cfn-hup
Description
The cfn-hup helper is a daemon that detects changes in resource metadata and runs
user-specified actions when a change is detected. This allows you to make configuration
updates on your running Amazon EC2 instances through the UpdateStack
API
action.
Syntax
cfn-hup --config|-c config.dir \ --no-daemon \ --verbose|-v
Options
Name | Description | Required |
---|---|---|
|
Specifies the path that the cfn-hup script looks for the
|
No |
|
Specify this option to run the cfn-hup script once and exit. |
No |
|
Specify this option to use verbose mode. |
No |
cfn-hup.conf configuration file
The cfn-hup.conf file stores the name of the stack and the AWS credentials that the cfn-hup daemon targets.
The cfn-hup.conf file uses the following format:
[main] stack=
<stack-name-or-id>
Name | Description | Required |
---|---|---|
|
A stack name or ID. Type: String |
Yes |
|
An owner-only credential file, in the same format used for the command line tools. Type: String Condition: The |
No |
|
The name of an IAM role that's associated with the instance. Type: String |
No |
|
The name of the AWS region containing the stack. Example: us-east-2 |
No |
|
The umask used by the cfn-hup daemon. This value can be specified with or without a leading 0. In both
cases, it's interpreted as an octal number (similar to the Linux
Type: Octal integer between Default: |
No |
|
The interval used to check for changes to the resource metadata in minutes. Type: Integer Default: |
No |
|
Specifies whether to use verbose logging. Type: Boolean Default: |
No |
hooks.conf configuration file
The user actions that the cfn-hup daemon calls periodically are defined in the hooks.conf configuration file. The hooks.conf file uses the following format:
[hookname] triggers=post.add
or
post.updateor
post.remove path=Resources.<logicalResourceId>
(.Metadataor
.PhysicalResourceId)(.<optionalMetadatapath>
) action=<arbitrary shell command>
runas=<runas user>
When the operation is run, it is run in a copy of the current environment (that cfn-hup is in), with CFN_OLD_METADATA set to the previous metadata value specified by path, and CFN_NEW_METADATA set to the current value.
The hooks configuration file is loaded at cfn-hup daemon start up only, so new hooks will require the daemon to be restarted. A cache of previous metadata values is stored at /var/lib/cfn-hup/data/metadata_db— you can delete this cache to force cfn-hup to run all post.add actions again.
Name | Description | Required |
---|---|---|
|
A unique name for this hook. Type: String |
Yes |
|
A comma-delimited list of conditions to detect. Valid values: Example: |
Yes |
|
The path to the metadata object. Supports an arbitrarily deep path within the Metadata block. Path format options
|
Yes |
|
An arbitrary shell command that is run as given. |
Yes |
|
A user to run the commands as. Cfn-hup uses the su command to switch to the user. |
Yes |
hooks.d directory
To support composition of several applications deploying change notification hooks, cfn-hup supports a directory named hooks.d that is located in the hooks configuration directory. You can place one or more additional hooks configuration files in the hooks.d directory. The additional hooks files must use the same layout as the hooks.conf file.
The cfn-hup daemon parses and loads each file in this directory. If any hooks in the hooks.d directory have the same name as a hook in hooks.conf, the hooks will be merged (meaning hooks.d will overwrite hooks.conf for any values that both files specify).
Example
In the following template snippet, CloudFormation triggers the
cfn-auto-reloader.conf
hooks file when you change the
AWS::CloudFormation::Init
resource that is associated with the
LaunchConfig
resource.
JSON
... "LaunchConfig": { "Type" : "AWS::AutoScaling::LaunchConfiguration", "Metadata" : { "QBVersion": {"Ref": "paramQBVersion"}, "AWS::CloudFormation::Init" : { ... "/etc/cfn/hooks.d/cfn-auto-reloader.conf": { "content": { "Fn::Join": [ "", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", "path=Resources.LaunchConfig.Metadata.AWS::CloudFormation::Init\n", "action=/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource LaunchConfig ", " --configsets wordpress_install ", " --region ", { "Ref" : "AWS::Region" }, "\n", "runas=root\n" ]]}, "mode" : "000400", "owner" : "root", "group" : "root" } ...
YAML
... LaunchConfig: Type: "AWS::AutoScaling::LaunchConfiguration" Metadata: QBVersion: !Ref paramQBVersion AWS::CloudFormation::Init: ... /etc/cfn/hooks.d/cfn-auto-reloader.conf: content: !Sub | [cfn-auto-reloader-hook] triggers=post.update path=Resources.LaunchConfig.Metadata.AWS::CloudFormation::Init action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --configsets wordpress_install --region ${AWS::Region} runas=root mode: "000400" owner: "root" group: "root" ...
Additional example
For a sample template, see Deploy applications on Amazon EC2.