我无法使用CloudFormation Userdata属性将S3文件下载到我的EC2实例。我已经分配了IAM角色,但仍然无法解决它。
我在模板中分配了角色。
我尝试传递访问密钥和秘密访问密钥-相同的结果。
"Parameters": {
"VpcId": {
"Type": "AWS::EC2::VPC::Id",
"Description": "Id of an existing VPC to use for "
},
"SubnetId": {
"Type": "AWS::EC2::Subnet::Id",
"Description": "Id of an existing subnet id to use for "
},
"SecurityGroupIds": {
"Description": "Security groups ",
"Type": "List<AWS::EC2::SecurityGroup::Id>",
"ConstraintDescription": "using existing security be list of EC2 security group ids"
},
"instanceType": {
"Type": "String",
"Default": "t2.micro",
"AllowedValues": [
"t2.micro"
],
"Description": "Enter Instance Type "
},
"AWSREGION": {
"Type": "String",
"Default": "us-east-1",
"AllowedValues": [
"us-east-1"
],
"Description": "Enter AWS_REGION."
}
},
"Resources": {
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": [ "ec2.amazonaws.com" ] },
"Action": [ "sts:AssumeRole" ]
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "S3_Access",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::mybucketlocation/*"]
}
]
}
}
]
}
},
"InstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [ { "Ref": "InstanceRole" }
]
}
},
"EdgeNode": {
"Type": "AWS::EC2::Instance",
"Properties": {
"IamInstanceProfile": { "Ref": "InstanceProfile" },
"InstanceType": { "Ref" : "instanceType" },
"ImageId": "ami-0cc96feef8c6bbff3",
"SubnetId": { "Ref" : "SubnetId" },
"KeyName": "my-key",
"SecurityGroupIds": {
"Ref": "SecurityGroupIds"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
"echo \"\" > /home/xyz/index.txt",
{
"Fn::Join": [
"",
[
"echo \"AWS_REGION: ",
{
"Ref": "AWSREGION"
},
"\" >> /home/xyz/index.txt"
]
]
},
{
"Fn::Join": ["", [
"<script>\n",
"cfn-init.exe -v -s ", { "Ref" : "AWS::StackId" }, " -r Instance --region ", { "Ref" : "AWS::Region" }, "\n",
"</script>"
] ]
}
]
]
}
}
},
"Metadata": {
"AWS::CloudFormation::Init": {
"config": {
"commands" : {
"Pullcode" : {
"command" : "aws s3 sync s3://mybucketlocation /home/xyz/ --debug"
}
}
}
},
"AWS::CloudFormation::Designer": {
"id": "e37a9183-9f81c2fbd39"
}
}
}
}
在cloud-init-output.log中,我得到了:
/ var / lib / cloud / instance / scripts / part-001:第7行:意外令牌
newline' /var/lib/cloud/instance/scripts/part-001: line 7:附近的语法错误 6月21日11:45:05 cloud-init [4071]:util.py [警告]:运行/ var / lib / cloud / instance / scripts / part-001失败[2] 6月21日11:45:05 cloud-init [4071]:cc_scripts_user.py [警告]:无法运行模块脚本用户(/ var / lib / cloud / instance / scripts中的脚本) 6月21日11:45:05 cloud-init [4071]:util.py [警告]:运行模块脚本-
答案 0 :(得分:0)
这些行似乎很奇怪:
"Fn::Join": ["", [
"<script>\n",
"cfn-init.exe -v -s ", { "Ref" : "AWS::StackId" }, " -r Instance --region ", { "Ref" : "AWS::Region" }, "\n",
"</script>"
您正在启动Amazon EC2实例。但是,这些行看起来像是从Windows实例的用户数据中提取的。
此外,您正在提示用户输入Region,但是脚本已在特定的区域中运行,因此可以使用{ "Ref" : "AWS::Region" }来访问值。
您可能希望您的用户数据脚本如下所示:
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"\n",
[
"#!/bin/bash",
{
"Fn::Sub": "echo AWS_REGION: ${AWS::REGION} >>/home/xyz/index.txt"
},
{
"Fn::Sub": "cfn-init -v -s ${AWS::StackId} -r EdgeNode --region ${AWS::Region}"
},
]
]
}
}
我没有测试它,所以您可能需要调整一些东西。
答案 1 :(得分:0)
用户数据始终是令人恐惧的正确属性。您可以尝试cloudkast,它是一个在线cloudformation模板生成器。它使您可以非常轻松地在cloudformation中使用内在函数,我相信这有点学习上的困难。