CloudFormation helper scripts
CloudFormation提供了几个Python脚本来帮助用户处理EC2资源,包括cfn-init, cfn-signal, cfn-hup等
- 默认
CloudFormation helper script已经安装在Amazon Linux AMI上,路径在opt/aws/bin;如果想更新到最新版本,可以在userdata中执行yum update -y aws-cfn-bootstrap - 如果是其他操作系统,可以下载
aws-cfn-bootstrap包来安装
cfn-init
cfn-init helper script会从 AWS::CloudFormation::Init 里读取metadata,然后执行相应的命令。然后CloudFormation执行UserData时,会从stack中取出相应cfn-init命令并执行。例如:
---
Parameters:
SSHKey:
Type: AWS::EC2::KeyPair::KeyName
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
Resources:
MyInstance:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: us-east-1a
ImageId: ami-009d6802948d06e52
InstanceType: t2.micro
KeyName: !Ref SSHKey
SecurityGroups:
- !Ref SSHSecurityGroup
# we install our web server with user data
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -xe
# 获取最新版本的helper script
yum update -y aws-cfn-bootstrap
# Start cfn-init
/opt/aws/bin/cfn-init -s ${AWS::StackId} -r MyInstance --region ${AWS::Region} || error_exit 'Failed to run cfn-init'
Metadata:
Comment: Install a simple Apache HTTP page
AWS::CloudFormation::Init: # AWS::CloudFormation::Init必须放到资源的Metadata下。
config:
packages:
yum:
httpd: []
files:
"/var/www/html/index.html":
content: |
<h1>Hello World from EC2 instance!</h1>
<p>This was created using cfn-init</p>
mode: '000644'
commands:
hello:
command: "echo 'hello world'"
services:
sysvinit:
httpd:
enabled: 'true'
ensureRunning: 'true'
# our EC2 security group
SSHSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SSH and HTTP
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
FromPort: 22
IpProtocol: tcp
ToPort: 22
- CidrIp: 0.0.0.0/0
FromPort: 80
IpProtocol: tcp
ToPort: 80
上面的CloudFormation会创建一台EC2并启动http服务, 创建完成后,登录到ec2上,index.html已被写到里面:
cfn-init和userdata是如此的相像,它们都用于在创建EC2时执行自定义脚本。
但它们也有不同点:userdata是纯的bash脚本;而cfn-init是bash脚本层面上做抽象,将它转换为yaml格式