cfn-init
In a CloudFormation template, you can use AWS::CloudFormation::Init
within the
Metadata
section of an Amazon EC2 resource to define initialization tasks. For
more information, see AWS::CloudFormation::Init in the AWS CloudFormation User Guide.
The cfn-init
helper script reads template metadata from the
AWS::CloudFormation::Init
key and acts accordingly to:
-
Fetch and parse metadata from CloudFormation
-
Install packages
-
Write files to disk
-
Enable/disable and start/stop services
The cfn-init
helper script is typically run from an Amazon EC2 instance's or
launch template's user data.
Note
If you use cfn-init
to update an existing file, it creates a backup copy
of the original file in the same directory with a .bak extension. For example, if you
update
/
,
the action produces two files:
path
/to
/file_name
/
contains the original file's contents and
path
/to
/file_name
.bak/
contains the updated contents.path
/to
/file_name
Syntax
cfn-init --stack|-s
stack.name.or.id
\ --resource|-rlogical.resource.id
\ --regionregion
\ --access-keyaccess.key
\ --secret-keysecret.key
\ --rolerolename
\ --credential-file|-fcredential.file
\ --configsets|-cconfig.sets
\ --url|-uservice.url
\ --http-proxyHTTP.proxy
\ --https-proxyHTTPS.proxy
\ --verbose|-v
Note
cfn-init
doesn't require credentials, so you don't need to use the
--access-key
, --secret-key
, --role
, or
--credential-file
options. However, if no credentials are specified,
CloudFormation checks for stack membership and limits the scope of the call to the stack
that the instance belongs to. For more information, see Permissions for helper
scripts.
Options
Name | Description | Required |
---|---|---|
|
Stack name or stack ID. Type: String Default: None Example: |
Yes |
|
The logical resource ID of the resource that contains the metadata. Type: String Example: |
Yes |
|
The CloudFormation regional endpoint to use. Type: String Default: Example: |
No |
|
AWS access key for an account with permission to call
Type: String |
No |
|
AWS secret access key that corresponds to the specified AWS access key. Type: String |
No |
|
The name of an IAM role that's associated with the instance. Type: String Condition: The credential file parameter supersedes this parameter. |
No |
|
A file that contains both a secret access key and an access key. The credential file parameter supersedes the --role, --access-key, and --secret-key parameters. Type: String |
No |
|
A comma-separated list of configsets to run (in order). Type: String Default: |
No |
|
The CloudFormation endpoint to use. Type: String |
No |
|
An HTTP proxy (non-SSL). Use the following format:
Type: String |
No |
|
An HTTPS proxy. Use the following format:
Type: String |
No |
|
Verbose output. This is useful for debugging cases where
NoteTo debug initialization events, you should turn
|
No |
|
Shows the help message and exits. |
No |
Examples
Amazon Linux examples
The following examples show the UserData
property of an EC2 instance,
which runs the InstallAndRun
configset that's associated with the
WebServerInstance
resource.
To include the latest version, add yum install -y aws-cfn-bootstrap
to the UserData
.
JSON
UserData
property using the Fn::Join
intrinsic
function.
{ "UserData": { "Fn::Base64": { "Fn::Join": [ "", [ "#!/bin/bash -xe\n", "", "yum install -y aws-cfn-bootstrap", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref": "AWS::StackName" }, " --resource WebServerInstance ", " --configsets InstallAndRun ", " --region ", { "Ref": "AWS::Region" }, "\n" ] ] } } }
YAML
UserData
property using the Fn::Join
intrinsic
function.
UserData: !Base64 'Fn::Join': - '' - - | #!/bin/bash -xe - '' - yum install -y aws-cfn-bootstrap - '/opt/aws/bin/cfn-init -v ' - ' --stack ' - !Ref 'AWS::StackName' - ' --resource WebServerInstance ' - ' --configsets InstallAndRun ' - ' --region ' - !Ref 'AWS::Region' - |+
JSON
UserData
property using the Fn::Sub
intrinsic
function.
{ "UserData": { "Fn::Base64": { "Fn::Sub": [ "#!/bin/bash -x\n# Install the files and packages from the metadata\n/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource MyInstance --region ${AWS::Region}\n\n# Signal the status from cfn-init\n/opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource MyInstance --region ${AWS::Region}\n", {} ] } } }
YAML
UserData
property using the Fn::Sub
intrinsic
function.
UserData: !Base64 'Fn::Sub': - > #!/bin/bash -x # Install the files and packages from the metadata /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource MyInstance --region ${AWS::Region} # Signal the status from cfn-init /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource MyInstance --region ${AWS::Region} - {}
Related resources
You can also visit our GitHub repository to download sample templates that
use cfn-init
, including the following templates.
For Windows templates, see Working with Microsoft Windows stack templates in the AWS CloudFormation User Guide.