Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

aws ec2 run-instances: base64 encoded user-data blob is ignored

My base64 encoded user-data is ignored while running aws ec2 run-instances command.

Here is my user data:

$ cat user-data.sh 
#!/bin/bash
cat >> /var/tmp/user-data-testing <<EOF
this is test line added at $(date)
EOF

here is base64 blob of above script:

IyEvYmluL2Jhc2gKY2F0ID4+IC92YXIvdG1wL3VzZXItZGF0YS10ZXN0aW5nIDw8RU9GCnRoaXMgaXMgdGVzdCBsaW5lIGFkZGVkIGF0ICQoZGF0ZSkKRU9GCg==

Now, My below command does read the user-data fine:

aws ec2 run-instances --image-id ami-8635a9b6 --instance-type t1.micro --placement AvailabilityZone=us-west-2a --security-groups quicklaunch-1 --key-name devops --user-data file://user-data.sh

I do see that file /var/tmp/user-data-testing is created.

However, when I try to pass-in user-data as a base64 encoded blob as below, then it gets ignored:

aws ec2 run-instances --image-id ami-8635a9b6 --instance-type t1.micro --placement AvailabilityZone=us-west-2a --security-groups quicklaunch-1 --key-name devops --user-data IyEvYmluL2Jhc2gKY2F0ID4+IC92YXIvdG1wL3VzZXItZGF0YS10ZXN0aW5nIDw8RU9GCnRoaXMgaXMgdGVzdCBsaW5lIGFkZGVkIGF0ICQoZGF0ZSkKRU9GCg==

Now, I do not see the file /var/tmp/user-data-testing created.

Also, I know that my base64 blob is healthy as I can decode it fine:

$ base64 --decode <<< IyEvYmluL2Jhc2gKY2F0ID4+IC92YXIvdG1wL3VzZXItZGF0YS10ZXN0aW5nIDw8RU9GCnRoaXMgaXMgdGVzdCBsaW5lIGFkZGVkIGF0ICQoZGF0ZSkKRU9GCg==
#!/bin/bash
cat >> /var/tmp/user-data-testing <<EOF
this is test line added at $(date)
EOF

However, I do see that instance metadata has my user data in base64 format:

$ curl -L http://169.254.169.254/latest/user-data/
IyEvYmluL2Jhc2gKY2F0ID4+IC92YXIvdG1wL3VzZXItZGF0YS10ZXN0aW5nIDw8RU9GCnRoaXMgaXMgdGVzdCBsaW5lIGFkZGVkIGF0ICQoZGF0ZSkKRU9GCg==

So, what am I doing wrong in using base64 user-data blob?

My instance meta-data is aware of it but seems like it is not really being executed (or decoded and executed) at the time of instance launch.

UPDATE:

If I pass the same base64 blob via AWS Console while launching the instance, It works. So seems like something is wrong in the way I am using it along with AWS-CLI.

UPDATE:

I just tried the same base64 blob with my ruby code as below and it worked as well:

ec2 = Aws::EC2.new
resp = ec2.run_instances(
    min_count: 1,
    max_count: 1,
    image_id: 'ami-8635a9b6',
    instance_type: 't1.micro',
    placement: {
      availability_zone: 'us-west-2a'
    },
    security_groups: ['quicklaunch-1'],
    key_name: 'devops',
    user_data: 'IyEvYmluL2Jhc2gKY2F0ID4+IC92YXIvdG1wL3VzZXItZGF0YS10ZXN0aW5nIDw8RU9GCnRoaXMgaXMgdGVzdCBsaW5lIGFkZGVkIGF0ICQoZGF0ZSkKRU9GCg=='
)

So, then WTF is wrong my implementation of AWS-CLI ?

like image 511
slayedbylucifer Avatar asked Mar 12 '14 06:03

slayedbylucifer


People also ask

What type of data can be passed as user data in EC2?

You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives. You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

What will happen if you modify user data of an already running EC2 instance?

The new user data is visible on your instance after you restart it; however, user data scripts are not executed.

What is FN :: base64?

The intrinsic function Fn::Base64 returns the Base64 representation of the input string. This function is typically used to pass encoded data to Amazon EC2 instances by way of the UserData property.


1 Answers

It seems like awscli does the base64 encoding for you, so you should pass unencoded text to --user-data.

Apparently the documentation is not very clear on this. Check this link.

This syntax should then be:

aws ec2 run-instances --image-id ami-8635a9b6 --user-data "echo TEST"

or

aws ec2 run-instances --image-id ami-8635a9b6 --user-data file://path/to/file
like image 86
Luis Avatar answered Oct 17 '22 10:10

Luis