AWS User data windows standard AMI - amazon-ec2

I'm trying to use codedeploy with autoscaling in order to automate the deployment of my application.
I have everything ready. When developing all the parts (hooks' scripts, roles etc) I installed the codedeploy agent manually. Now I want to make it production ready, which means that the codedeploy agent will be installed at sysprep (by providing the powershell commands via user data in launch configuration).
The problem is that it's not working. The script either runs and fails for some reason (are there any logs to confirm?) or it doesn't run at all. My AMI is based on a aws standard windows AMI. The EC2ConfigService is present.
Do you have any idea of what could be the problem or if I have some way to find what's the problem (logs)?

You could take a look at C:\Program Files\Amazon\Ec2ConfigService\Logs\Ec2ConfigLog.txt
On Linux AMIs you can also find the user data script execution logs in the ec2 console when you right click your instance -> Instance Settings -> Get System Log.

Related

Create Amazon Linux 2 instance via CodeStar

I have created a Java Web application with Elastic Beanstalk using AWS CodeStar. The application works, no problem there. But the EC2 instance the Elastic Beanstalk provisioned is running Amazon Linux 1. I need to have Amazon Linux 2, because some of the things I want to install there run only on Amazon Linux 2. The AMI used for the instance is aws-elasticbeanstalk-amzn-2018.03.0.x86_64-tomcat8.5java8-hvm-202102251130.
When you are creating a project via CodeStar, you can only select instance type (I selected t3.micro for start). There is no way to select operating system. You also cannot specify OS in the EC2 console or Elastic Beanstalk console. Solution might be to select a different AMI in the Auto-scaling group, but I am not sure if the template provided by CodeStar will work on AL2, since it was built for AL1.
So my question is:
Is there an easy way to get a AL2 instance for a CodeStar project?
If the only solution is to specify AMI, which one should it be and how to make sure my project will work there?
There are two ways to change it, but I don't know if forcing EB platform version change won't break some CodeStar compatibilities. Anyway, you can give it a go, if you want.
First option, you can go to your source code repo, and open template.yml. Find line SolutionStackName: !Ref 'SolutionStackName' and change to which platform you want, e.g.:
SolutionStackName: 64bit Amazon Linux 2 v4.1.6 running Tomcat 8.5 Corretto 11
The change should trigger re-deployment of your CodeStar project and EB env.
Or second option, go to CodePiepline of your CodeStar project and edit Deploy stage's GenerateChangeSet action. In the Advanced settings of the action, got to Parameter overrides and "SolutionStackName":"64bit Amazon Linux 2018.03 v3.4.4 running Tomcat 8.5 Java 8", to what you want, e.g.:
"SolutionStackName":"64bit Amazon Linux 2 v4.1.6 running Tomcat 8.5 Corretto 11",
Please not that you may need also to add permissions to the role CodePipeline uses for CloudFormation. The name of the role can be found in GenerateChangeSet action details. Once you have the name, you can go to IAM console, and add missing permissions. In my test, I did try to find minimum needed permissions, so I just added bunch of them (bad practice):
AmazonEC2FullAccess
AdministratorAccess-AWSElasticBeanstalk
AWSCloudFormationFullAccess
Finally, the demo application that CodeStar uses probably will not work with the updated environment as it was designed for older EB platforms, not new ones.

Foreman finish template is not getting resolve when user-data of the image is enabled

I am using Foreman 1.6 and using AWS EC2 as compute resource.
Problem is, Foreman could not able to resolve the finish template when the user-data of image is enabled. And, I could not able to provision the VM.
When user-date of image is disabled, foreman able to resolve the finish-template and able to provision the vm (Without reading the template, i.e puppet client installation).
Could you guide me where I am going wrong? Its been two week I am struggling with this issue.
Thanks,
Sekhar
You need to create a new provisioning script of type "user-data" (or just use the "Kickstart default user data" and associate it to your OS. Finish scripts are not the right "kind" for cloud-init.

best way to bundle update on server while booting

I have an AMI which has configured with production code setup.I am using Nginx + unicorn as server setup.
The problem I am facing is, whenever traffic goes up I need to boot the instance log in to instance and do a git pull,bundle update and also precompile the assets.Which is time consuming.So I want to avoid all this process.
Now I want to go with a script/process where I can automate whole deployment process, like git pull, bundle update and precompile as soon as I boot a new instance from this AMI.
Is there any best way process to get this done ? Any help would be appreciated.
You can place your code in /etc/rc.local (commands in this file will be executed when server will be loaded).
But the best way is using (capistrano). You need to add require "capistrano/bundler" to your deploy.rb file, and bundle update will be runned automatically. For more information you can read this article: https://semaphoreapp.com/blog/2013/11/26/capistrano-3-upgrade-guide.html
An alternative approach is to deploy your app to a separate EBS volume (you can still mount this inside /var/www/application or wherever it currently is)
After deploying you create an EBS snapshot of this volume. When you create a new instance, you tell ec2 to create a new volume for your instance from the snapshot, so the instance will start with the latest gems/code already installed (I find bundle install can take several minutes). All your startup script needs to do is to mount the volume (or if you have added it to the fstab when you make the ami then you don't even need to do that). I much prefer scaling operations like this to have no dependencies (eg what would you do if github or rubygems have an outage just when you need to deploy)
You can even take this a step further by using amazon's autoscaling service. In a nutshell you create a launch configuration where you specify the ami, instance type, volume snapshots etc. Then you control the group size either manually (through the web console or the api) according to a fixed schedule or based on cloudwatch metrics. Amazon will create or destroy instances as needed, using the information in your launch configuration.

AWS Ruby SDK - Delete application and all associated environments

I'm using the AWS Ruby SDK to interact with Amazon Beanstalk. I've got applications with more or more running environments. The application names are easily known to my Ruby code, but the environment names were dynamically generated, and so aren't easily obtainable.
I hoped that the delete_application method would also terminate all running environments automatically, but the following error results from trying to delete a Beanstalk application with running environments:
Unable to delete application dsw88-test-app-prod because it has a version that is deployed to a running environment.
Deleting an application manually in the AWS console also is able to automatically remove running environments. Is there a way to easily delete an application and all its running environments using the Ruby SDK?
After more research, I don't believe this is possible. Instead, you must use the following process:
Get a list of all the environments in your application using the describe_environments call
Terminate each one of those running environments using the terminate_environment call
Once those are done (You should wait for them to finish), then you can run the delete_application call to delete your application
It would be nice if Amazon provided a way to delete all that stuff programmatically with one command (like they do in the UI), but it doesn't look like that is currently supported.

Windows+CloudFormation :User doesn't have permission to call IAM:CreateUser

I cannot find decent documentation about using CloudFormation with Windows 2008 R2 AMI. AWS recently released a new Windows AMI which has CloudFormation tools pre-installed.
The AMI itself can be found here :
https://aws.amazon.com/amis/microsoft-windows-server-2008-r2-base-cloudformation
Aim: I want to use CloudFormation so that during bootup the instance can download the latest dlls and config files of my application from S3.
In that AMI, by default, where are these tools located under C:\ ? ( I did a search in the file system and couldn't find it)
Do these tools already run by default automatically on bootup ? Or do I have to write a script to do so and re-bundle (remake) an EBS backed AMI ? I would like to test this !
To try out the sample templates provided by AWS for Windows, I tried launching the Windows Sharepoint template given here : https://s3.amazonaws.com/cloudformation-templates-us-east-1/Windows_Single_Server_SharePoint_Foundation.template .When I try to launch this stack given by that template, it gives me the following error and rollsback :
AccessDenied. User doesn't have permission to call iam:CreateUser
As per the "Account Owner", my IAM account belongs to the Administrators Group which "cannot create new users", if that's the case how should I tackle this issue.
As per my understanding, if I have to use CloudFormation to retrieve metadata, the CloudFormation stack creates a new IAM user with only "DescribeStackResource" action permission and this new IAM user lives as long as that stack lives.
It will be available under C:\Program Files (x86)\Amazon\cfn-bootstrap but not sure whether it will run on boot, that I have to verify.

Resources