amazon-web-services - AWS Cloudformation 上的 UserData 未部署在 EC2 实例上
问题描述
我正在尝试使用kubectl和nodejs等工具引导 EC2 。但是,我无法执行 UserData。有人可以帮我解决下面的脚本:
AWSTemplateFormatVersion: 2010-09-09
Description: Part 1 - Build a webapp stack with CloudFormation
Resources:
WebAppInstance:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: us-east-2a
ImageId: ami-074cce78125f09d61
InstanceType: t2.micro
SecurityGroupIds:
- !Ref WebAppSecurityGroup
UserData:
Fn::Base64: |
!Sub |
#!/bin/bash -xe
yum install nodejs -y
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/linux/amd64/kubectl
WebAppSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Join ["-", [webapp-security-group, dev]]
GroupDescription: "Allow HTTP/HTTPS and SSH inbound and outbound traffic"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
WebAppEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId: !Ref WebAppInstance
Tags:
- Key: Name
Value: !Join ["-", [webapp-eip, dev]]
RootRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
RolePolicies:
Type: AWS::IAM::Policy
Properties:
PolicyName: root
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: "*"
Resource: "*"
Roles:
- !Ref RootRole
RootInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- !Ref RootRole
candidateUser:
Type: 'AWS::IAM::User'
Properties:
UserName: candidate # give a name to this user
LoginProfile: # specify a password for this user
Password: DTelek0m
PasswordResetRequired: false # make this user to set a new password on next sign-in
Path: '/'
ManagedPolicyArns: # list of ARNs of IAM managed policies that you want to attach to the user
- arn:aws:iam::aws:policy/AmazonEC2FullAccess
- arn:aws:iam::aws:policy/EC2InstanceConnect
Outputs:
WebsiteURL:
Value: !Sub http://${WebAppEIP}
Description: WebApp URL
EC2 没有任何问题,但我无法在此基础上安装软件包。到目前为止,我尝试部署nodejs、nginx、kubectl。
解决方案
工作解决方案:
确定的问题是缺少 curl 安装。
AWSTemplateFormatVersion: 2010-09-09
Description: Part 1 - Build a webapp stack with CloudFormation
Resources:
WebAppInstance:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: us-east-2a
ImageId: ami-074cce78125f09d61
InstanceType: t2.micro
SecurityGroupIds:
- !Ref WebAppSecurityGroup
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -xe
sudo yum install curl
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/linux/amd64/kubectl
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
WebAppSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Join ["-", [webapp-security-group, dev]]
GroupDescription: "Allow HTTP/HTTPS and SSH inbound and outbound traffic"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
WebAppEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
InstanceId: !Ref WebAppInstance
Tags:
- Key: Name
Value: !Join ["-", [webapp-eip, dev]]
RootRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
RolePolicies:
Type: AWS::IAM::Policy
Properties:
PolicyName: root
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: "*"
Resource: "*"
Roles:
- !Ref RootRole
RootInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
- !Ref RootRole
candidateUser:
Type: 'AWS::IAM::User'
Properties:
UserName: candidate # give a name to this user
LoginProfile: # specify a password for this user
Password: DTelek0m
PasswordResetRequired: false # make this user to set a new password on next sign-in
Path: '/'
ManagedPolicyArns: # list of ARNs of IAM managed policies that you want to attach to the user
- arn:aws:iam::aws:policy/AmazonEC2FullAccess
- arn:aws:iam::aws:policy/EC2InstanceConnect
Outputs:
WebsiteURL:
Value: !Sub http://${WebAppEIP}
Description: WebApp URL
推荐阅读
- spring - Spring boot:上传几个 MultipartFile 和几个附加数据
- python - 在 python 3 中扩展一个类,以便可以迭代 ls_1 和 ls_2 的索引 i 处的元素对。索引 i 从 0 开始
- rcpp - RcppEigen 和包大小
- php - 在php中获取财政年度的日期范围
- oauth-2.0 - 如何从服务帐户获取刷新令牌
- java - 如何在 Java 中使用 BufferedWriter 从 PostgreSQL 导出到 CSV 文件
- python - 在 Pymongo 中查询纠结的数组
- c - 我的程序没有打印我最后一行代码的函数结果
- docker - 如何从 Docker Linux 连接到 localhost 上的 Sql Server
- woocommerce - 用户更新 Wordpress 客户元数据的正确签名是什么