5

I have a user-data script file when launching an EC2 instance from an AMI image. The script uses AWS but I get "aws: command not found". The AWS-CLI is installed as part of the AMI (I can use it once the instance is up) but for some reason the script cannot find it.

Am I missing something? any chance that the user-data script runs before the image is loaded (I find it hard to believe)? Maybe the path env variable is not set at this point?

Thanks,

Improve this question

2 Answers 2

Reset to default
5

any chance that the user-data script runs before the image is loaded

No certainly not. It is a service on that image that runs the script.

Maybe the path env variable is not set at this point

This is most likely the issue. The scripts run as root not ec2-user, and don't have access to the path you may have configured in your ec2-user account. What happens if you try specifying /usr/bin/aws instead of just aws?

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

You additionally need to configure aws cli for root user as the user data script is executed by root and not any other user.
@JSelecta if by configure you mean the AWS API key and Secret key, you should be using EC2 IAM roles instead.
Does that replace the need to have the aws cli configured for root user? That's good to know and makes sense. I will test it momentarily. Thanks man!
@JSelecta yes, you wouldn't configure keys on the server directly. You might still need to configure things like default output format and default AWS region, but that can also be specified directly in the cli commands you execute. In the past I've been able to use the cli tool without running config, when running on EC2 with an IAM profile attached.
-2

You can install aws cli and set up environment variables with your credentials. For example, in the user data script, you can write something like:

#!/bin/bash
apt-get install -y awscli
export AWS_ACCESS_KEY_ID=your_access_key_id_here
export AWS_SECRET_ACCESS_KEY=your_secret_access_key_here
aws cp s3://test-bucket/something /local/directory/

In case you are using a CentOS based AMI, then you have to change apt-get line for yum, and the package is called aws-cli instead of awscli.

Improve this answer

2 Comments

From a security standpoint, this is horrible as anybody with read access could inspect user data and potentially use these credentials.
Please do NOT use this method

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.