在通过Cloudformation启动堡垒主机时,在CFN-Init中传递多个Powershell命令时遇到了问题。
安装Windows功能的第一条命令正在运行,但是第二条命令(及后续命令)未运行。我们已经尝试了基本的“ echo hello> file.txt”,但无法正常工作。我们已尝试使用反斜杠将引号转义。在这一点上,我们很茫然。
这是资源
BastionServer:
Type: AWS::EC2::Instance
Metadata:
AWS::Cloudformation::Init:
configSets:
config:
- setup
- installADDS
- finalize
setup:
files:
c:\cfn\cfn-hup.conf:
content: !Sub |
[main]
stack=${AWS::StackId}
region=${AWS::Region}
c:\cfn\hooks.d\cfn-auto-reloader.conf:
content: !Sub |
[cfn-auto-reloader-hook]
triggers=post.update
path=Resources.BastionServer.Metadata.AWS::CloudFormation::Init
action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --configsets full_install --region ${AWS::Region}
services:
windows:
cfn-hup:
enabled: 'true'
ensureRunning: 'true'
files:
- c:\cfn\cfn-hup.conf
- c:\cfn\hooks.d\cfn-auto-reloader.conf
installADDS:
commands:
1-install-prereqs:
command: powershell.exe -Command "Install-WindowsFeature RSAT-AD-Powershell RSAT-ADDS-Tools; "
waitAfterCompletion: '0'
2-create-user:
command: powershell.exe -ExecutionPolicy Bypass -Command "New-ADUser -Name '${DomainAdminUser}' -UserPrincipalName '${DomainAdminUser}'@'{$DomainDNSName}' -AccountPassword (ConvertTo-SecureString ${DomainAdminPassword} -AsPlainText -Force) -Enabled:$true -PasswordNeverExpires:$true"
finalize:
1-signal-success:
command: powershell.exe -Command "Write-AWSQuickStartStatus"
waitAfterCompletion: '0'
Properties:
ImageId:
Fn::FindInMap:
- "AWSAMIRegionMap"
- Ref: "AWS::Region"
- "WS2016FULLBASE"
InstanceType: t2.medium
SsmAssociations:
-
DocumentName:
Ref: "SSMDoc"
KeyName: !Ref 'KeyPair'
UserData: !Base64
Fn::Join:
- ''
- - "<script>\n"
- 'cfn-init.exe -v -c config -s '
- !Ref 'AWS::StackId'
- ' -r BastionServer'
- ' --region '
- !Ref 'AWS::Region'
- "\n"
- "</script>\n"
答案 0 :(得分:2)
假设您正在模板中将必需的变量(DomainAdminUser,DomainDNSName和DomainAdminPassword)作为参数传递,那么您只需要利用https://developers.google.com/places/android-sdk/client-migration,以便CloudFormation知道用以下内容替换变量:
installADDS:
commands:
1-install-prereqs: ...
2-create-user:
command: !Sub >-
powershell.exe -ExecutionPolicy Bypass -Command
"New-ADUser -Name '${DomainAdminUser}' -UserPrincipalName '${DomainAdminUser}'@'${DomainDNSName}' -AccountPassword (ConvertTo-SecureString ${DomainAdminPassword} -AsPlainText -Force) -Enabled:$true -PasswordNeverExpires:$true"
为帮助进行故障排除,您可以将脚本保存在堡垒上,以查看替换是否按预期工作:
installADDS:
files:
'C:\cfn\scripts\CreateUser.ps1':
content: !Join
- ''
- - "New-ADUser -Name '${"
- !Ref DomainAdminUser
- "}' -UserPrincipalName '${"
- !Ref DomainAdminUser
- "}'@'${"
- !Ref DomainDNSName
- "}' -AccountPassword (ConvertTo-SecureString ${"
- !Ref DomainAdminPassword
- "} -AsPlainText -Force) -Enabled:$true -PasswordNeverExpires:$true"
commands:
1-install-prereqs: ...
2-create-user:
command: >-
powershell.exe -ExecutionPolicy Bypass -Command
C:\cfn\scripts\CreateUser.ps1
答案 1 :(得分:1)
"AWS::Cloudformation::Init" 元素有问题。它应该是 "AWS::CloudFormation::Init"。 (大写 "F")