config/puppet-code.conf

Adding Nodes for the Puppet Master to Manage

Follow the steps to add nodes for the Puppet Master to manage.

⭐ Sign in to your Puppet Enterprise console.

⭐ Go to the Configure < Classification < PE Master < Configuration tab.

⭐ Find the class puppet_enterprise::profile::master in the Configuration tab.

⭐ Make the value of the allow_unauthenticated_ca parameter true.

⭐ Save the changes. 

Sign in to the Puppet Enterprise Console

Follow the steps to sign in to the Puppet Enterprise Console.

⚡ Unzip the file that you downloaded in prerequisites.

⚡ Open the Properties page for your Puppet server in the AWS Management Console.

⚡ Select the Open Puppet Enterprise console at the upper right of the Properties page.

⚡ Sign in using the credentials.

⚡ Now, you can view all your managed nodes, module run progress, and events.

Frequently Asked Questions

What is the OpsWorks stack?

You can manage servers and apps on AWS and on-premises with AWS OpsWorks Stacks. You can model your app as a stack made up of various layers, such as load balancing, database, and app server, using OpsWorks Stacks.

What are AWS artifacts?

You can download AWS security and compliance papers, like SOC reports and ISO certifications, using the online service known as AWS Artifact. User's Guide explains the thought to make behind AWS Artifact and offers guidance on how to use its abilities.

What is a puppet, and how it works?

A puppet offers the ability to define the software and config that a system needs and then, after initial setup, maintain a given state. You use a declarative DSL to provide the config settings for a particular design or environment.

Conclusion

This article discusses the Important Steps for AWS Opsworks in Puppet Enterprise. In detail, we have seen the creation of PEM, configuring and setting up the puppet master using the Starter kit, adding nodes, and signing in to the PEC.

We hope this blog has helped you enhance your knowledge of AWS Opsworks for Puppet Enterprise. If you want to learn more, check out our articles.

⚡ AWS Transfer Family.

⚡ AWS Directory Service.

⚡ Amazon Macie.

And many more on our platform Coding Ninjas Studio.

Refer to our Guided Path to upskill yourself in DSACompetitive ProgrammingJavaScriptSystem Design, and many more! If you want to test your competency in coding, you may check out the mock test series and participate in the contests hosted on Coding Ninjas Studio!

But suppose you have just started your learning process and are looking for questions from tech giants like Amazon, Microsoft, Uber, etc. In that case, you must look at the problemsinterview experiences, and interview bundles for placement preparations.

However, you may consider our paid courses to give your career an edge over others!

Happy Learning!

Previous article
AWS Opsworks for Puppet Enterprise
Next article
Working with Servers in AWS Opsworks in Puppet Enterprise
Live masterclass
author
Beginner to GenAI Engineer Roadmap for 30L+ CTC at Amazon
by Shantanu Shubham
23 Feb, 2026
03:00 PM
discord 19+ registered
author
Zero to Data Analyst: Amazon Analyst Roadmap for 30L+ CTC
by Abhishek Soni
22 Feb, 2026
06:30 AM
discord 266+ registered
author
Top GenAI Skills to crack 30 LPA+ roles at Amazon & Google
by Sumit Shukla
22 Feb, 2026
08:30 AM
discord 60+ registered
author
Data Analysis for 20L+ CTC@Flipkart: End-Season Sales dataset
by Sumit Shukla
23 Feb, 2026
01:30 PM
discord 101+ registered
author
Beginner to GenAI Engineer Roadmap for 30L+ CTC at Amazon
by Shantanu Shubham
23 Feb, 2026
03:00 PM
discord 19+ registered
author
Zero to Data Analyst: Amazon Analyst Roadmap for 30L+ CTC
by Abhishek Soni
22 Feb, 2026
06:30 AM
discord 266+ registered
View more events