AWS::CloudFormation::Init Flashcards
What is cfn-init?
cfn-init is a helper script installed on EC2 OS. It is a simple configuration management system (kind of like ansible).
What can you do with cfn-init?
You can execute instructions in a procedural way (line by line) but can also be desired state.
- Can specify particular versions of packages. It will ensure things are configured to that end state.
- Can manipulate OS groups and users.
- Can download sources and extract them using authentication.
- Can create files with different contents, permissions and ownerships.
- Can run commands and test if certain conditions are true
- Can control services in an instance
How does cfn-initi work?
- Starts off with a CloudFormation template.
- This has a logical resource within it which is to create an EC2 instance.
- This has a specific section called
Metadata
. - This then passes in the information passed in as
UserData
.
cfn-init gets variables passed into the user data by CloudFormation.
What does it mean that cfn-init can work towards a desired state?
It knows the desired state and can work towards a final configuration.
This can monitor the user data and change things as the EC2 data changes.
What is creationPolicy and signals?
A CreationPolicy is something which is added to a logical resource inside a CloudFormation template. You create it and supply a timeout value.
This waits for a signal from the resource itself before moving to a create complete state, verifying if the instance was properly configured.
How do dfn-signals work?
The cfn-signal will report the state of the cfn-init to the stack. If the cfn-init was successfully run, then the instance will be moved to a complete state.
If nothing happens in X minutes (timeout) an error will be reported in CloudFormation.