25

We can use AWS::CloudFormation::Init to execute commands and upload files after starting an instance. But does anybody know what are the internals of this operation (from Amazon's side)?

When we pass a template in, at what point are the files or commands transmitted to the VM? Is this is a Xen feature (through special pipe), or via the network?

"Resources": {
  "MyInstance": {
    "Type": "AWS::EC2::Instance",
    "Metadata" : {
      "AWS::CloudFormation::Init" : {
        "config" : {
          "packages" : {
            :
          },
          "sources" : {
            :
          },
          "commands" : {
            :
          },
          "files" : {
            :
          },
          "services" : {
            :
          },
          "users" : {
            :
          },
          "groups" : {
            :
          }
        }
      }
    },
    "Properties": {
      :
    }
  }
}
sashoalm
  • 75,001
  • 122
  • 434
  • 781
SoYoung
  • 315
  • 1
  • 3
  • 10

1 Answers1

41

Creating a AWS::CloudFormation::Init resource as metadata to an EC2 instance does not cause the instance to do anything by itself.

For the instance to actually perform all the operations specified in that resource, it must run the cfn-init command line tool. On Amazon EC2 AMIs that command is already installed at /opt/aws/bin/cfn-init. The command takes several options, including the name of the AWS::CloudFormation::Init resource, the name of the EC2 server resource, and the region you are running in. You also need to provide AWS security credentials.

If you'd like this to run automatically when you create a new instance (I sure did) you'll have to use the EC2 instance's UserData to create a shell script that the instance will run on first boot, and put the cfn-init command in it.

I've written about this specific issue in my blog recently.

sashoalm
  • 75,001
  • 122
  • 434
  • 781
Charles Engelke
  • 5,569
  • 1
  • 29
  • 26
  • 3
    Thank you, it's really really useful information. But I still want to know, how it works behind the cfn-init(how those command and files transmitted to the VM, via the network or other virtual devices?) – SoYoung Jan 23 '13 at 01:31
  • 3
    cfn-init makes an HTTP request to an Amazon address to fetch the data in the resource. It then performs the actions specified in the template. Where is the template? Somewhere on an Amazon controlled server. – Charles Engelke Jan 23 '13 at 02:17
  • So, all of those action are based on network? It sounds reasonable, but still have some inconvenient situation. If I don't want to open the SecurityGroup out of the security reason(only 22 port), it will be a problem to deploy my application automatically. To be honest, I hope they are transmitted by special pipe or devices(in xen). Any way, thanks for your help! – SoYoung Jan 23 '13 at 02:36
  • There is also a way to run a command from the template here I think?http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html#aws-resource-init-commands – Master James Dec 07 '16 at 10:11