Is there a way to confirm user_data ran successfully with Terraform for EC2?

Question

I'm wondering if it's possible to know when the script in user data executes completely?

data "template_file" "script" {
  template = file("${path.module}/installing.sh")
}

data "template_cloudinit_config" "config" {
  gzip          = false
  base64_encode = false

  # Main cloud-config configuration file.
  part {
    filename     = "install.sh"
    content      = "${data.template_file.script.rendered}"
  }
}

resource "aws_instance" "web" {
  ami           = "ami-04e7b4117bb0488e4"
  instance_type = "t2.micro"
  key_name = "KEY"
  vpc_security_group_ids = [aws_default_security_group.default.id]
  subnet_id = aws_default_subnet.default_az1.id
  associate_public_ip_address = true
  iam_instance_profile = "Role_S3"
  user_data = data.template_cloudinit_config.config.rendered
  tags = {
    Name = "Terraform-Ansible"
  }
}

And in the content of the script I have this. It tells me Terraform successfully apply the changes, but the script is still running, is there a way I can monitor that?

#!/usr/bin/env bash
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
echo BEGIN
sudo apt update
sudo apt upgrade -y
sudo apt install -y unzip
echo END

Answer 1

Well I use these two ways to confirm.

1. At the end of cloudinit config file this line sends me a notification through whatsapp (using callmebot). Thus no matter how much does it take to setup, I always get notified when it's ready to use. I watch some series or read something in that time. no time wasted.

curl -X POST "https://api.callmebot.com/whatsapp.php?phone=12345678910&text=Ec2+transcoder+setup+complete&apikey=12345"

2. At the end of cloudinit config this line runs -

echo "for faster/visual confirmation of above execution.." 
wget https://www.sample-videos.com/video123/mp4/720/big_buck_bunny_720p_1mb.mp4 -O /home/ubuntu/dpnd_comp.mp4

When I sign in to the instance I can see directly the file.

And I'm loving it. Hope this helps someone. Also, don't forget to tell me your method too.

Answer 2

Here are some pointers to remember:

1. User data shell scripts must start with the Shebang #! characters and the path to the interpreter you want to read the script (commonly /bin/bash).
2. Scripts entered as user data are run as the root user, so no need to use the sudo command in the init script.
3. When a user data script is processed, it is copied to and run from /var/lib/cloud/instances/instance-id/. The script is not deleted after it is run and can be found in this directory with the name user-data.txt So to check if your shell script made to the server refer this directory and the file. The cloud-init output log file (/var/log/cloud-init-output.log) captures console output of your user_data shell script. to know how your user_data shell script was executed and its output check this file.

Source: https://www.middlewareinventory.com/blog/terraform-aws-ec2-user_data-example/

Answer 3

No, You can not confirm the user data status from the terraform, as it posts launching script that executes once EC2 instance launched. But you will need some extra effort on init script that one way to check.

How to check User Data status while launching the instance in aws

If you do something that is mentioned above to make some marker file once user data completed, then you can try this to check.

resource "null_resource" "user_data_status_check" {

  provisioner "local-exec" {
    on_failure  = "fail"
    interpreter = ["/bin/bash", "-c"]
    command     = <<EOT
          echo -e "\x1B[31m wait for few minute for instance warm up, adjust accordingly \x1B[0m"
          # wait 30 sec 
          sleep 30
          ssh -i yourkey.pem instance_ip ConnectTimeout=30  -o 'ConnectionAttempts 5' test -f "/home/user/markerfile.txt" && echo found || echo not found
          if [ $? -eq 0 ]; then
          echo "user data sucessfully executed"
          else
            echo "Failed to execute user data"
          fi
     EOT
  }
    triggers = {
    #remove this once you test it out as it should run only once
    always_run ="${timestamp()}"

  }
  depends_on = ["aws_instance.my_instance"]
  
}

so this script will check marker file on the newly launch server by doing ssh with timeout 30 seconds with max attempts 5.