I am fairly new to PowerShell!
What I am trying to do:
We have an auto-scaling group connecting to a 3rd party and they are only capable of IP whitelisting (I've suggested domain whitelisting to them), as such this is problem to auto-scaling instances. I am trying to assign free (unallocated) EIPs to auto-scaled instances.
I found this one: https://gist.github.com/cleydson/ff70493ef37cff03669e21ed37d90a8b
But I am not sure if there are any dependencies I need to install to the instance before I can start using it.
From what I've read so far, I need to:
Assign an IAM Role to the EC2 instance that allows it to perform the necessary EIP tasks
Put the powershell script inside an accessible directory in the instance
User Data script to call the powershell script inside the instance
Once all is working, I can then bake it into an AMI for use in auto-scaling.
Anyone can lead me further into the right direction? Thanks in advance!
EDIT UPDATE:
The script I found above was working properly when I ran inside the a PowerShell window inside the instance itself. So I made an AMI of the instance now, and have made a new Launch Config for the ASG.
My problem now is the user data doesn't seem to be called whenever a new instance is created. Below is my user data script:
<script>
PowerShell -ExecutionPolicy Bypass -Command c:\scripts\setEIP.ps1 "EIP1,EIP2,EIP3"
</script>
<persist>true</persist>
I put placers in for the EIPs. Any thoughts as to why the user data isn't called?
I finally solved it!
The reason why it was not being called was:
Initially "Enable UserData execution for next service start" was unchecked.
This is something to do with the EC2Config service installed inside the instance itself.
To summarize the solution:
Script above (https://gist.github.com/cleydson/ff70493ef37cff03669e21ed37d90a8b) was used and saved into the instance.
UserData execution was enabled inside the instance (C:\Program Files\Amazon\Ec2ConfigService\Ec2ConfigServiceSettings.exe)
UserData script to call the script inside, using -Command instead of the more popular -File
<script>
PowerShell -ExecutionPolicy Bypass -Command c:\scripts\setEIP.ps1 "EIP1,EIP2,EIP3"
</script>
<persist>true</persist>
Related
I'm working on migrating a VM from azure to AWS. I have successfully migrated using a migration service and it boots up a VM on completion. I had created an AMI out of that VM which also turned out to be successful. But when I try creating a ec2 or a autoscale group out of this ami, im unable to curl http://169.254.169.254/ or any of the ec2 metadata. This is due to the fact that the ec2i is using the gateway from the previous config from azure to make any internal network calls. When I run the InitializeInstance.ps1 script that comes inside the ec2, the instance is able to facilitate the right gateway and external ip etc.
But since I'm going to run them as autoscale groups, I cannot run this script everytime ASG spins up a new ec2 based on load. Hence I tried executing the script on 'User Data' part of the launch template that this ASG uses. But that doesnt seem to deliver expected results. Help me out in finding a way to solve this.
Ec2 launch template -- UserData:
<powershell> C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 </powershell>
Im assuming that the ec2 pulls the userdata scripts from 'http://169.254.169.254/latest/user-data' and since this gives out a timeout, its not able to execute the user data script. Correct me if Im wrong
Executing the script through the shell of the VM, but this is exhaustive and not a great practice
Using the User data in the ec2 launch template, but that apparently is not executing the listed scripts since I even tried a simple powershell script to create a new file. The file was never created.
<powershell> $file = $env:SystemRoot + "\Temp\" + (Get-Date).ToString("MM-dd-yy-hh-mm") New-Item $file -ItemType file </powershell>
Right now I am testing to see if I am able to write
touch test.txt
simply to another ec2 instance.
I have looked into both ssh and ssm but I do not understand where to begin the code. Any ideas to remotely send commands?
If you want to send a command remotely you can make use of the AWS run command functionality of SSM.
To do this you will need to ensure that you’re both running SSM agent and have a valid IAM role setup on the remote instance. The getting started section should help that.
Finally you can call the remote instance using the send-command function. Either create your own document or use the existing ‘AWS-RunShellScript’ document.
I've just created a new Launch Configuration to use with an Auto Scaling group. When a new EC2 instance is launched, I would like the script to be executed.
In details:
I have a script deploy.sh that updates my application code using git...
When a new instance is launched by Auto Scaling, it should execute the script that I've provided via User Data in the Launch Configuration (attached on autoscaling group).
My user data is:
#!/bin/bash
/home/ec2-user/deploy.sh
This doesn't work.
Can you check the permission of your deploy script?
You can login to the instance and check the logs of User Data execution. Logs are at /var/log/cloud-init-output.log
I've checked cloud-init-output.log and seems everything is okay.
I've done another test now and the new instance has the right code.
Probably there was a syntax error in launch configuration user data.
So, the right user data is
#!/bin/bash
/home/ec2-user/deploy.sh
Now I should add yum update before my custom script.
Using CloudFormation template, I brought up a Windows 2012 EC2 instance. Instance came up fine. I read that metadata related to this instance is all recorded in the Ec2config logs which is in one of the sub-folders of C:\Programfiles\Amazon\ directory.
Following are the steps that I am doing after EC2 instance comes up:
Rename the Administrator password (which doesn't work yet).
Set the time zone
Rename the hostname
Adding that server to the domain controller.
There should be some kind of logs on that EC2 instance about all these steps right? However, I can't find any. Any suggestions where I should be looking for the logs please?
You need to run cloud-init scripts to achieve all the tasks. I recommend writing PowerShell scripts for this.
Just refer the below repo, you will find useful template and scripts which do same activities.
https://github.com/aws-quickstart/quickstart-microsoft-sql
I would like to run a script to clear out a folder (ie: C:/myfolder) on Windows Server 2012. I thought about adding an item to the Startup Scripts list under Edit Group Policy, but this would clear out my folder any time any of my servers rebooted. I only want the folder cleared out on a new instance launch from an existing AMI.
What's the best way to achieve this?
The best way to achieve this is EC2 User Data, which is essentially a user-defined script that is executed during instance launch. On Windows, you can run user data as cmd or powershell. User Data is provided when you make a request to launch a new instance.
The existing AMI needs to be configured to run user data at launch. This can be managed from the EC2 Config Service, which Amazon provides pre-installed on community AMIs of Windows Server 2012. By default, the EC2 Config Service will execute the user data during the first launch, and then set itself to not execute user data again unless you manually change it to do so.
Here's an example from the AWS documentation where the caller is invoking Rename-Computer via powershell:
To empty out the folder without deleting the folder itself, your script will probably look something like this:
<powershell>
Remove-Item "C:\myfolder\*" -Force -Recurse
</powershell>
When running user data, it is important to be aware of what the cmdlets you're executing do, and particularly when to use the -Force flag to skip interactive prompts. Some cmdlets will situationally ask the client for input, and when you're executing user data that will cause your script to hang because this is being executed by the system user during startup.