I have a CloudFormation template that creates an EC2 instance with an UserData script that should be assigned with the LaunchUserData
parameter:
AWSTemplateFormatVersion: '2010-09-09'
Description: Create an AMI from an EC2 instance.
Parameters:
LaunchUserData:
Description: Base64-encoded user data to launch EC2 instances.
Type: String
GitSSHKey:
Description: Git SSH key
Type: String
Resources:
LaunchEc2:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref ImageId
InstanceType: !Ref InstanceType
UserData: ...
LaunchUserData
is a bash script that will reference some of the stack's parameters and resources:
#!/bin/bash
GIT_SSH_KEY=${GitSshKey};
echo "$GIT_SSH_KEY" | base64 -d > $HOME/.ssh/id_rsa;
echo ${AWS:Region};
I want to create the stack via CLI as follows:
GIT_SSH_KEY="somesshkey"
LAUNCH_USERDATA=$(jq -Rs . < $PWD/templates/launch)
STACK_ID=$(aws cloudformation create-stack \
--stack-name test \
--template-body file://$CLOUD_FORMATION_FILE \
--parameters \
ParameterKey=GitSSHKey,ParameterValue="$GIT_SSH_KEY" \
ParameterKey=LaunchUserData,ParameterValue="$LAUNCH_USERDATA" \
--output text \
--query 'StackId');
The LaunchUserData
script, once interpreted, must reference and substitute its ${}
variables with parameters and resources of the current stack, hence, when the user-data script is retrieved (and executed) within the EC2 instance, it should look like this:
$ curl http://169.254.169.254/latest/user-data
#!/bin/bash
GIT_SSH_KEY=somesshkey;
echo "$GIT_SSH_KEY" | base64 -d > $HOME/.ssh/id_rsa;
echo us-east-1;
Note how the script might also reference other CloudFormation resources.
How can I correctly pass LaunchUserData
parameter to UserData without hard-coding it into the template?
You could do something like this:
AWSTemplateFormatVersion: '2010-09-09'
Description: Create an AMI from an EC2 instance.
Parameters:
LaunchUserData:
Description: Base64-encoded user data to launch EC2 instances.
Type: String
GitSSHKey:
Description: Git SSH key
Type: String
Resources:
LaunchEc2:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref ImageId
InstanceType: !Ref InstanceType
UserData:
Fn::Base64: !Sub |
#!/bin/bash
export GitSshKey="${GitSSHKey}"
echo "${LaunchUserData}" | base64 -d | bash
so decode the parameter and pipe it to bash.
Do note however that http://169.254.169.254/latest/user-data
will always return whatever is present in the template itself.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments