We Keep Coding

Using cfn-init, ec2 instance keeps stopping when

Trying to test cfn-init with an AWS Linux AMI. The instance is getting created but automatically stopping. Even if I try to manually start the instance, it immediately stops itself. Not sure what I'm doing wrong that the instance is stopping like that. All I'm doing is trying to test this out and setting up a file with cfn-init. This is taken from a template I found online. Any help's appreciated.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"VPC": {
"Type": "AWS::EC2::VPC::Id",
"Description": "Select the VPC where the EC2 instances will be created",
"ConstraintDescription": "must be an existing VPC"
},
"LinuxSubnet": {
"Type": "AWS::EC2::Subnet::Id",
"Description": "Select subnet for Linux Instance",
"ConstraintDescription": "must be an existing subnet"
},
"RemoteAccessCIDR": {
"Description": "CIDR block to allow access to linux instances",
"Type": "String",
"Default": "10.255.0.0/16",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
},
"LinuxInstanceType": {
"Default": "t2.micro",
"Description": "Amazon EC2 Linux Instance Type",
"Type": "String"
},
"LinuxSecurityGroupIds": {
"Type": "String",
"Description": "Name of security group to use",
},
"LinuxSSHPort": {
"Description": "SSH Port Number on Linux client",
"Type": "Number",
"Default": 22,
"ConstraintDescription": "must be 22 or a number from 1024 to 65535"
},
"LinuxVolumeSize": {
"Description": "Size of EBS volume for Linux instance in GB",
"Type": "Number",
"Default": 8,
"ConstraintDescription": "must be 8 or higher"
},
"KeyPair": {
"Description": "Name of existing EC2 key pair for Linux Instances",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Resources": {
"TestMachine": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"configSets": {
"CreateStuff": "CreateFile"
},
"CreateFile" : {
"files": {
"/tmp/testing.txt": {
"content": "hopefully this works",
"mode": "0755",
"owner": "root",
"group": "root"
}
}
}
}
},
"Properties": {
"ImageId": "ami-0533f2ba8a1995cf9",
"InstanceType": {
"Ref": "LinuxInstanceType"
},
"SubnetId": {
"Ref": "LinuxSubnet"
},
"SecurityGroupIds": [{
"Ref": "LinuxSecurityGroupIds"
}],
"KeyName": {
"Ref": "KeyPair"
},
"Tags": [
{
"Key": "Automatic Patches",
"Value": "True"
},
{
"Key": "Description",
"Value": "Service-Catalog-EC2-Reference-Architecture"
},
{
"Key": "acr:CostCenter",
"Value": "986002"
},
{
"Key": "acr:Project",
"Value": "aws infrastructure general"
},
{
"Key": "Name",
"Value": "cfn-init-vm1"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"Encrypted": "true",
"DeleteOnTermination":"true",
"VolumeSize": {
"Ref": "LinuxVolumeSize"
}
}
}
],
"UserData": {
"Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -xe\n",
"yum install -y aws-cfn-bootstrap\n",
"# Install the files and packages from the metadata\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource TestMachine ",
" --configsets CreateStuff ",
" --region ", "us-east-1", "\n"
]]}
}
}
}
},
"Outputs": {
}
}

Cloudformation - Using parameters in EC2 server

Below is my cloudformation template. Basically I want to use a parameter called "User" in a command in EC2 ubuntu server.
I have tried many solutions, but the mkdir command is not fails, rest of the template is working.
In the below example I have tried to set the "User" value as a tag as well as a property. Both failed. Suggest if you have seen any such examples.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"UserName": {
"Type": "String",
"Description": "Enter the username",
"AllowedPattern": "[a-zA-Z0-9_\\-]+",
"ConstraintDescription": "It should be a combination of characters from [A-Z],[a-z],[0-9],- and _."
},
"KeyName": {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription" : "must be the name of an existing EC2 KeyPair."
}
},
"Resources": {
"EC2Ansiblemaster2743": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"User" : { "Ref": "UserName" },
"AWS::CloudFormation::Init" : {
"configSets" : {
"CreateFile" : [
"create_file"
]
},
"create_file" : {
"files" : {
"/home/ubuntu/healthy.txt": {
"content": "Hello"
}
},
"commands" : {
"mkdir" : {
"command" : "sudo mkdir /home/$User"
}
}
}}
},
"Properties": {
"AvailabilityZone": "us-east-2a",
"ImageId": "ami-05c1fa8df71875112",
"InstanceType": "t2.micro",
"SourceDestCheck": false,
"KeyName" : { "Ref" : "KeyName" },
"Tags" : [
{
"Key" : "User",
"Value" : { "Ref": "UserName" }
}],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -xe\n",
"sudo apt-get update\n",
"sudo apt-get -y install python-pip\n",
"sudo pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"# Install the files and packages from the metadata\n",
"sudo /usr/local/bin/cfn-init ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource EC2Ansiblemaster2743 ",
" --configsets CreateFile ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"# Signal the status from cfn-init\n",
"sudo /usr/local/bin/cfn-signal -e $? ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource EC2Ansiblemaster2743 ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"SecurityGroupIds": [
{
"Ref": "EC2SG2AnsM0012743"
}
]
}
},
"EC2SG2AnsM0012743": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupName": "SGAnsibleMas2743",
"GroupDescription": "First",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"FromPort": "0",
"ToPort": "65535",
"IpProtocol": "tcp",
"Description": "From Anywhere"
},
{
"CidrIp": "0.0.0.0/0",
"FromPort": "22",
"ToPort": "22",
"IpProtocol": "tcp",
"Description": "SSH from anywhere , from and to port will be same - 22"
}
]
},
}
}
}

I used the Fn:Sub to get the parameter to Userdata.
{
"Fn::Sub":
[
"UserName=${variable}\n",
{
"variable": {
"Ref": "UserName"
}
}]
Later I curl 169.254.169.254/latest/user-data to extract the Username string.
Please let me know if any easier solution is there for this issue.

Use the join intrinsic function to properly form the command string by referencing the username in the template.
"command" : "Fn::Join": [ "", "mkdir /home/", { "Ref": "UserName" }]
The issue is that your mkdir command does not resolve as you have it. There is no linkage between the username parameter and the command in the init section. By using the Join function I am forming the command with the correct parameter value.

Error in Userdata Scripts in Cloud-init of EC2 Cloudformation Template

I am executing the below code to create stack. Instance got created but received this error:
Loaded plugins: amazon-id, rhui-lb, search-disabled-repos
No Match for argument: aws-cfn-bootstrap
No package aws-cfn-bootstrap available.
No packages marked for update
/var/lib/cloud/instance/scripts/part-001: line 4: cd: /opt/aws/bin/cfn-init: No such file or directory
My CloudFormation template is:
{
"Resources": {
"MyInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-011b3ccf1bd6db744",
"InstanceType": "t2.micro",
"KeyName": "EC2KeyPair",
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash",
"\n",
"exec > /tmp/user_data.log 2>&1 \n",
"yum update -y\n",
"yum install -y epel-release\n",
"yum install -y https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.amzn1.noarch.rpm \n",
"ln -s /usr/local/lib/python2.7/site-packages/cfnbootstrap /usr/lib/python2.7/site-packages/cfnbootstrap\n",
"/opt/aws/bin/cfn-init -v",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource MyInstance",
" --configsets scripts ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
},
"Metadata": {
"AWS::CloudFormation::Init": {
"configSets": {
"scripts": [
"configure_cfn",
"pythonInstallation"
]
},
"configure_cfn": {
"files": {
"/etc/cfn/hooks.d/cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.EC2.Metadata.AWS::CloudFormation::Init\n",
"action=/opt/aws/bin/cfn-init -v",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource EC2",
" --configsets wordpress",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/etc/cfn/cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n",
"verbose=true\n",
"interval=5\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/var/www/html/index2.html": {
"content": "Hi"
}
},
"services": {
"sysvinit": {
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"/etc/cfn/cfn-hup.conf",
"/etc/cfn/hooks.d/cfn-auto-reloader.conf"
]
}
}
}
},
"pythonInstallation": {
"packages": {
"yum": {
"wget": [],
"unzip": [],
"gcc-c++": [],
"zlib-devel": [],
"libffi-devel": [],
"httpd": []
}
},
"sources": {
"usr/src/": "https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tgz"
},
"commands": {
"python1": {
"command": "tar xzf Python-3.7.2.tgz",
"cwd": "/usr/src/"
},
"python2": {
"command": {
"comm1": "./configure --enable-optimizations",
"comm2": "make altinstall",
"comm3": "rm /usr/src/Python-3.7.2.tgz"
},
"cwd": "/usr/src/Python-3.7.2"
}
},
"files": {
"/var/www/html/index.php": {
"content": {
"Fn::Join": [
"",
[
"<html>\n",
" <head>\n",
" <title>AWS CloudFormation PHP Sample</title>\n",
" <meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\">\n",
" </head>\n",
" <body>\n",
" <h1>Welcome to the AWS CloudFormation PHP Sample</h1>\n",
" </body>\n",
"</html>\n"
]
]
}
}
}
}
}
}
}
}
}

It would appear that Redhat does not have cfn-init pre-loaded.
You could either use an Amazon Linux AMI instead, or see How to install aws-cfn-bootstrap/cfn-init package in Redhat using CloudFormation? - Stack Overflow for tips on how to load cfn-init as part of the boot process.

AWS cloud formation cannot valid instance id

I am creating a cloudformation template in AWS. I am still getting an error:
WaitCondition received failed message: 'ValidationError:' for uniqueId: i-04885f92b0b4a99ab
I have tried change instance id. and many other way. none of these works.
The error occurred on AWS::CloudFormation::WaitCondition
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"InstanceType": {
"Description": "FormEngine EC2 instance type",
"Type": "String",
"Default": "t2.micro"
}
},
"Mappings": {
"AWSInstanceType2Arch": {
"t2.micro": {
"Arch": "64"
}
},
"AWSRegionArch2AMI": {
"us-west-2": {
"64": "ami-f2d3638a"
}
}
},
"Resources": {
"WebServerGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable SSH and HTTP access",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"CfnUser": {
"Type": "AWS::IAM::User",
"Properties": {
"Path": "/",
"Policies": [
{
"PolicyName": "Admin",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
}
]
}
},
"HostKeys": {
"Type": "AWS::IAM::AccessKey",
"Properties": {
"UserName": {
"Ref": "CfnUser"
}
}
},
"WebServer": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"config": {
"packages": {
"yum": {
"java-1.6.0-openjdk": [],
"tomcat6": [],
"httpd": []
}
},
"files": {
"/var/www/html/index.html": {
"source": "http://a00807428-lab02/index.html",
"mode": "000600",
"owner": "apache",
"group": "apache"
},
"/var/www/html/index.html": {
"source": "http://a00807428-lab02/index.html",
"mode": "000600",
"owner": "apache",
"group": "apache"
}
}
}
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2AMI",
{
"Ref": "AWS::Region"
},
{
"Fn::FindInMap": [
"AWSInstanceType2Arch",
{
"Ref": "InstanceType"
},
"Arch"
]
}
]
},
"InstanceType": {
"Ref": "InstanceType"
},
"SecurityGroups": [
{
"Ref": "WebServerGroup"
}
],
"KeyName": {
"Ref": "KeyName"
},
"Tags": [
{
"Key": "Name",
"Value": "WebServer"
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -v\n",
"date > /home/ec2-user/starttime\n",
"yum update -y aws-cfn-bootstrap\n",
"## Error reporting helper function\n",
"function error_exit\n",
"{\n",
" /opt/aws/bin/cfn-signal -e 1 -r \"$1\" '",
{
"Ref": "WaitHandle"
},
"'\n",
" exit 1\n",
"}\n",
"## Initialize CloudFormation bits\n",
"/opt/aws/bin/cfn-init -v -s ",
{
"Ref": "AWS::StackId"
},
" -r FormEngine",
" --access-key ",
{
"Ref": "HostKeys"
},
" --secret-key ",
{
"Fn::GetAtt": [
"HostKeys",
"SecretAccessKey"
]
},
" --region ",
{
"Ref": "AWS::Region"
},
" > /tmp/cfn-init.log 2>&1 || error_exit $(</tmp/cfn-init.log)\n",
"# Configure Apache HTTPD\n",
"chkconfig httpd on\n",
"chkconfig --level 345 httpd on\n",
"# Start servers\n",
"/etc/init.d/httpd start\n",
"# Send signal to WaitHandle that the setup is completed\n",
"/opt/aws/bin/cfn-signal",
" -e 0",
" '",
{
"Ref": "WaitHandle"
},
"'",
"\n",
"date > /home/ec2-user/stoptime"
]
]
}
}
}
},
"WaitHandle": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
"WaitCondition": {
"Type": "AWS::CloudFormation::WaitCondition",
"DependsOn": "WebServer",
"Properties": {
"Handle": {
"Ref": "WaitHandle"
},
"Timeout": "1200"
}
},
"IPAddress": {
"Type": "AWS::EC2::EIP"
},
"IPAssoc": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"InstanceId": {
"Ref": "WebServer"
},
"EIP": {
"Ref": "IPAddress"
}
}
}
},
"Outputs": {
"InstanceIPAddress": {
"Value": {
"Ref": "IPAddress"
},
"Description": "public IP address of the new WebServer"
},
"InstanceName": {
"Value": {
"Fn::GetAtt": [
"WebServer",
"PublicDnsName"
]
},
"Description": "public DNS name of the new WebServer"
}
}
}
succeed to created cloudformation.

CloudFormation WaitCondition requires public access

I have a CloudFormation script which deploys a single instance in the VPC.
The script only works when the instance has a public IP. Without a public IP address, the template deployment fails at WaitCondition stage. I guess thats because the WaitCondition requires instance has access to the Internet?
Instead of assigning a public IP, will it work if I set the proxy address on the server? So the instance access the Internet via web proxy. If that's the case, what's the web URLs need to be whitelisted on the proxy? and can I add the add proxy address command in the userdata?
Below is my template:
"Mappings": {
"AWSRegion2AMI": {
"ap-southeast-2": {
"Windows2008r2": "ami-27b39a44",
"Windows2012r2": "ami-83b198e0"
}
}
},
"Resources": {
"DomainController": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"config": {
"files": {
"c:\\cfn\\cfn-hup.conf": {
"content": {
"Fn::Join": ["", [
"[main]\n",
"stack=", {
"Ref": "AWS::StackId"
}, "\n",
"region=", {
"Ref": "AWS::Region"
}, "\n"
]]
}
},
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf": {
"content": {
"Fn::Join": ["", [
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.DomainController.Metadata.AWS::CloudFormation::Init\n",
"action=cfn-init.exe -v -s ", {
"Ref": "AWS::StackId"
},
" -r DomainController",
" --region ", {
"Ref": "AWS::Region"
}, "\n"
]]
}
},
"C:\\cfn\\RunCommand.bat": {
"content": "%~1\nIF %ERRORLEVEL% GTR 10 ( exit /b 1 ) else ( exit /b 0 )"
}
},
"commands": {
"1-run-dcpromo": {
"command": {
"Fn::Join": ["", [
"C:\\cfn\\RunCommand.bat \"dcpromo /unattend /ReplicaOrNewDomain:Domain /NewDomain:Forest /NewDomainDNSName:", {
"Ref": "DomainDNSName"
},
" /ForestLevel:4 /DomainNetbiosName:", {
"Ref": "DomainNetBIOSName"
},
" /DomainLevel:4 /InstallDNS:Yes /ConfirmGc:Yes /CreateDNSDelegation:No /DatabasePath:\"C:\\Windows\\NTDS\" /LogPath:\"C:\\Windows\\NTDS\" /SYSVOLPath:\"C:\\Windows\\SYSVOL\" /SafeModeAdminPassword=", {
"Ref": "RestoreModePassword"
},
" /RebootOnCompletion:Yes\""
]]
},
"waitAfterCompletion": "forever"
},
"2-signal-success": {
"command": {
"Fn::Join": ["", [
"cfn-signal.exe -e 0 \"", {
"Fn::Base64": {
"Ref": "DomainControllerWaitHandle"
}
}, "\""
]]
}
}
},
"services": {
"windows": {
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": ["c:\\cfn\\cfn-hup.conf", "c:\\cfn\\hooks.d\\cfn-auto-reloader.conf"]
}
}
}
}
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": ["AWSRegion2AMI", {
"Ref": "AWS::Region"
}, "Windows2008r2"]
},
"InstanceType": {
"Ref": "InstanceType"
},
"NetworkInterfaces": [{
"AssociatePublicIpAddress": "false",
"DeviceIndex": "0",
"SubnetId": {
"Ref": "SubnetId"
}
}],
"KeyName": {
"Ref": "KeyName"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": ["", [
"<script>\n",
"cfn-init.exe -v -s ", {
"Ref": "AWS::StackId"
},
" -r DomainController ",
" --region ", {
"Ref": "AWS::Region"
}, "\n",
"</script>"
]]
}
}
}
},
"DomainControllerWaitCondition": {
"Type": "AWS::CloudFormation::WaitCondition",
"DependsOn": "DomainController",
"Properties": {
"Handle": {
"Ref": "DomainControllerWaitHandle"
},
"Timeout": "1500"
}
},
"DomainControllerWaitHandle": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
}

Pass in the proxy by adding on of those parameters to cfn-signal.exe:
--http-proxy
An HTTP proxy (non-SSL). Use the following format: http://user:password#host:port
--https-proxy
An HTTPS proxy. Use the following format: https://user:password#host:port
The signal is sent to an S3 Bucket. You can whitelist something like:
https://cloudformation-waitcondition-*.s3.amazonaws.com
Note: You can also use the S3 VPC endpoint feature to allow resources inside private subnets to access S3. http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-endpoints.html