1

I am trying to run a powershell script from the user data box when creating an ec2 instance from a custom AMI. I have enabled user data execution on the config before creating the ami.

This is what i put into user data

<powershell>
c:\scripts\github-download.ps1 someuser somepassword
</powershell>

The script it is calling is shown below. 

Param($gituser, $gitpass)
C:\Users\Administrator\AppData\Local\GitHub\shell.ps1 
git clone https://"$gituser":"$gitpass"@github.com/somegitrepo |out-null

I have no idea why this isn't working. Am i doing something wrong here? Any help really appreciated.

Improve this question
5
  • Not enough details to really troubleshoot this yet. How are you passing the user data into the instance (Console/CLI? Is it base 64 encoded? All details would be helpful here.)? Is the instance configured to talk out to the internet? Have you tried setting ExecutionPolicy as RemoteSigned in this script to make sure it can execute other scripts? Have you checked the ec2 config log at C:\Program Files\Amazon\Ec2ConfigService\Logs\Ec2ConfigLog.txt for any details? Have you tried logging in the script itself? Commented Apr 26, 2016 at 1:56
  • maybe don't |out-null the command so you can see what's going on? do you have a working set of git binaries? Commented Apr 26, 2016 at 4:50
  • Did you get a chance to try my answer? Commented Apr 30, 2016 at 15:51
  • @RodrigoM If you don't get resolution from this OP, I would recommend moving your excellent answer to a new, canonical question for troubleshooting powershell user data on EC2. OP hasn't given us enough detail that this isn't something trivial/unrelated yet, and I'd hate for your great answer to sit unaccepted on a bad question forever. Commented Apr 30, 2016 at 16:12
  • 1
    Good advice! Will do thanks Anthony Commented Apr 30, 2016 at 16:46

2 Answers 2

Reset to default
4

Instead of calling the user data using the <powsershell> tag, call PowerShell itself using the <script> tag. You gain command line control over its invocation, and can control execution policy and other command line settings directly:

<script>
    PowerShell -ExecutionPolicy Bypass -NoProfile -File c:\scripts\github-download.ps1 -user USER -password PASSWORD
</script>

In your script, setup the beginning and end sections of your script as below:

# Server script called from userdata in this format
# <script>
# PowerShell -ExecutionPolicy Bypass -NoProfile -File c:\scripts\github-download.ps1  -user USER -password PASSWORD
# </script>

param (
    [string]$user = $(throw "-user is required."),
    [string]$password = $(throw "-password is required."),
)
Start-Transcript -Path C:\userscriptlog.txt
Import-Module WebAdministration
if ([System.Diagnostics.EventLog]::SourceExists("Userdata") -eq $False) {
    New-Eventlog -Logname Application -Source 'Userdata' 
}
Write-Eventlog -Logname Application -Source 'Userdata' -EventId 1 -EntryType Information -Message 'Begining post-deployment configuration script'

-- YOUR MAIN SCRIPT HERE --

Write-Eventlog -Logname Application -Source 'Userdata' -EventId 1 -EntryType Information -Message 'Post-deployment configuration script complete'
Stop-Transcript

For error handling in your script, you need to use robust exception handling and logging for each command, again to make troubleshooting and debugging easy. This block simply gets the current instance ID, but note the exception handling and logging built in:

# get instance-id
try { 
    $InstanceId = (Invoke-WebRequest http://169.254.169.254/latest/meta-data/instance-id).content
} catch { 
    $_.Exception.message | out-file c:\InstanceId_error.log 
    Write-Host "FATAL: InstanceId exception"
    Exit    
}

if (!$InstanceId) { 
    Write-Host "FATAL: InstanceId is null"
    Exit    
} else {
    $InstanceId | out-file C:\InstanceId.txt
    Write-Host "InstanceId: $InstanceId"    
}

Try that approach to any command or shell invocation that you need to implement.

This powershell script 'wrapper' for user data scripts allows optional command line parameters, produces a transcript of execution, and logs events to the Windows event log, to confirm basic execution of the script.

It will provide a flexible framework for any Powershell based user data script, allow for easy debugging and testing.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

| out-null silences any errors that could be happening with git clone so you won't know what is wrong unless you pipe the error somewhere else or just don't use | out-null.

I would manually run the command on the EC2 instance without the | out-null before you try and use user data to automate anything.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.