我无法使用 CloudFormation 中的 Userdata 将 S3 文件复制到 EC2 实例

Question

我无法使用 CloudFormation Userdata 属性将 S3 文件下载到我的 EC2 实例。我已经分配了一个 IAM 角色，但仍然无法解决它。

我在模板中分配了角色。

我尝试传递访问密钥和秘密访问密钥 - 结果相同。

"Parameters": {       
    "VpcId": {
        "Type": "AWS::EC2::VPC::Id",
        "Description": "Id of an existing VPC to use for "
    },
    "SubnetId": {
        "Type": "AWS::EC2::Subnet::Id",
        "Description": "Id of an existing subnet id to use for "
    },

    "SecurityGroupIds": {
        "Description": "Security groups ",
        "Type": "List<AWS::EC2::SecurityGroup::Id>",
        "ConstraintDescription": "using existing security  be list of EC2 security group ids"
    },
    "instanceType": {
        "Type": "String",
        "Default": "t2.micro",
        "AllowedValues": [
            "t2.micro"

        ],
        "Description": "Enter Instance Type "
    },
    "AWSREGION": {
        "Type": "String",
        "Default": "us-east-1",
        "AllowedValues": [
            "us-east-1"
        ],
        "Description": "Enter AWS_REGION."
    }
},
"Resources": {
    "InstanceRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": { "Service": [ "ec2.amazonaws.com" ] },
              "Action": [ "sts:AssumeRole" ]
            }
          ]
        },
        "Path": "/",
        "Policies": [
          { 
            "PolicyName": "S3_Access",
            "PolicyDocument": {
              "Statement": [
                {
                  "Effect": "Allow",
                 "Action": [
                    "s3:PutObject",
                    "s3:GetObject",
                    "s3:DeleteObject"
                  ],
                  "Resource": ["arn:aws:s3:::mybucketlocation/*"]
                }
              ]
            }
          }
        ]
      }
    },
    "InstanceProfile": {
      "Type": "AWS::IAM::InstanceProfile",
      "Properties": {
        "Path": "/",
        "Roles": [ { "Ref": "InstanceRole" }
        ]
      }
    },
    "EdgeNode": {
        "Type": "AWS::EC2::Instance",
        "Properties": {
            "IamInstanceProfile": { "Ref": "InstanceProfile" },
            "InstanceType": { "Ref" : "instanceType" },
            "ImageId": "ami-0cc96feef8c6bbff3",
            "SubnetId": { "Ref" : "SubnetId" },
            "KeyName": "my-key",
            "SecurityGroupIds": {
                "Ref": "SecurityGroupIds"
            },
            "UserData": {
                "Fn::Base64": {
                    "Fn::Join": [
                        "\n",
                        [
                            "#!/bin/bash",
                            "echo \"\" > /home/xyz/index.txt", 
                            {
                                "Fn::Join": [
                                    "",
                                    [
                                        "echo \"AWS_REGION: ",
                                        {
                                            "Ref": "AWSREGION"
                                        },
                                        "\" >> /home/xyz/index.txt"
                                    ]
                                ]

                            },
                            {
                                 "Fn::Join": ["", [
                                    "<script>\n",
                                    "cfn-init.exe -v -s ", { "Ref" : "AWS::StackId" }, " -r Instance --region ", { "Ref" : "AWS::Region" }, "\n",
                                    "</script>"
                                  ] ] 
                            }



                        ]
                    ]

                }
            }
        },

        "Metadata": {
            "AWS::CloudFormation::Init": {
              "config": {
                "commands" : {
                  "Pullcode" : {
                    "command" : "aws s3 sync s3://mybucketlocation /home/xyz/ --debug"
                  }
                }
              } 
            },
            "AWS::CloudFormation::Designer": {
                "id": "e37a9183-9f81c2fbd39"


            }
        }
    }
}

在cloud-init-output.log 我得到了这个：

/var/lib/cloud/instance/scripts/part-001：第 7 行：意外标记附近的语法错误 newline' /var/lib/cloud/instance/scripts/part-001: line 7:' 6 月 21 日 11:45:05 cloud-init [4071]：util.py [警告]：运行 /var/lib/cloud/instance/scripts/part-001 [2] 失败 6 月 21 日 11:45:05 cloud-init[4071]: cc_scripts_user.py[WARNING]: 无法运行模块脚本用户（/var/lib/cloud/instance/scripts 中的脚本） Jun 21 11:45:05 cloud-init[4071]: util.py[WARNING]: Running module scripts-

Answer 1

这些行看起来很奇怪：

                             "Fn::Join": ["", [
                                "<script>\n",
                                "cfn-init.exe -v -s ", { "Ref" : "AWS::StackId" }, " -r Instance --region ", { "Ref" : "AWS::Region" }, "\n",
                                "</script>"

您正在启动一个 Amazon EC2 实例。但是，这些行看起来像是取自 Windows 实例的用户数据。

此外，您正在提示用户输入区域，但脚本已在特定区域中运行，因此您可以使用 { "Ref" : "AWS::Region" } 访问该值。

您可能希望您的用户数据脚本如下所示：

"UserData": {
    "Fn::Base64": {
        "Fn::Join": [
            "\n",
            [
                "#!/bin/bash",
                {
                    "Fn::Sub": "echo AWS_REGION: ${AWS::REGION} >>/home/xyz/index.txt"
                },
                {
                    "Fn::Sub": "cfn-init -v -s ${AWS::StackId} -r EdgeNode --region ${AWS::Region}"
                },
            ]
        ]

    }
}

我没有测试它，所以你可能需要调整一些东西。

Answer 2

用户数据始终是一个糟糕的属性。您可以尝试cloudkast，这是一个在线 cloudformation 模板生成器。它使您可以非常轻松地在 cloudformation 中使用内在函数，我相信这有一些学习曲线。