我是cloudformation的新手。 我使用cfn-init来创建一个文件。但是没有创建文件,也没有我的堆栈失败。使用EC2实例等必需资源成功创建堆栈。此外,它还按照用户数据中的说明安装AWS CLI。 但它只是不创建我想创建的文件。 我尝试使用不允许回滚堆栈的高级选项。但是没有创建/var/log/cfn-init.log。 看下面的模板?我在这做错了吗?
{
"Parameters" : {
"KeyName" : {
"Description" : "The EC2 Key Pair to allow SSH access to the instance",
"Type" : "AWS::EC2::KeyPair::KeyName"
}
},
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Metadata" : {
"Comment" : "Install a simple application",
"AWS::CloudFormation::Init" : {
"config" : {
"files" : {
"/tmp/setup.mysql" : {
"content" : { "Fn::Join" : ["", ["[default]\n","region=",{"Ref": "AWS::Region"}]]},
"mode" : "000775",
"owner" : "ec2-user",
"group" : "ec2-user"
}
}
}
} },
"Properties" : {
"SecurityGroups" : [ {
"Ref" : "InstanceSecurityGroup" }
],
"IamInstanceProfile" : {"Ref" : "RootInstanceProfile"} ,
"KeyName" : { "Ref" : "KeyName"},
"InstanceType" : "t2.micro",
"ImageId" : "ami-58277d3d",
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"curl https://s3.amazonaws.com/aws-cli/awscli-bundle.zip -o awscli-bundle.zip\n",
"unzip awscli-bundle.zip\n",
"sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource Ec2Instance ",
" --region ", { "Ref" : "AWS::Region" }, "\n",
"cfn-signal -e 0",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --region ",
{
"Ref": "AWS::Region"
},
" --resource ",
"Ec2Instance",
"\n"
]
]
}
}
}
},
"RootRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": [ "ec2.amazonaws.com" ]
},
"Action": [ "sts:AssumeRole" ]
} ]
},
"Path": "/",
"Policies": [ {
"PolicyName": "root",
"PolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Action": ["cloudwatch:PutMetricData"],
"Resource": "*"
} ]
}
} ]
}
},
"RootInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [ {
"Ref": "RootRole"
} ]
}
},
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access via port 22",
"Tags" : [{ "Key" : "Name", "Value" : "SecurityGr_EC2WithParam" }],
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : "0.0.0.0/0"
} ]
}
}
}
}
答案 0 :(得分:1)
在comment中发现,UserData资源上的AWS::EC2::Instance媒体资源要求第一行为#!/bin/bash\n。
这是必要的,以便cloud-init处理的用户数据被解释为User-Data Script,如AWS EC2文档部分Running Commands on Your Linux Instance at Launch中所述:
用户数据shell脚本必须以
#!个字符和要阅读脚本的解释器的路径(通常为/bin/bash)开头。
另请注意,您的用户数据脚本中不需要sudo,如文档中所述:
作为用户数据输入的脚本将作为
root用户执行,因此请勿在脚本中使用sudo命令。
最后,默认情况下AWS CLI预先安装在Amazon Linux AMI实例上的note,这就是为什么您注意到尽管您的用户数据脚本未正确运行,但您的实例上仍然安装了AWS CLI