1

it is possible to invoke a parameter into a PowerShell script running inside userdata?

I'm trying to assign a password, ADuser, and domain, in order to change the local computer name and join the server into the domain.

I can add the self input during the stack creation, but I don't know how to use the info inside userdata, is there any Ref that it can be used?

I'm able to do this using all the information inside userdata, but I don't want to save the stack with our domain information and credentials.

"Parameters" : {
"VMName":{
  "Description":"Name of the EC2 Windows instance",
  "Type":"String"
},
"DomainUser":{
    "Description":"Name of Service/User domain account to be used to join the EC2 instance into CX domain",
    "Type" : "String",
    "MinLength" : "3",
    "MaxLength" : "25",
    "AllowedPattern" : "[a-zA-Z0-9]+\\..+"
},
"DomainCredential":{
    "Description":"Password of the Service/User domain account to be used to join the EC2 instance into CX domain",
    "Type" : "String",
    "MinLength" : "8",
    "MaxLength" : "32",
    "AllowedPattern" : "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
    "NoEcho" : "True"
},
"Resources" : {
"EC2InstanceOne":{
  "Type":"AWS::EC2::Instance",
  "DeletionPolicy" : "Retain",
  "Properties":{
    "InstanceType":{ "Ref" : "InstanceType" },
    "SubnetId": { "Ref" : "MySubnetVM1" },
    "SecurityGroupIds":[ { "Ref" : "SGUtilized" } ],
    "SecurityGroupIds":[ { "Ref" : "SGUtilized2" } ],
    "IamInstanceProfile"  : { "Ref" : "RoleName" },
    "KeyName": { "Ref" : "ServerKeyName" },
    "ImageId":{ "Ref" : "AMIUtilized" },
     "BlockDeviceMappings" : [
           {
              "DeviceName" : "/dev/sda1",
              "Ebs" : {
                 "VolumeType" : "standard",
                 "DeleteOnTermination" : "false",
                 "VolumeSize" : "50"
              }
           }
        ],
 "UserData" : { "Fn::Base64" : { "Fn::Join" : [ "", [
       "<script>\n",
           "PowerShell -Command \"& {$password = 'variable from parameter here' | ConvertTo-SecureString -asPlainText -Force ; $username = 'variable from parameter here'' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Rename-Computer -NewName 'variable from parameter here''  -DomainCredential $credential}\" \n",
   
       "PowerShell -Command \"& {$domain='variable from parameter here';$password = 'variable from parameter here'' | ConvertTo-SecureString -asPlainText -Force ;$username = 'variable from parameter here'' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Add-Computer -DomainName $domain -Credential $credential}\" \n",
       "PowerShell -Command \"& {Restart-Computer}\" \n",
   "</script>"  
]
  ]
}

} }

Thanks, best regards.

Improve this question
3
  • How do you want to invoke it? Is there are REST Api to call or how should it be done? Commented Aug 14, 2020 at 18:22
  • Can you share the whole piece of resource from cloudformation? Commented Aug 14, 2020 at 18:33
  • I have added the rest of the code. Commented Aug 14, 2020 at 19:02

1 Answer 1

Reset to default
2

you can to use Fn::Sub like this:

{
  "Fn::Sub": 
    "PowerShell -Command \"& {$domain=${VMName};$password = ${DomainCredential}' | ConvertTo-SecureString -asPlainText -Force ;$username = ${DomainUser}' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Add-Computer -DomainName $domain -Credential $credential}\" \n"
}

here's a yaml sample :

UserData:
  Fn::Base64:
    !Sub |
    echo ${ParamPassword} | tee - | passwd ec2-user
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Hi, I tried your example, and I received the following error "One or more Fn::Sub intrinsic functions don't specify expected arguments. Specify a string as first argument, and an optional second argument to specify a mapping of values to replace in the st" I thought it was due to the Domain reference, as it was invoking the VMname, so I changed it but still receiving the same error message.
you can simply do ${parameterName} and ignore the REFs. that will work too. important thing to note here is you use !Sub and ${var} - let me know if this works.
Thanks, for all the info, it really helped me a lot!.
Is ${ParamPassword} a Ref or an Attr?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.