1

I am new to GIT, is there a way to pull a GIT script that holds the user data to provision an AWS EC2 instance via CLI? 

aws ec2 run-instances --image-id ami-cd0f5cb6 --count 1 --instance-type t2.micro 
--key-name ciServer --subnet-id subnet-2f31275b --associate-public-ip-address 
--security-group-ids sg-762a5006 --block-device-mappings '[{"DeviceName":"/dev/sda1","Ebs":{"VolumeSize":20}}]' 
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=My New Server}]' 
--user-data me@git.com/myUserDatarepo.git
Lgalan90
  • 595
  • 2
  • 12
  • 31

1 Answers1

0

Create a bash script that installs git and then downloads the repo to where you need it. Make this script your userdata script. You'll have to get credentials to the git repo to the userdata script/server. You can install the AWS cli and pull from a protected s3 bucket that has the credentials or use something like consul or Hashicorp vault to pull the secret. I generally uses a ssh key file that has access to the git repo, a s3 bucket is only accessible to the IAM instance role for the server you are provisioning and is encrypted with Server side encryption.

Other questions discusses this as well

Is it secure to store EC2 User-Data shell scripts in a private S3 bucket?

How can I (securely) download a private S3 asset onto a new EC2 instance with cloudinit?

New Services by AWS System Manager Parameter Store

https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-about.html

strongjz
  • 4,271
  • 1
  • 17
  • 27
  • This is great. I think now that you mention it, it might be safer to go the S3 route since it seems to make the most sense at the moment. Thanks for the response! – Lgalan90 Oct 12 '17 at 21:10