2

I created a Windows 2012 AMI and created an instance of that AMI using the CloudFormation template shown below.

In that JSON script I want to call a PowerShell script to disable a service (simple one). The EC2 Windows 2012 instance gets created. I made sure EC2Config service was running before I took AMI.But the PowerShell script doesn't get executed from the CFN template. Any idea why?

{
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "EC2 Head Node Instance ",
     "Parameters": {
       "VPC": {
        "Description": "The default VPC",
        "Type": "AWS::EC2::VPC::Id"
    },
    "AvailabilityZone": {
        "Description": "Availablity Zone",
        "Type": "String"

    },
    "Region":{
        "Description": "Dev/Test/Prod regions",
        "Type": "String"
    },
    "AMI": {
        "Description": "AMI to start virtual server",
        "Type": "String",
        "Default": "ami-19273960",
        "MaxLength": 12,
        "MinLength": 12
    },      
    "Subnet": {
        "Description": "subnet to launch virtual server in",
        "Type": "AWS::EC2::Subnet::Id"
    }

},      
"Resources": {
    "EC2Instance": {
        "Type": "AWS::EC2::Instance",
        "Metadata": {
            "AWS::Cloudformation::Init": {
                "configSets": {
                     "config": [
                     "rename",
                     "bootstrapDSC"
                      ]                 
                },
                "rename": {
                     "a-rename-computer" : {
                      "command": "powershell.exe -Command Rename-Computer -qrmawshead01 Server1 -Restart",
                      "waitAfterCompletion" : "forever"
                      }
                },
                "bootstrapDSC": {
                     "a-setpullmode" : {
                      "command": "powershell.exe -Command c:\\cfn\\scripts\\SetPullMode.ps1",
                              "waitAfterCompletion" :"0"
                      }  

                }

            }

        },
        "Properties": {
            "ImageId" : { "Ref": "AMI"},
            "SubnetId": {"Ref": "Subnet"},
            "AvailabilityZone": {"Ref": "AvailabilityZone"},
            "SecurityGroupIds" : [ "sg-b603b2cc" ],
            "Tags": [
                {
                    "Key": "Name",
                    "Value": "Head Node in DEV region"
                }
            ]
            }
        }

},
"Outputs": {
    "InstanceId": {
        "Value": {"Ref": "EC2Instance"},
        "Description": "ID of virtual server"
    },

    "PublicIPAddress": {
        "Value": {"Fn::GetAtt": ["EC2Instance", "PublicIp"]},
        "Description": "public IP address of virtual server"
    }
  }
 }
Improve this question
1
  • The powershell script when run manually on the EC2 instance it runs fine. Something is not correct in the way I am calling Commented Jul 21, 2017 at 17:02

1 Answer 1

Reset to default
2

While you have configured CloudFormation::Init in your template, it requires one additional step to activate.

The instance requires a User Data script that calls cfn-init.exe. This program then retrieves the configuration from the CloudFormation template and runs the requested commands.

For example:

  "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
    "<script>\n",

    "cfn-init.exe -v -s ", { "Ref" : "AWS::StackName" },
    " -r SharePointFoundation",
    " --region ", { "Ref" : "AWS::Region" }, "\n",

    "cfn-signal.exe -e %ERRORLEVEL% ", { "Fn::Base64" : { "Ref" : "SharePointFoundationWaitHandle" }}, "\n",

    "</script>"
    ]]}}

The signalling method also allows cfn-init to signal back success/failure to CloudFormation.

See: Bootstrapping AWS CloudFormation Windows Stacks

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks a lot John
Hi @Jason, if this or any answer has solved your question please consider accepting it by clicking the check-mark. This indicates to the wider community that you've found a solution and gives some reputation to both the answerer and yourself. There is no obligation to do this.
doesn't work still. I am posting full code in another posting.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.