How do I troubleshoot Powershell user data scripts on AWS EC2?

Question

I am trying to run a powershell script from the user data box when creating an ec2 instance from a custom AMI. I have enabled user data execution on the config before creating the ami.

This is what i put into user data

<powershell>
c:\scripts\github-download.ps1 someuser somepassword
</powershell>

The script it is calling is shown below.

Param($gituser, $gitpass)
C:\Users\Administrator\AppData\Local\GitHub\shell.ps1 
git clone https://"$gituser":"$gitpass"@github.com/somegitrepo |out-null

I have no idea why this isn't working. Am i doing something wrong here? Any help really appreciated.

Answer 1

Instead of calling the user data using the <powsershell> tag, call PowerShell itself using the <script> tag. You gain command line control over its invocation, and can control execution policy and other command line settings directly:

<script>
    PowerShell -ExecutionPolicy Bypass -NoProfile -File c:\scripts\github-download.ps1 -user USER -password PASSWORD
</script>

In your script, setup the beginning and end sections of your script as below:

# Server script called from userdata in this format
# <script>
# PowerShell -ExecutionPolicy Bypass -NoProfile -File c:\scripts\github-download.ps1  -user USER -password PASSWORD
# </script>

param (
    [string]$user = $(throw "-user is required."),
    [string]$password = $(throw "-password is required."),
)
Start-Transcript -Path C:\userscriptlog.txt
Import-Module WebAdministration
if ([System.Diagnostics.EventLog]::SourceExists("Userdata") -eq $False) {
    New-Eventlog -Logname Application -Source 'Userdata' 
}
Write-Eventlog -Logname Application -Source 'Userdata' -EventId 1 -EntryType Information -Message 'Begining post-deployment configuration script'

-- YOUR MAIN SCRIPT HERE --

Write-Eventlog -Logname Application -Source 'Userdata' -EventId 1 -EntryType Information -Message 'Post-deployment configuration script complete'
Stop-Transcript

For error handling in your script, you need to use robust exception handling and logging for each command, again to make troubleshooting and debugging easy. This block simply gets the current instance ID, but note the exception handling and logging built in:

# get instance-id
try { 
    $InstanceId = (Invoke-WebRequest http://169.254.169.254/latest/meta-data/instance-id).content
} catch { 
    $_.Exception.message | out-file c:\InstanceId_error.log 
    Write-Host "FATAL: InstanceId exception"
    Exit    
}

if (!$InstanceId) { 
    Write-Host "FATAL: InstanceId is null"
    Exit    
} else {
    $InstanceId | out-file C:\InstanceId.txt
    Write-Host "InstanceId: $InstanceId"    
}

Try that approach to any command or shell invocation that you need to implement.

This powershell script 'wrapper' for user data scripts allows optional command line parameters, produces a transcript of execution, and logs events to the Windows event log, to confirm basic execution of the script.

It will provide a flexible framework for any Powershell based user data script, allow for easy debugging and testing.

Answer 2

| out-null silences any errors that could be happening with git clone so you won't know what is wrong unless you pipe the error somewhere else or just don't use | out-null.

I would manually run the command on the EC2 instance without the | out-null before you try and use user data to automate anything.