As more and more of my CloudFormation (CF) stacks use a base image and CloudFormation::Init magic, it’s become imperative to have an AMI that has the helper scripts (cfn-signal, cfn-init, etc.) built-in. This isn’t a problem if you use the Amazon Linux AMI, but if you’re playing with things like immutable infrastructure or baking your own custom AMIs for CIS hardening or some other regulatory requirement, it can become a big issue quickly. There’s a little documentation out there on installing the CF helper scripts (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-helper-scripts-reference.html) but the installation process is not quite so straightforward as one would hope.
The solution to this issue varies depending on your OS. I’ve had no issue with Windows AMIs because the Ec2Config service takes care of everything, but in CentOS and RHEL, there are a few extra steps. I’ll break them down by OS. Note that you may need to search for updated version of things like epel-release to make sure it matches your OS or you’re using the most current version.
This was relatively painless, thanks to the contents of the
cloudformation-examples bucket being publicly visible. The latest version of the helper-scripts requires some Python elements/versions that are a pain to set up, but you can use an older version of the helper scripts without any issues. As of CentOS 6.8, you can (more…)
I was having trouble getting a Windows CloudFormation stack that leveraged CloudFormation::Init (cfn-init) to work properly. All I found in the cfn-init.log file was a repeating error that looked like this:
Traceback (most recent call last):
File “cfnbootstrap\util.pyc”, line 159, in _retry
File “cfnbootstrap\util.pyc”, line 231, in _timeout
ConnectionError: (‘Connection aborted.’, error(10060, ‘A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond’))
2016-03-24 20:13:40,355 [DEBUG] Sleeping for 0.873665 seconds before retrying
I ran through some google searches but came back with surprising few hits on this error. Everything regarding the syntax of the stack was clean. It passed all checks, came back as valid, etc.. But I got this error every time I deployed the stack. The culprit? Internet connectivity. The stack referenced a file to download and was unable to do so thanks to some strict Network ACLs. I had seen this issue once before when a NAT instance in the VPC was stopped. The lesson: check your internet connectivity when dealing with this error.
A while ago, I went through the setup here ( http://lg.io/2015/07/05/revised-and-much-faster-run-your-own-highend-cloud-gaming-service-on-ec2.html ) to build a gaming machine in AWS and loved the result. A lot cheaper to run one in the cloud than to shell out loads of cash for a new one and a great write-up.
The downside, although it was a one-time downside, was going through many of the settings to create the AMI that I needed and to tighten security a bit the way I needed. Also, the article was written with a Mac client in mind and I run Windows.
So, with my Windows experience and with all the AWS work I’ve been doing lately, I put together a CloudFormation template to automate many of the steps. If you’re looking (more…)