CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2user-dataspinnaker
Elliott B
Elliott B

Reputation: 1199

Why is AWS user-data HTTP endpoint incorrect?

I'm trying to debug a Spinnaker pipeline that is not properly injecting my userdata to a Windows EC2 instance. For testing, I launched one with a simple base64 encoded userdata script like this:

<powershell>
write-output "Running userdata-test script"
</powershell>

From within the instance when I query the userdata HTTP endpoint it returns this:

PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/user-data

powershell
----------
...

However, the log file shows that it did actually run my script.

2023/04/08 01:49:27Z: Begin user data script process.
2023/04/08 01:49:27Z: Unable to parse <persist> tags. This can happen when tags are unmatched or poorly formed.
2023/04/08 01:49:27Z: Sending telemetry bool: IsUserDataScheduledPerBoot
2023/04/08 01:49:27Z: Unregister the scheduled task to persist user data.
2023/04/08 01:49:31Z: Unable to parse <runAsLocalSystem> tags. This can happen when tags are unmatched or poorly formed.
2023/04/08 01:49:31Z: Unable to parse <script> tags. This can happen when tags are unmatched or poorly formed.
2023/04/08 01:49:31Z: Unable to parse <powershellArguments> tags. This can happen when tags are unmatched or poorly formed.
2023/04/08 01:49:31Z: <powershell> tag was provided.. running powershell content
2023/04/08 01:49:35Z: Message: The output from user data script: Running userdata-test script

2023/04/08 01:49:35Z: User data script completed.

Is this a bug in the HTTP endpoint? Is there any other reliable method of seeing the true userdata?

Upvotes: 0

Views: 121

Answers (1)

John Rotenstein
John Rotenstein

Reputation: 269101

There are two versions of the Amazon EC2 Instance Metadata Service.

Version 1 allows you to directly access the metadata:

Invoke-RestMethod -Method GET -Uri http://169.254.169.254/latest/meta-data/

Version 2 requires that you first retrieve a token, and then call the metadata service:

PS C:\> [string]$token = Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "21600"} -Method PUT -Uri http://169.254.169.254/latest/api/token

PS C:\> Invoke-RestMethod -Headers @{"X-aws-ec2-metadata-token" = $token} -Method GET -Uri http://169.254.169.254/latest/meta-data/

Comparing this to your Question, it would appear that your code is missing the first line that sets the value of the $token variable.

Upvotes: 0

Related Questions