We are going to launch an instance in which we will install all of the software that the different nodes that make up our cluster will need. We will then create an AMI, or Amazon machine image, that we can use to launch the nodes on our cluster.
First, we create a security group for this instance, as follows:
$ K8S_AMI_SG_ID=$(aws ec2 create-security-group \
--group-name k8s-ami \
--description "Kubernetes AMI Instances" \
--vpc-id $VPC_ID \
--query GroupId \
--output text)
We will need to be able to access this instance from our bastion host in order to log in and install software, so let's add a rule to allow SSH traffic on port 22 from instances in the ssh-bastion security group, as follows:
$ aws ec2 authorize-security-group-ingress \
--group-id $K8S_AMI_SG_ID \
--protocol tcp \
--port 22 \
--source-group...
