无法将现有 CloudFormation 模板的元数据 (AWS::CloudFormation::Init) 部分迁移到 AWS CDK
Can't migrate Metadata (AWS::CloudFormation::Init) section of existing CloudFormation template into AWS CDK
我正在使用 AWS CDK 设置 ADFS EC2 实例。
我在文档中找不到任何关于元数据的可理解信息。
我尝试了 cdk-dasm 工具对其进行逆向工程,但它遗漏了元数据部分。
如何在 AWS::CloudFormation::Init 下添加部分?
我正在引用 aws-quickstart 存储库:
以下是我要转换的部分,如有任何帮助,我们将不胜感激!
DomainController1:
Type: AWS::EC2::Instance
Metadata:
AWS::CloudFormation::Init:
configSets:
config:
- setup
- rename
- installADDS
- configureSites
- installADCS
- finalize
setup:
files:
c:\cfn\cfn-hup.conf:
content:
Fn::Join:
- ''
- - "[main]\n"
- stack=
- Ref: AWS::StackName
- "\n"
- region=
- Ref: AWS::Region
- "\n"
c:\cfn\hooks.d\cfn-auto-reloader.conf:
content:
Fn::Join:
- ''
- - "[cfn-auto-reloader-hook]\n"
- 'triggers=post.update\n'
- 'path=Resources.DomainController1.Metadata.AWS::CloudFormation::Init\n'
- 'action=cfn-init.exe -v -c config -s '
- Ref: AWS::StackId
- " -r DomainController1"
- " --region "
- Ref: AWS::Region
- "\n"
c:\cfn\scripts\Set-StaticIP.ps1:
content:
Fn::Join:
- ''
- - "$netip = Get-NetIPConfiguration;"
- "$ipconfig = Get-NetIPAddress | ?{$_.IpAddress -eq $netip.IPv4Address.IpAddress};"
- Get-NetAdapter | Set-NetIPInterface -DHCP Disabled;
- Get-NetAdapter | New-NetIPAddress -AddressFamily IPv4 -IPAddress
$netip.IPv4Address.IpAddress -PrefixLength $ipconfig.PrefixLength
-DefaultGateway $netip.IPv4DefaultGateway.NextHop;
- Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses $netip.DNSServer.ServerAddresses;
- "\n"
c:\cfn\scripts\bootstrap.ps1:
content:
Fn::Join:
- ''
- - "Import-Module GroupPolicy"
- "\n"
- 'try{ Invoke-WebRequest https://s3-us-gov-west-1.amazonaws.com/vocera-boxes-ic5vda9lly/open/DefaultDomainPolicy.zip -OutFile c:\DefaultDomainPolicy.zip'
- "\n"
- 'powershell.exe -command c:\cfn\scripts\Unzip-Archive.ps1 -Source "c:\DefaultDomainPolicy.zip" -Destination "C:\" }'
- "\n"
- 'catch {}'
- "\n"
- 'import-gpo -BackupGpoName "Default Domain Policy" -TargetName "Default Domain Policy" -path C:\DefaultDomainPolicy'
- "\n"
- 'gpupdate /force'
- "\n"
c:\cfn\scripts\cis_changes.ps1:
source: https://url.com/cis_changes.ps1
'c:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml':
source: https://url.com/cis_config.xml
c:\cfn\scripts\ConvertTo-EnterpriseAdmin.ps1:
source: https://url.com/ConvertTo-EnterpriseAdmin.ps1
c:\cfn\scripts\New-CertificateAuthority.ps1:
source: https://url.com/New-CertificateAuthority.ps1
c:\cfn\modules\xAdcsDeployment_0.1.0.0.zip:
source: https://url.com/xAdcsDeployment_0.1.0.0.zip
c:\cfn\scripts\Unzip-Archive.ps1:
source: https://url.com/Unzip-Archive.ps1
services:
windows:
cfn-hup:
enabled: 'true'
ensureRunning: 'true'
files:
- c:\cfn\cfn-hup.conf
- c:\cfn\hooks.d\cfn-auto-reloader.conf
commands:
a-allow-hostname-update:
command:
Fn::Join:
- ''
- - powershell.exe -Command c:\cfn\scripts\cis_changes.ps1
waitAfterCompletion: '45'
a-disable-win-fw:
command:
Fn::Join:
- ''
- - powershell.exe -Command "Get-NetFirewallProfile | Set-NetFirewallProfile
-Enabled False"
waitAfterCompletion: '0'
b-set-execution-policy:
command: powershell.exe -command Set-ExecutionPolicy RemoteSigned -Force
waitAfterCompletion: '0'
c-unpack-dsc-resource:
command: powershell.exe -command c:\cfn\scripts\Unzip-Archive.ps1 -Source
c:\cfn\modules\xAdcsDeployment_0.1.0.0.zip -Destination 'C:\Program
Files\WindowsPowerShell\Modules'
waitAfterCompletion: '0'
rename:
commands:
a-set-static-ip:
command:
Fn::Join:
- ''
- - powershell.exe -ExecutionPolicy RemoteSigned -Command c:\cfn\scripts\Set-StaticIP.ps1
waitAfterCompletion: '45'
b-execute-powershell-script-RenameComputer:
command:
Fn::Join:
- ''
- - 'powershell.exe Rename-Computer -NewName '
- 'DC1'
- " -Restart"
waitAfterCompletion: forever
installADDS:
commands:
1-install-prereqs:
command:
Fn::Join:
- ''
- - powershell.exe -Command "Install-WindowsFeature AD-Domain-Services,
rsat-adds -IncludeAllSubFeature"
waitAfterCompletion: '0'
2-install-adds:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command '
- "\"Install-ADDSForest -DomainName "
- Ref: DomainDNSName
- " "
- "-SafeModeAdministratorPassword (ConvertTo-SecureString "
- "'"
- Ref: VcaADPassword
- "'"
- " -AsPlainText -Force) "
- "-DomainMode Win2012R2 "
- "-DomainNetbiosName "
- Ref: DomainNetBIOSName
- " "
- "-ForestMode Win2012R2 "
- "-Confirm:$false "
- -Force"
waitAfterCompletion: forever
3-restart-service:
command:
Fn::Join:
- ''
- - powershell.exe -Command Restart-Service NetLogon -EA 0
waitAfterCompletion: '30'
4-create-adminuser:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command '
- "\"New-ADUser "
- "-Name "
- Ref: ADUSER
- " "
- "-UserPrincipalName "
- Ref: ADUSER
- "@"
- Ref: DomainDNSName
- " "
- "-AccountPassword (ConvertTo-SecureString "
- "'"
- Ref: VcaADPassword
- "'"
- " -AsPlainText -Force) "
- "-Enabled $true "
- -PasswordNeverExpires $true"
waitAfterCompletion: '0'
5-update-adminuser:
command:
Fn::Join:
- ''
- - 'powershell.exe -ExecutionPolicy RemoteSigned -Command c:\cfn\scripts\ConvertTo-EnterpriseAdmin.ps1
-Members '
- Ref: ADUSER
waitAfterCompletion: '0'
configureSites:
commands:
a-rename-default-site:
command:
Fn::Join:
- ''
- - 'powershell.exe '
- "\""
- Get-ADObject -SearchBase (Get-ADRootDSE).ConfigurationNamingContext
-filter {Name -eq 'Default-First-Site-Name'} | Rename-ADObject -NewName
AZ1
- "\""
waitAfterCompletion: '0'
b-create-site-2:
command:
Fn::Join:
- ''
- - powershell.exe New-ADReplicationSite AZ2
waitAfterCompletion: '0'
c-create-publicsubnet-1:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.209.0/24
- " -Site AZ1"
waitAfterCompletion: '0'
d-create-publicsubnet-2:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.210.0/24
- " -Site AZ2"
waitAfterCompletion: '0'
e-create-privatesubnet-1:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.212.0/24
- " -Site AZ1"
waitAfterCompletion: '0'
f-create-privatesubnet-2:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.213.0/24
- " -Site AZ2"
waitAfterCompletion: '0'
g-set-site-link:
command:
Fn::Join:
- ''
- - powershell.exe -Command "
- Get-ADReplicationSiteLink -Filter * | Set-ADReplicationSiteLink
-SitesIncluded @{add='AZ2'} -ReplicationFrequencyInMinutes 15"
waitAfterCompletion: '0'
installADCS:
commands:
a-install-ca:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command c:\cfn\scripts\New-CertificateAuthority.ps1
-Username '
- Ref: ADUSER
- " -Password "
- "'"
- Ref: ADPassword
- "'"
- " -DomainDNSName "
- Ref: DomainDNSName
waitAfterCompletion: '0'
b-update-gpo:
command: powershell.exe -command c:\cfn\scripts\bootstrap.ps1
waitAfterCompletion: '0'
Properties:
DisableApiTermination: False
ImageId:
Fn::FindInMap:
- AmiMap
- Ref: AWS::Region
- win2012r2
InstanceType: t2.large
IamInstanceProfile:
Ref: ADProfile
SubnetId: subnet-11111111
Tags:
- Key: Name
Value:
Fn::Join: [ "_", [ "ee" , Ref: EnvironmentType,"AD","1" ] ]
-
Key: "Product"
Value:
Ref: Product
-
Key: "Environment"
Value:
Ref: EnvironmentType
-
Key: "Role"
Value:
Ref: Role
BlockDeviceMappings:
- DeviceName: "/dev/sda1"
Ebs:
VolumeSize: '150'
VolumeType: gp2
SecurityGroupIds:
- Ref: DomainControllerSG
- sg-0000
PrivateIpAddress:
Ref: Server1PrivateIP
KeyName:
Ref: SSHkeyPair
UserData:
Fn::Base64:
Fn::Join:
- ''
- - "<script>\n"
- 'cfn-init.exe -v -c config -s '
- Ref: AWS::StackId
- " -r DomainController1"
- " --region "
- Ref: AWS::Region
- "\n"
- "</script>\n"
您可以通过访问底层节点将元数据添加到 CDK 构造。
const instance = new ec2.Instance(this, "MyInstance", {...});
instance.node.addMetadata("key", "value");
这是 ConstructNode.addMetadata
的文档
要附加已合成并附加到资源的元数据,您需要将其添加为显式覆盖。 .addMetadata
方法仅添加未合成的内部 CDK 元数据。
例如:
instance.addOverride('Metadata.AWS::CloudFormation::Init', {
config: {
files: {
'/root/run-iperf.sh': {
content: runIperfScript,
mode: '000755',
owner: 'root',
group: 'root'
}
}
}
});
我正在使用 AWS CDK 设置 ADFS EC2 实例。
我在文档中找不到任何关于元数据的可理解信息。
我尝试了 cdk-dasm 工具对其进行逆向工程,但它遗漏了元数据部分。
如何在 AWS::CloudFormation::Init 下添加部分?
我正在引用 aws-quickstart 存储库:
以下是我要转换的部分,如有任何帮助,我们将不胜感激!
DomainController1:
Type: AWS::EC2::Instance
Metadata:
AWS::CloudFormation::Init:
configSets:
config:
- setup
- rename
- installADDS
- configureSites
- installADCS
- finalize
setup:
files:
c:\cfn\cfn-hup.conf:
content:
Fn::Join:
- ''
- - "[main]\n"
- stack=
- Ref: AWS::StackName
- "\n"
- region=
- Ref: AWS::Region
- "\n"
c:\cfn\hooks.d\cfn-auto-reloader.conf:
content:
Fn::Join:
- ''
- - "[cfn-auto-reloader-hook]\n"
- 'triggers=post.update\n'
- 'path=Resources.DomainController1.Metadata.AWS::CloudFormation::Init\n'
- 'action=cfn-init.exe -v -c config -s '
- Ref: AWS::StackId
- " -r DomainController1"
- " --region "
- Ref: AWS::Region
- "\n"
c:\cfn\scripts\Set-StaticIP.ps1:
content:
Fn::Join:
- ''
- - "$netip = Get-NetIPConfiguration;"
- "$ipconfig = Get-NetIPAddress | ?{$_.IpAddress -eq $netip.IPv4Address.IpAddress};"
- Get-NetAdapter | Set-NetIPInterface -DHCP Disabled;
- Get-NetAdapter | New-NetIPAddress -AddressFamily IPv4 -IPAddress
$netip.IPv4Address.IpAddress -PrefixLength $ipconfig.PrefixLength
-DefaultGateway $netip.IPv4DefaultGateway.NextHop;
- Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses $netip.DNSServer.ServerAddresses;
- "\n"
c:\cfn\scripts\bootstrap.ps1:
content:
Fn::Join:
- ''
- - "Import-Module GroupPolicy"
- "\n"
- 'try{ Invoke-WebRequest https://s3-us-gov-west-1.amazonaws.com/vocera-boxes-ic5vda9lly/open/DefaultDomainPolicy.zip -OutFile c:\DefaultDomainPolicy.zip'
- "\n"
- 'powershell.exe -command c:\cfn\scripts\Unzip-Archive.ps1 -Source "c:\DefaultDomainPolicy.zip" -Destination "C:\" }'
- "\n"
- 'catch {}'
- "\n"
- 'import-gpo -BackupGpoName "Default Domain Policy" -TargetName "Default Domain Policy" -path C:\DefaultDomainPolicy'
- "\n"
- 'gpupdate /force'
- "\n"
c:\cfn\scripts\cis_changes.ps1:
source: https://url.com/cis_changes.ps1
'c:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml':
source: https://url.com/cis_config.xml
c:\cfn\scripts\ConvertTo-EnterpriseAdmin.ps1:
source: https://url.com/ConvertTo-EnterpriseAdmin.ps1
c:\cfn\scripts\New-CertificateAuthority.ps1:
source: https://url.com/New-CertificateAuthority.ps1
c:\cfn\modules\xAdcsDeployment_0.1.0.0.zip:
source: https://url.com/xAdcsDeployment_0.1.0.0.zip
c:\cfn\scripts\Unzip-Archive.ps1:
source: https://url.com/Unzip-Archive.ps1
services:
windows:
cfn-hup:
enabled: 'true'
ensureRunning: 'true'
files:
- c:\cfn\cfn-hup.conf
- c:\cfn\hooks.d\cfn-auto-reloader.conf
commands:
a-allow-hostname-update:
command:
Fn::Join:
- ''
- - powershell.exe -Command c:\cfn\scripts\cis_changes.ps1
waitAfterCompletion: '45'
a-disable-win-fw:
command:
Fn::Join:
- ''
- - powershell.exe -Command "Get-NetFirewallProfile | Set-NetFirewallProfile
-Enabled False"
waitAfterCompletion: '0'
b-set-execution-policy:
command: powershell.exe -command Set-ExecutionPolicy RemoteSigned -Force
waitAfterCompletion: '0'
c-unpack-dsc-resource:
command: powershell.exe -command c:\cfn\scripts\Unzip-Archive.ps1 -Source
c:\cfn\modules\xAdcsDeployment_0.1.0.0.zip -Destination 'C:\Program
Files\WindowsPowerShell\Modules'
waitAfterCompletion: '0'
rename:
commands:
a-set-static-ip:
command:
Fn::Join:
- ''
- - powershell.exe -ExecutionPolicy RemoteSigned -Command c:\cfn\scripts\Set-StaticIP.ps1
waitAfterCompletion: '45'
b-execute-powershell-script-RenameComputer:
command:
Fn::Join:
- ''
- - 'powershell.exe Rename-Computer -NewName '
- 'DC1'
- " -Restart"
waitAfterCompletion: forever
installADDS:
commands:
1-install-prereqs:
command:
Fn::Join:
- ''
- - powershell.exe -Command "Install-WindowsFeature AD-Domain-Services,
rsat-adds -IncludeAllSubFeature"
waitAfterCompletion: '0'
2-install-adds:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command '
- "\"Install-ADDSForest -DomainName "
- Ref: DomainDNSName
- " "
- "-SafeModeAdministratorPassword (ConvertTo-SecureString "
- "'"
- Ref: VcaADPassword
- "'"
- " -AsPlainText -Force) "
- "-DomainMode Win2012R2 "
- "-DomainNetbiosName "
- Ref: DomainNetBIOSName
- " "
- "-ForestMode Win2012R2 "
- "-Confirm:$false "
- -Force"
waitAfterCompletion: forever
3-restart-service:
command:
Fn::Join:
- ''
- - powershell.exe -Command Restart-Service NetLogon -EA 0
waitAfterCompletion: '30'
4-create-adminuser:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command '
- "\"New-ADUser "
- "-Name "
- Ref: ADUSER
- " "
- "-UserPrincipalName "
- Ref: ADUSER
- "@"
- Ref: DomainDNSName
- " "
- "-AccountPassword (ConvertTo-SecureString "
- "'"
- Ref: VcaADPassword
- "'"
- " -AsPlainText -Force) "
- "-Enabled $true "
- -PasswordNeverExpires $true"
waitAfterCompletion: '0'
5-update-adminuser:
command:
Fn::Join:
- ''
- - 'powershell.exe -ExecutionPolicy RemoteSigned -Command c:\cfn\scripts\ConvertTo-EnterpriseAdmin.ps1
-Members '
- Ref: ADUSER
waitAfterCompletion: '0'
configureSites:
commands:
a-rename-default-site:
command:
Fn::Join:
- ''
- - 'powershell.exe '
- "\""
- Get-ADObject -SearchBase (Get-ADRootDSE).ConfigurationNamingContext
-filter {Name -eq 'Default-First-Site-Name'} | Rename-ADObject -NewName
AZ1
- "\""
waitAfterCompletion: '0'
b-create-site-2:
command:
Fn::Join:
- ''
- - powershell.exe New-ADReplicationSite AZ2
waitAfterCompletion: '0'
c-create-publicsubnet-1:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.209.0/24
- " -Site AZ1"
waitAfterCompletion: '0'
d-create-publicsubnet-2:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.210.0/24
- " -Site AZ2"
waitAfterCompletion: '0'
e-create-privatesubnet-1:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.212.0/24
- " -Site AZ1"
waitAfterCompletion: '0'
f-create-privatesubnet-2:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command New-ADReplicationSubnet -Name '
- 172.30.213.0/24
- " -Site AZ2"
waitAfterCompletion: '0'
g-set-site-link:
command:
Fn::Join:
- ''
- - powershell.exe -Command "
- Get-ADReplicationSiteLink -Filter * | Set-ADReplicationSiteLink
-SitesIncluded @{add='AZ2'} -ReplicationFrequencyInMinutes 15"
waitAfterCompletion: '0'
installADCS:
commands:
a-install-ca:
command:
Fn::Join:
- ''
- - 'powershell.exe -Command c:\cfn\scripts\New-CertificateAuthority.ps1
-Username '
- Ref: ADUSER
- " -Password "
- "'"
- Ref: ADPassword
- "'"
- " -DomainDNSName "
- Ref: DomainDNSName
waitAfterCompletion: '0'
b-update-gpo:
command: powershell.exe -command c:\cfn\scripts\bootstrap.ps1
waitAfterCompletion: '0'
Properties:
DisableApiTermination: False
ImageId:
Fn::FindInMap:
- AmiMap
- Ref: AWS::Region
- win2012r2
InstanceType: t2.large
IamInstanceProfile:
Ref: ADProfile
SubnetId: subnet-11111111
Tags:
- Key: Name
Value:
Fn::Join: [ "_", [ "ee" , Ref: EnvironmentType,"AD","1" ] ]
-
Key: "Product"
Value:
Ref: Product
-
Key: "Environment"
Value:
Ref: EnvironmentType
-
Key: "Role"
Value:
Ref: Role
BlockDeviceMappings:
- DeviceName: "/dev/sda1"
Ebs:
VolumeSize: '150'
VolumeType: gp2
SecurityGroupIds:
- Ref: DomainControllerSG
- sg-0000
PrivateIpAddress:
Ref: Server1PrivateIP
KeyName:
Ref: SSHkeyPair
UserData:
Fn::Base64:
Fn::Join:
- ''
- - "<script>\n"
- 'cfn-init.exe -v -c config -s '
- Ref: AWS::StackId
- " -r DomainController1"
- " --region "
- Ref: AWS::Region
- "\n"
- "</script>\n"
您可以通过访问底层节点将元数据添加到 CDK 构造。
const instance = new ec2.Instance(this, "MyInstance", {...});
instance.node.addMetadata("key", "value");
这是 ConstructNode.addMetadata
要附加已合成并附加到资源的元数据,您需要将其添加为显式覆盖。 .addMetadata
方法仅添加未合成的内部 CDK 元数据。
例如:
instance.addOverride('Metadata.AWS::CloudFormation::Init', {
config: {
files: {
'/root/run-iperf.sh': {
content: runIperfScript,
mode: '000755',
owner: 'root',
group: 'root'
}
}
}
});