0

在 EC2 实例初始化期间,我试图从 S3 存储桶中检索文件。没有失败(语法)。但是缺少一些东西。initial_setup.sh 文件不是在根目录下创建的 有这么多文章都说相同(或者至少按照我作为新手的拙见)

Parameters:
 MyVPC: { Type: String, Default: vpc-000xxx }
 myNstdKeyName: { Type: String, Default: xxx-key-test }
 myNstdBucket: { Type: String, Default: myBucket }
 myNstdEC2HostSubnet: { Type: String, Default: subnet-0xxxxx }
 myNstdImageId: { Type: 'AWS::EC2::Image::Id', Default: 'ami-0xxxx' }

Resources:
#Allow incoming SSH and all types of outgoing traffic
 SSHSecGrp4Pub:
  Type: AWS::EC2::SecurityGroup
  Properties:
   GroupDescription: Security group to allow SSH connection in public subnet
   VpcId: !Ref MyVPC
   SecurityGroupIngress: [ { IpProtocol: tcp, FromPort: 22, ToPort: 22, CidrIp: 0.0.0.0/0  } ]
   SecurityGroupEgress: [ { IpProtocol: -1, CidrIp: 0.0.0.0/0, FromPort: 1, ToPort: 65535 } ]
#Assume Role  
 SAPEC2Role:
  Type: AWS::IAM::Role
  Properties:
   AssumeRolePolicyDocument:
   RoleName: EC2AWSAccess
   AssumeRolePolicyDocument:
    Statement: [ { Effect: Allow, Principal: { Service: ec2.amazonaws.com } , Action: [ 'sts:AssumeRole' ] }  ]
#Policy for the above role
 S3RolePolicy:
  Type: AWS::IAM::Policy
  Properties:
   PolicyName: "S3DownloadPolicy"
   Roles: [ !Ref SAPEC2Role ]
   PolicyDocument:
    Statement:
     - Effect: Allow
       Action: [ 's3:GetObject' ]
       Resource: !Sub "arn:aws:s3:::${myNstdBucket}/*"
#Profile for EC2 Instance       
 SAPEC2Profile:
  Type: AWS::IAM::InstanceProfile 
  Properties: { InstanceProfileName: SAPEC2Profile,  Roles: [ !Ref SAPEC2Role ] }
#My EC2 Instance  
 EC2:
  Type: AWS::EC2::Instance
  Metadata:
   AWS::CloudFormation::Authentication: 
    S3Access: 
     type: "S3"
     roleName: { Ref: "SAPEC2Role" }
     buckets: [ !Ref myNstdBucket ]
   AWS::CloudFormation::Init:
    config:
     files:
      /root/initial_setup.sh: {
       source: !Sub "https://${myNstdBucket}.s3.eu-central-1.amazonaws.com/initial_setup.sh", 
       mode: "000777", 
       owner: root, 
       group: root, 
       authentication: "S3Access" 
       }
     commands:
       myStarter:
         command: "/bin/bash  /root/initial_setup.sh"  
  Properties:
   SubnetId: !Ref myNstdEC2HostSubnet
   ImageId: !Ref myNstdImageId
   InstanceType: t2.micro
   KeyName: !Ref myNstdKeyName
   IamInstanceProfile: !Ref SAPEC2Profile
   SecurityGroupIds: [ !Ref SSHSecGrp4Pub ]
   UserData:
    Fn::Base64: !Sub |
     #!/bin/bash 
     echo "my test file" > /root/testfile.txt

初始化实例后,我使用 aws cp s3://mybucket/initial_setup.sh 尝试它可以工作,但我必须使用 dos2unix。

另一种方法是将它放在 UserData 中。但这也应该适用于命令。(^)

这里也有人遇到了几乎相同的情况,但有人提到:

“为了使任何命令正常工作,我们需要在 Userdata 中提供一个 shell 环境,否则它无法创建任何文件”

我也将它添加为安全组之后的最后一行。

   UserData:
    Fn::Base64: !Sub |
     #!/bin/bash 
     echo "my test file" > /root/testfile.txt

所以 /root/testfile.txt 会被创建,其中包含指定的文本。

但是存储桶中所需的文件没有显示出来。

4

1 回答 1

0

我有一个误解,即仅通过说明 Metadata Stuff,它也会被执行。但现在我已经完成了一半。这是 UserData 下缺少的部分

UserData:
 Fn::Base64:  !Sub |
  cd /tmp
  wget https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz
  gzip -df aws-cfn-bootstrap-latest.tar.gz
  tar -xvf aws-cfn-bootstrap-latest.tar
  chmod -R 755 /tmp/aws-cfn-bootstrap-1.4
  pip install --upgrade pip
  pip install --upgrade setuptools
  pip install awscli --ignore-installed six &> /dev/null
  export PYTHONPATH=/tmp/aws-cfn-bootstrap-1.4
  /tmp/aws-cfn-bootstrap-1.4/bin/cfn-init -v  --stack ${AWS::StackName} --resource EC2 --region ${AWS::Region}

实际上是最后一行有所不同。它之前的行用于设置配置,因为使用的图像是非 aws 图像。因此,它不会带来开箱即用的功能。

于 2019-12-11T09:06:47.967 回答