cfn-init
Description
The cfn-init helper script reads template metadata from the AWS::CloudFormation::Init key and acts accordingly to:
-
Fetch and parse metadata from AWS CloudFormation
-
Install packages
-
Write files to disk
-
Enable/disable and start/stop services
If you use cfn-init to update an existing file, it creates a
backup copy of the original file in the same directory with a
.bak extension. For example, if you update
/
,
the action produces two files:
path
/to
/file_name
/
contains the original file's contents and
path
/to
/file_name
.bak/
contains the updated contents.
path
/to
/file_name
For information about the template metadata, see AWS::CloudFormation::Init.
cfn-init does not require credentials, so you do not need to use the --access-key
, --secret-key
, --role
, or --credential-file
options. However, if no credentials are specified, AWS CloudFormation checks for
stack membership and limits the scope of the call to the stack that the instance belongs
to.
Syntax
cfn-init --stack|-s
stack.name.or.id
\ --resource|-rlogical.resource.id
\ --regionregion
--access-keyaccess.key
\ --secret-keysecret.key
\ --rolerolename
\ --credential-file|-fcredential.file
\ --configsets|-cconfig.sets
\ --url|-uservice.url
\ --http-proxyHTTP.proxy
\ --https-proxyHTTPS.proxy
\ --verbose|-v
Options
Name | Description | Required |
---|---|---|
|
Name of the Stack. Type: String Default: None Example: |
Yes |
|
The logical resource ID of the resource that contains the metadata. Type: String Example: |
Yes |
|
The AWS CloudFormation regional endpoint to use. Type: String Default:
Example: |
No |
|
AWS access key for an account with permission to call DescribeStackResource on AWS CloudFormation. The credential file parameter supersedes this parameter. Type: String |
No |
|
AWS secret access key that corresponds to the specified AWS access key. Type: String |
No |
|
The name of an IAM role that is associated with the instance. Type: String Condition: The credential file parameter supersedes this parameter. |
No |
|
A file that contains both a secret access key and an access key. The credential file parameter supersedes the --role, --access-key, and --secret-key parameters. Type: String |
No |
|
A comma-separated list of configsets to run (in order). Type: String Default:
|
No |
|
The AWS CloudFormation endpoint to use. Type: String |
No |
|
An HTTP proxy (non-SSL). Use the following format:
Type: String |
No |
|
An HTTPS proxy. Use the following format:
Type: String |
No |
|
Verbose output. This is useful for debugging cases where cfn-init is failing to initialize. To debug initialization events, you should turn DisableRollback on. You can do this by using the AWS CloudFormation console, selecting Show Advanced Options, and then setting "Rollback on failure" to "No". You can then SSH into the console and read the logs at /var/log/cfn-init.log. |
No |
Example
Amazon Linux example
The following snippet shows the UserData
property
of an EC2 instance, which runs the InstallAndRun
configset that is associated with the
WebServerInstance
resource.
For a complete example template, see Deploying applications on Amazon EC2 with AWS CloudFormation.
JSON
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xe\n", "# Install the files and packages from the metadata\n", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource WebServerInstance ", " --configsets InstallAndRun ", " --region ", { "Ref" : "AWS::Region" }, "\n" ]]} }
YAML
UserData: !Base64 'Fn::Join': - '' - - | #!/bin/bash -xe - | # Install the files and packages from the metadata - '/opt/aws/bin/cfn-init -v ' - ' --stack ' - !Ref 'AWS::StackName' - ' --resource WebServerInstance ' - ' --configsets InstallAndRun ' - ' --region ' - !Ref 'AWS::Region' - |+