EC2 インスタンスのユーザーデータの確認

マネジメントコンソールで EFS をマウントする EC2 インスタンスを作成すると、ユーザーデータを勝手に作ってくれるが、Terraform で作る場合には自分で書かなければいけないので、既存のインスタンスのユーザーデータを確認する方法のメモ。

$ aws ec2 describe-instance-attribute --attribute userData --instance-id i-0f2510be2315677bc | jq -r '.UserData.Value' | base64 --decode
#cloud-config
package_update: true
package_upgrade: true
runcmd:
- yum install -y amazon-efs-utils
- apt-get -y install amazon-efs-utils
- yum install -y nfs-utils
- apt-get -y install nfs-common
- file_system_id_1=fs-0a662024583f1a679
- efs_mount_point_1=/mnt/efs/fs1
- mkdir -p "${efs_mount_point_1}"
- test -f "/sbin/mount.efs" && printf "\n${file_system_id_1}:/ ${efs_mount_point_1} efs tls,_netdev\n" >> /etc/fstab || printf "\n${file_system_id_1}.efs.ap-northeast-1.amazonaws.com:/ ${efs_mount_point_1} nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,_netdev 0 0\n" >> /etc/fstab
- test -f "/sbin/mount.efs" && grep -ozP 'client-info]\nsource' '/etc/amazon/efs/efs-utils.conf'; if [[ $? == 1 ]]; then printf "\n[client-info]\nsource=liw\n" >> /etc/amazon/efs/efs-utils.conf; fi;
- retryCnt=15; waitTime=30; while true; do mount -a -t efs,nfs4 defaults; if [ $? = 0 ] || [ $retryCnt -lt 1 ]; then echo File system mounted successfully; break; fi; echo File system not available, retrying to mount.; ((retryCnt--)); sleep $waitTime; done;

なお、これをユーザーデータに入れる際には変数 ${hogehoge} 部分のエスケープが必要。変数を渡したいところもある。エスケープしたいところは $$ のようにする。

resource "aws_instance" "this" {
  ami                         = data.aws_ssm_parameter.this.value
  instance_type               = "t3.large"
  subnet_id                   = var.public_subnet_a_id
  vpc_security_group_ids      = [aws_security_group.this.id]
  key_name                    = var.key_name
  associate_public_ip_address = true
  iam_instance_profile        = aws_iam_instance_profile.this.id

  tags = {
    Name = "${var.app_name}-bastion"
  }

  user_data = <<EOF
#cloud-config
package_update: true
package_upgrade: true
runcmd:
- yum install -y amazon-efs-utils
- apt-get -y install amazon-efs-utils
- yum install -y nfs-utils
- apt-get -y install nfs-common
- file_system_id_1=${var.efs_file_system_id}
- efs_mount_point_1=/mnt/efs/fs1
- mkdir -p "$${efs_mount_point_1}"
- test -f "/sbin/mount.efs" && printf "\n$${file_system_id_1}:/ $${efs_mount_point_1} efs tls,_netdev\n" >> /etc/fstab || printf "\n$${file_system_id_1}.efs.ap-northeast-1.amazonaws.com:/ $${efs_mount_point_1} nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,_netdev 0 0\n" >> /etc/fstab
- test -f "/sbin/mount.efs" && grep -ozP 'client-info]\nsource' '/etc/amazon/efs/efs-utils.conf'; if [[ $? == 1 ]]; then printf "\n[client-info]\nsource=liw\n" >> /etc/amazon/efs/efs-utils.conf; fi;
- retryCnt=15; waitTime=30; while true; do mount -a -t efs,nfs4 defaults; if [ $? = 0 ] || [ $retryCnt -lt 1 ]; then echo File system mounted successfully; break; fi; echo File system not available, retrying to mount.; ((retryCnt--)); sleep $waitTime; done;
EOF
}