CODEWITHSUNDEEP
jsonamazon-web-servicespowershellaws-cloudformationaws-cloudformation-custom-resource
Diego Laurora
Diego Laurora

Reputation: 109

Invoke Parameter into a CloudFormation Powershell script

it is possible to invoke a parameter into a PowerShell script running inside userdata?

I'm trying to assign a password, ADuser, and domain, in order to change the local computer name and join the server into the domain.

I can add the self input during the stack creation, but I don't know how to use the info inside userdata, is there any Ref that it can be used?

I'm able to do this using all the information inside userdata, but I don't want to save the stack with our domain information and credentials.

"Parameters" : {
"VMName":{
  "Description":"Name of the EC2 Windows instance",
  "Type":"String"
},
"DomainUser":{
    "Description":"Name of Service/User domain account to be used to join the EC2 instance into CX domain",
    "Type" : "String",
    "MinLength" : "3",
    "MaxLength" : "25",
    "AllowedPattern" : "[a-zA-Z0-9]+\\..+"
},
"DomainCredential":{
    "Description":"Password of the Service/User domain account to be used to join the EC2 instance into CX domain",
    "Type" : "String",
    "MinLength" : "8",
    "MaxLength" : "32",
    "AllowedPattern" : "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
    "NoEcho" : "True"
},
"Resources" : {
"EC2InstanceOne":{
  "Type":"AWS::EC2::Instance",
  "DeletionPolicy" : "Retain",
  "Properties":{
    "InstanceType":{ "Ref" : "InstanceType" },
    "SubnetId": { "Ref" : "MySubnetVM1" },
    "SecurityGroupIds":[ { "Ref" : "SGUtilized" } ],
    "SecurityGroupIds":[ { "Ref" : "SGUtilized2" } ],
    "IamInstanceProfile"  : { "Ref" : "RoleName" },
    "KeyName": { "Ref" : "ServerKeyName" },
    "ImageId":{ "Ref" : "AMIUtilized" },
     "BlockDeviceMappings" : [
           {
              "DeviceName" : "/dev/sda1",
              "Ebs" : {
                 "VolumeType" : "standard",
                 "DeleteOnTermination" : "false",
                 "VolumeSize" : "50"
              }
           }
        ],
 "UserData" : { "Fn::Base64" : { "Fn::Join" : [ "", [
       "<script>\n",
           "PowerShell -Command \"& {$password = 'variable from parameter here' | ConvertTo-SecureString -asPlainText -Force ; $username = 'variable from parameter here'' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Rename-Computer -NewName 'variable from parameter here''  -DomainCredential $credential}\" \n",
   
       "PowerShell -Command \"& {$domain='variable from parameter here';$password = 'variable from parameter here'' | ConvertTo-SecureString -asPlainText -Force ;$username = 'variable from parameter here'' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Add-Computer -DomainName $domain -Credential $credential}\" \n",
       "PowerShell -Command \"& {Restart-Computer}\" \n",
   "</script>"  
]
  ]
}

} }

Thanks, best regards.

Upvotes: 1

Views: 1585

Answers (1)

bearrider
bearrider

Reputation: 322

you can to use Fn::Sub like this:

{
  "Fn::Sub": 
    "PowerShell -Command \"& {$domain=${VMName};$password = ${DomainCredential}' | ConvertTo-SecureString -asPlainText -Force ;$username = ${DomainUser}' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Add-Computer -DomainName $domain -Credential $credential}\" \n"
}

here's a yaml sample :

UserData:
  Fn::Base64:
    !Sub |
    echo ${ParamPassword} | tee - | passwd ec2-user

Upvotes: 2

Related Questions