BOSH-lite on AWS with BOSH Deployment


With BOSH CLI v2, the Cloud Foundry Foundation invented a new, easy and fast way to deploy a BOSH director on all supported platforms with just one deployment.
BOSH Lite is only supported for local machines. The BOSH CLI v2 provides ways to manipulate manifests without changing them. With a combination of the AWS and the BOSH Lite config it is easy to deploy BOSH Lite on AWS for example.
To apply changes of the structure to a manifest BOSH CLI v2 uses operations files. The files contains single operations which will be serial applied to the original manifest. So it is possible to add, remove or manipulate settings.

How to Prepare the Environment

First of all we need to create an environment on AWS where we can deploy the BOSH director. provides a detailed manual to do that. Notice the

  • Region
  • AZ
  • default_key_name
  • download the private key and remember its location
  • subnet
  • default_security_group

If you decide to not use a jumphost inside the AWS environment to create the BOSH director, you also need an Elastic IP, see this capture for more information on this topic. In our example we will not use a jumphost.

Deploy the BOSH Director

The main difference between a regular BOSH director and a BOSH Lite is, BOSH Lite creates containers instead of VMs.This is perfect for testing purposes. Do not use this for any production environment.
Simply apply the ops files for BOSH Lite bosh-lite.yml and bosh-lite-runc.yml to the bosh.yml manifest.

$ export ACCESS_KEY_ID=AKI...
$ export DIRECTOR_NAME=bosh-lite
$ export REGION=eu-west-1
$ export AZ=eu-west-1a
$ export DEFAULT_KEY_NAME=aws-bosh-lite
$ export PRIVATE_KEY=~/Downloads/aws-bosh-lite.pem
$ export SUBNET_ID=subnet-.....
$ export EXTERNAL_IP=xx.xx.xx.xx
$ bosh create-env ../bosh-deployment/bosh.yml \
	--state=state.json \
	--vars-store=creds.yml \
	-o ../bosh-deployment/aws/cpi.yml \
	-o ../bosh-deployment/bosh-lite.yml \
	-o ../bosh-deployment/bosh-lite-runc.yml \
	-o ../bosh-deployment/jumpbox-user.yml \
	-o ../bosh-deployment/external-ip-with-registry-not-recommended.yml \
	-v director_name=$DIRECTOR_NAME \
	-v internal_cidr= \
	-v internal_gw= \
	-v internal_ip= \
	-v access_key_id=$ACCESS_KEY_ID \
	-v secret_access_key=$SECRET_ACCESS_KEY \
	-v region=$REGION \
	-v az=$AZ \
	-v default_key_name=$DEFAULT_KEY_NAME \
	-v default_security_groups='[$DEFAULT_SECURITY_GROUP]' \
	--var-file private_key=$PRIVATE_KEY \
	-v subnet_id=$SUBNET_ID \
	-v external_ip=$EXTERNAL_IP

Using the BOSH Director

After the director is deployed, this will take some minutes, you can start using it. First create an alias for the environment.

$ bosh -e $EXTERNAL_IP --ca-cert < (bosh int creds.yml --path /director_ssl/ca) alias-env aws-lite

Then you can connect to the director and start using it.

$ export BOSH_CLIENTadmin 
$ export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password` 
$ export BOSH_ENVIRONMENT=aws-lite

SSH into the BOSH Director VM

You can ssh into the BOSH director VM with a jumpbox user, which is created by this ops file jumpbox-user.yml. See this documentation for further information.
Extract the private key and store it in a file.

$ bosh int creds.yml --path /jumpbox_ssh/private_key > ~/.ssh/aws-bosh-lite-jumpbox.pem
$ chmod 600~/.ssh/aws-bosh-lite-jumpbox.pem

Enter the VM with ssh.

$ ssh jumpbox@$EXTERNAL_IP -i ~/.ssh/aws-bosh-lite-jumpbox.pem

Certainly you can add a configuration into your ssh config.

$ vi ~/.ssh/config
host aws-bosh-lite
	user jumpbox
	port 22
	identityfile ~/.ssh/aws-bosh-lite-jumpbox.pem
$ ssh aws-bosh-lite

One thought on “BOSH-lite on AWS with BOSH Deployment

  1. Hi – thanks very much for putting this together. I’m running it now, so far so good.

    One thing I had to change: it didn’t like the way that $DEFAULT_SECURITY_GROUP was passed in, and failed the first time on that. I just hardcoded that value and now it’s past that point. Maybe it’s about the single quotes being pasted from this blog post, not sure, but wanted to give you that feedback.

    Again thanks – very helpful.

Leave a Reply

Your email address will not be published.