Cloudformation - How does the cfn helper scripts get installed on windows 2012 instances

2
votes

I have a custom AMI image of windows 2012 server. I wanted to launch some services and do some additional stuff using powershell scripts when that instance comes up. BTW I am using AWS cloudformation template to bring up the instance.

Before taking AMI of the EC2 instance (per Steve's suggestion below), I checked "user data" option in EC2Config settings and ran sysops. After running syops it has shutdown byitself. I took AMI at that stage.

The powershell scripts I am calling from my cloud formation template won't work. I don't know why. 

{
    "AWSTemplateFormatVersion": "2010-09-09",
     "Resources": {
     "MyInstance": {
         "Type": "AWS::EC2::Instance",
         "Metadata" : {
           "AWS::CloudFormation::Init" : {
            "config" : {
            "files" : {
                "c:\\cfn\\cfn-hup.conf" : {
                "content" : { "Fn::Join" : ["", [
                "[main]\n",
                  "stack=", { "Ref" : "AWS::StackId" }, "\n",
                  "region=", { "Ref" : "AWS::Region" }, "\n"
                  ]]}
                },
                 "c:\\cfn\\hooks.d\\cfn-auto-reloader.conf" : {
                 "content": { "Fn::Join" : ["", [
                  "[cfn-auto-reloader-hook]\n",
                     "triggers=post.update\n",
       "path=Resources.MyInstance.Metadata.AWS::CloudFormation::Init\n",
            "action=cfn-init.exe -v -s ", { "Ref" : "AWS::StackId" },
                                             " -r MyInstance",
                                             " --region ", { "Ref" : "AWS::Region" }, "\n"
           ]]}
        },
        "c:\\scripts\\test.ps1" : {
           "content": { "Fn::Join" : ["", [
             "Write-Host Hello World!\n"
           ]]}
         }
       },
       "commands" : {
         "1-run-script" : {
           "command" : { "Fn::Join" : [ "", [
            "Powershell.exe Set-ExecutionPolicy Unrestricted -force \n",
            "Powershell.exe C:\\PowershellScripts\\WindowsServiceManager.ps1;StopWindowsService Dnscache"
              ]]}}
            },
            "services": {
               "windows": {
                  "cfn-hup": {
                            "enabled": "true",
                            "ensureRunning": "true",
                            "files": ["c:\\cfn\\cfn-hup.conf", "c:\\cfn\\hooks.d\\cfn-auto-reloader.conf"]
                                                            }
                                 }
                                            }
     }                                   
                            }
            },
 "Properties": {
   "DisableApiTermination": "FALSE",
   "ImageId": "ami-3723c04f",
   "InstanceType": "t2.micro",
   "KeyName": "EC2Instances",
   "Monitoring": "false",
   "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
     "<script>\n",
     "cfn-init.exe -v -s ", { "Ref" : "AWS::StackName" },
     " -r MyInstance",
     " --region ", { "Ref" : "AWS::Region" }, "\n",

     "cfn-signal.exe -e 0 ", { "Fn::Base64" : { "Ref" : "WindowsServerWaitHandle" }}, "\n",

     "</script>\n"
     ]]}},
   "Tags": [
     {
       "Key": "Name",
       "Value": "CloudAcademy_Instance"
     }
   ],
   "NetworkInterfaces": [
     {
       "DeleteOnTermination": "true",
       "Description": "Primary network interface",
       "DeviceIndex": 0,
       "AssociatePublicIpAddress": "true"
     }
   ]
 }

},

     All I need is the following line to get executed:


        "Powershell.exe C:\\PowershellScripts   \\WindowsServiceManager.ps1;StopWindowsService Dnscache"

Thanks

1
amazon-ec2amazon-cloudformation

1 Answers

3
votes

If you are using a Amazon Windows 2012 AMI, then it will have the cfn-* helper scripts installed already.

If not then you would need to install them. The official documentation is thin on detail:

These scripts are installed by default on the latest Amazon Linux AMI in /opt/aws/bin. They are also available in the Amazon Linux AMI yum repository for previous versions of the Amazon Linux AMI as well as via RPM for other Linux/Unix distributions. You can also install the scripts on Microsoft Windows (2008 or later) by using Python for Windows.

But you could install them with the EC2ConfigService. The thing to note is that cfn scripts may be disabled in EC2ConfigService:

Before creating your Windows AMI, click start and go down to "E". Open Ec2Config Settings. Enable "Userdata" execution. If you want set Administrator password, select the middle radio button and supply password. Then "shutdown with sysprep". You will see during sysprep that it has enabled userdata execution. Once the machine is down - create an AMI.