我正在构建一个AWS CloudFormation自动化文档,它为我创建了一个自定义的Windows 2016 AMI。
如果我根据此AMI启动EC2实例,我将无法检索密码。
密码尚不可用。请等待至少4分钟后 在尝试检索自动生成之前启动实例 密码。
注意:在启动Amazon Windows AMI期间会生成密码 或已配置为启用此功能的自定义AMI。 从未启用此功能的自定义AMI启动的实例已启用 AMI的父实例的用户名和密码。
CloudFormation模板如下所示:
value = range(len(key))
dictionary = dict(zip(key, ['English {}'.format(i) for i in value]))
答案 0 :(得分:3)
借助Windows 2016,我们推出了新的Powershell脚本。这些需要在构建AMI时进行安排。
要完成此操作,请添加:
AWSTemplateFormatVersion: "2010-09-09"
Description: "SSM Automation Document"
Parameters:
SubnetId:
Description: "ID of subnet to use for launching EC2 instance"
Type: "AWS::EC2::Subnet::Id"
KeyPairName:
Description: "Name of EC2 key pair for logging in to the instance"
Type: "String"
SecurityGroupIds:
Description: "The IDs of security groups that are permitted access to EC2 instance"
Type: "List<AWS::EC2::SecurityGroup::Id>"
Outputs:
AmiAutomationDocumentName:
Value: !Ref "AmiAutomationDoc"
Resources:
AutomationRole:
Type: "AWS::IAM::Role"
Properties:
Path: "/"
AssumeRolePolicyDocument:
Statement:
- Action:
- "sts:AssumeRole"
Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
- "ssm.amazonaws.com"
Version: "2012-10-17"
Policies:
- PolicyName: "PassRole"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "iam:PassRole"
Effect: "Allow"
Resource: "*"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole"
InstanceProfileRole:
Type: "AWS::IAM::Role"
Properties:
Path: "/"
AssumeRolePolicyDocument:
Statement:
- Action:
- "sts:AssumeRole"
Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
- "ssm.amazonaws.com"
Version: "2012-10-17"
Policies:
- PolicyName: "PassRole"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "iam:PassRole"
Effect: "Allow"
Resource: "*"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
InstanceProfile:
Properties:
Path: "/"
Roles:
- !Ref "InstanceProfileRole"
Type: "AWS::IAM::InstanceProfile"
AmiAutomationDoc:
Type: "AWS::SSM::Document"
Properties:
DocumentType: "Automation"
Content:
schemaVersion: "0.3"
description: "Create a new AMI"
parameters:
SourceAmiId:
type: "String"
description: "AMI to patch"
TargetAmiName:
type: "String"
description: "Name of new AMI"
default: "NewAMI_{{ global:DATE_TIME }}_{{ SourceAmiId }}"
assumeRole: !GetAtt "AutomationRole.Arn"
mainSteps:
- name: "startInstance"
action: "aws:runInstances"
timeoutSeconds: 360
maxAttempts: 1
onFailure: "Abort"
inputs:
ImageId: "{{ SourceAmiId }}"
InstanceType: "t2.micro"
IamInstanceProfileArn: !GetAtt "InstanceProfile.Arn"
KeyName: !Ref "KeyPairName"
SecurityGroupIds: !Ref "SecurityGroupIds"
SubnetId: !Ref "SubnetId"
MinInstanceCount: 1
MaxInstanceCount: 1
- name: "stopInstance"
action: "aws:changeInstanceState"
maxAttempts: 1
onFailure: "Continue"
inputs:
InstanceIds:
- "{{ startInstance.InstanceIds }}"
DesiredState: "stopped"
- name: "createImage"
action: "aws:createImage"
maxAttempts: 1
onFailure: "Continue"
inputs:
InstanceId: "{{ startInstance.InstanceIds }}"
ImageName: "{{ TargetAmiName }}"
ImageDescription: "AMI based on base image {{ SourceAmiId }}"
outputs:
- createImage.ImageId
- startInstance.InstanceIds
然后:
- name: "installServices"
action: "aws:runCommand"
maxAttempts: 1
onFailure: "Abort"
inputs:
DocumentName: !Ref "InstallServicesCommand"
InstanceIds:
- "{{ startInstance.InstanceIds }}"
答案 1 :(得分:-1)
The below steps are worked for me. 1.Connect to your Windows instance and customize it. 2.Search for and run the EC2LaunchSettings application if the windows is 2016 or later or if the windows server 2012 R2 and earlier version of Windows server 2012R2 open EC2Config service application. 3.Enable Random(Retrieve from console) 4.Click Shutdown the system with Sysprep option. 5.Create AMI once instance got shutdown. 6. Then launch the system using new Keypair.