AWS CloudFormation userdata for jumpbox

0
votes

I am exploring options for using CloudFormation for creating a jump box and wondering if it is possible to run userdata in cloudformation at launch to install software and updates (security group needing HTTP access), and then remove HTTP from the security group once the user data script has completed.

So, I would like to explore if it's possible to add a security group to ec2 at launch with HTTP access required to install packages with yum/apt then remove that security and/or the HTTP rule after the ec2 resource has been created.

I'm aware that usually an AMI is configured first but I am exploring if it is possible to do so without a preconfigured AMI.

Thanks

1
amazon-web-servicesamazon-ec2amazon-cloudformation
Why would you need HTTP access in a jumpbox?Marcin
Sorry, will reclarify in the post. I don't want HTTP access, but you need HTTP access to install a package with for example yum. So I would like to explore if it's possible to allow HTTP access on a security group at launch but then remove than ingress rule once the stack has deployed the ec2 resourcePegasus18
Ingress rules don't have effect here. The internet traffic originates from the instance. So it will always be allowed, regardless of ingress rules. Would have to modify egress rules. And yes, its possible to write such user data.Marcin

1 Answers

0
votes

You can use cfn-init to install software and run scripts on launching / booting your EC2 instance. That might be helpful for your use case.