{"id":2122,"date":"2021-01-08T12:21:25","date_gmt":"2021-01-08T11:21:25","guid":{"rendered":"https:\/\/blog.besharp.it\/?p=2122"},"modified":"2023-02-22T17:19:02","modified_gmt":"2023-02-22T16:19:02","slug":"new-aws-ec2-mac-instances-a-ci-cd-test-bench","status":"publish","type":"post","link":"https:\/\/blog.besharp.it\/new-aws-ec2-mac-instances-a-ci-cd-test-bench\/","title":{"rendered":"New AWS EC2 Mac Instances: our test bench with CI\/CD"},"content":{"rendered":"\n
During the last AWS re:Invent, AWS made one of the most discussed announcement, that \u2014 on paper \u2014 opens a lot of new scenarios: AWS EC2 Mac Instances! At this point \u2014 assuming that you never heard about Amazon EC2 Mac Instances hardware specifications \u2014 you may wonder what are the supported sizes. Well, as far as now, you can forget the word “choice”: AWS allows you to run only one size of Mac Instances. mac1.metal instances’ hardware specifications tell us that they’re powered by an Intel Coffee Lake processor running at 3.2 GHz \u2014 that can burst up to 4.6 GHz \u2014 and 32 GiB of memory. As explained by Jeff Barr in the AWS News Blog, instances run in a VPC, include ENA networking, and are natively Optimized for communication with EBS volumes, supporting I\/O intensive workloads.<\/p>\n\n\n\n In my daily routine, my working partner is a macOS laptop that I had to update to the new macOS Big Sur operating system. So far it didn’t bring me tangible enhancements, but it’s quite a best-practice to keep your system up to date, at least on your workstation. AWS EC2 Mac Instances come with a limitation in that sense: only Mojave or Catalina macOS versions can be selected. Mojave and Catalina AMIs come with the AWS CLI, Command Line Tools for Xcode, Homebrew, and SSM Agent already installed. AWS is working to add support for Big Sur, and for Apple M1 Chip.<\/p>\n\n\n\n Now, let’s focus on what I like the most: practical use cases!<\/p>\n\n\n\n I started my career as a developer, and I guess every developer’s mind made \u2014 at least \u2014 an association between this announcement and the possibility to automate building, testing, and signing of macOS and iOS applications.<\/p>\n\n\n\n During the last year, my team has been developing an Open-Source Desktop Application that manages local credentials to access complex Cloud Environments. Our application is written in TypeScript, interpreted by Node.js. We used Angular as our development framework, which runs on top of an Electron engine for cross-platform compatibility.<\/p>\n\n\n\n Electron comes with a native application builder, called electron-builder, that we used to write custom build scripts in our package.json file, which contains dependencies specifications too. We wrote custom scripts to build Linux, Windows, and macOS binaries.<\/p>\n\n\n\n In order to build the macOS binary, the script needs to have access to the Signing Certificate and to the Apple Notarisation Password. They allow, respectively, to sign and notarize the macOS binary. We usually store these secrets in our macOS Keychain, run the build scripts on our local environments, and manually upload the artifacts on our GitHub repository as a new release. This is a common practice adopted by many developers when building macOS or iOS applications.<\/p>\n\n\n\n This process is slow, cumbersome, and may lead to human errors. But hey, there seems to be a new opportunity out there for us. What better Use Case for the new Amazon EC2 Mac Instances than building our application’s macOS binary?<\/p>\n\n\n\n It’s time to focus on how I set up the test bench. We will go through the following steps:<\/p>\n\n\n\n The first thing we’ve to do to get our pipeline set up consists of the creation of the Amazon EC2 Mac Instance on which we’re going to install and configure Jenkins.<\/p>\n\n\n\n Let’s jump into the AWS console!<\/p>\n\n\n\n As for any other EC2 instance, the launch wizard of a mac1.metal kicks off from EC2 console, in the “Instances” section. As many of you already know, here you can find the list of EC2 instances available and \u2014 among the others \u2014 the menu needed to launch a new instance.<\/p>\n\n\n\n Since the 30 November 2020, the AMI list is richer: indeed, it shows both Mojave and Catalina AMIs; for our purposes, I choose Catalina.<\/p>\n\n\n\n To allow the installation of the heavy-weight Xcode \u2014 which provides some critical build tools \u2014 attach an EBS root volume with an appropriate size to the instance; in my case, I choose to attach a 100GiB-sized EBS volume.<\/p>\n\n\n\n Before diving into Mac Instance access types, remember to setup Security Group rules that allow you to reach it through SSH and VNC. Moreover, I configured a rule to allow access through my browser to port 8080 of the instance, i.e. the one associated with the Jenkins service. Since I decided to run the instance in a public subnet, I restricted access to the instance only to my IP address.<\/p>\n\n\n\n DISCLAIMER: it works, but please note that the setup I used \u2014 in terms of networking \u2014 cannot be considered production-ready! To make it more secure, it is enough to move the Mac Instance inside a private subnet, and place an OpenVPN server in the public subnet; that way, the mac1.metal instance is no more exposed directly to the internet and we can access it by the means of the OpenVPN server.<\/p>\n\n\n\n In the last step of the instance creation wizard, we’ve to choose whether to select an existing .pem key or to create a new one to access the instance via SSH. That’s the first access type available, and it’s no different from SSH access to an Amazon Linux instance; indeed, the username for Mac Instances is ec2-user.<\/p>\n\n\n\n
Don’t worry, we will deepen one of these scenarios later on in this blog post, but let’s first introduce this new instance type.
Amazon EC2 Mac Instances come with an 80s name, which makes them more attractive to those of you who are a little bit older than me?
They’re called mac1.metal<\/strong> instances.
Talking about hardware, Amazon EC2 Mac Instances are backed by Mac mini hosts, that rely on AWS Nitro controllers to connect with AWS network infrastructure and services. The interesting point is that Mac Instances are connected to the Nitro System through the Thunderbolt 3 interface. I used the term “host” to highlight the fact that we’re not dealing with Virtual Machines, but with Dedicated Hosts; whenever I decide to run an Amazon EC2 Mac Instance, AWS provisions a concrete Mac mini host for my purposes.<\/p>\n\n\n\nmac1.metal \u2014 the specs<\/h3>\n\n\n\n
A practical Use Case<\/h3>\n\n\n\n
\n
Launch a mac1.metal instance<\/h3>\n\n\n\n
When it comes to choosing the instance type, there is only one available, called mac1.metal. As we already know, it is characterized by 12 vCPUs running at 3.2GHz and 32GiB of memory. If you think of it as your workstation it does not sound that weird!<\/p>\n\n\n\n
In the rest of the wizard, we can treat our Mac Instance like any other instance type; the only thing that we should take particular attention to is the tenancy. We’re going to launch the instance on a Dedicated Host that we can request \u2014 on a separate tab \u2014 during the instance creation process. Even for the Dedicated Host, we’ve to specify mac1.metal as the type of instances that can be launched on it.<\/p>\n\n\n\n
For the sake of this proof of concept, I decided to run the instance in a public subnet, and enable Public IP auto-assignment.<\/p>\n\n\n\nWhat about access types?<\/h3>\n\n\n\n