将参数调用到 CloudFormation Powershell 脚本中
Invoke Parameter into a CloudFormation Powershell script
可以将参数调用到 PowerShell 脚本中 运行 inside userdata?
我正在尝试分配密码、ADuser 和域,以便更改本地计算机名称并将服务器加入域。
我可以在创建堆栈时添加自己的输入,但我不知道如何使用用户数据中的信息,有没有可以使用的参考?
我可以使用用户数据中的所有信息来执行此操作,但我不想使用我们的域信息和凭据来保存堆栈。
"Parameters" : {
"VMName":{
"Description":"Name of the EC2 Windows instance",
"Type":"String"
},
"DomainUser":{
"Description":"Name of Service/User domain account to be used to join the EC2 instance into CX domain",
"Type" : "String",
"MinLength" : "3",
"MaxLength" : "25",
"AllowedPattern" : "[a-zA-Z0-9]+\..+"
},
"DomainCredential":{
"Description":"Password of the Service/User domain account to be used to join the EC2 instance into CX domain",
"Type" : "String",
"MinLength" : "8",
"MaxLength" : "32",
"AllowedPattern" : "(?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
"NoEcho" : "True"
},
"Resources" : {
"EC2InstanceOne":{
"Type":"AWS::EC2::Instance",
"DeletionPolicy" : "Retain",
"Properties":{
"InstanceType":{ "Ref" : "InstanceType" },
"SubnetId": { "Ref" : "MySubnetVM1" },
"SecurityGroupIds":[ { "Ref" : "SGUtilized" } ],
"SecurityGroupIds":[ { "Ref" : "SGUtilized2" } ],
"IamInstanceProfile" : { "Ref" : "RoleName" },
"KeyName": { "Ref" : "ServerKeyName" },
"ImageId":{ "Ref" : "AMIUtilized" },
"BlockDeviceMappings" : [
{
"DeviceName" : "/dev/sda1",
"Ebs" : {
"VolumeType" : "standard",
"DeleteOnTermination" : "false",
"VolumeSize" : "50"
}
}
],
"UserData" : { "Fn::Base64" : { "Fn::Join" : [ "", [
"<script>\n",
"PowerShell -Command \"& {$password = 'variable from parameter here' | ConvertTo-SecureString -asPlainText -Force ; $username = 'variable from parameter here'' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Rename-Computer -NewName 'variable from parameter here'' -DomainCredential $credential}\" \n",
"PowerShell -Command \"& {$domain='variable from parameter here';$password = 'variable from parameter here'' | ConvertTo-SecureString -asPlainText -Force ;$username = 'variable from parameter here'' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Add-Computer -DomainName $domain -Credential $credential}\" \n",
"PowerShell -Command \"& {Restart-Computer}\" \n",
"</script>"
]
]
}
}
}
谢谢,最诚挚的问候。
您可以这样使用 Fn::Sub:
{
"Fn::Sub":
"PowerShell -Command \"& {$domain=${VMName};$password = ${DomainCredential}' | ConvertTo-SecureString -asPlainText -Force ;$username = ${DomainUser}' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Add-Computer -DomainName $domain -Credential $credential}\" \n"
}
这是一个 yaml 示例:
UserData:
Fn::Base64:
!Sub |
echo ${ParamPassword} | tee - | passwd ec2-user
可以将参数调用到 PowerShell 脚本中 运行 inside userdata?
我正在尝试分配密码、ADuser 和域,以便更改本地计算机名称并将服务器加入域。
我可以在创建堆栈时添加自己的输入,但我不知道如何使用用户数据中的信息,有没有可以使用的参考?
我可以使用用户数据中的所有信息来执行此操作,但我不想使用我们的域信息和凭据来保存堆栈。
"Parameters" : {
"VMName":{
"Description":"Name of the EC2 Windows instance",
"Type":"String"
},
"DomainUser":{
"Description":"Name of Service/User domain account to be used to join the EC2 instance into CX domain",
"Type" : "String",
"MinLength" : "3",
"MaxLength" : "25",
"AllowedPattern" : "[a-zA-Z0-9]+\..+"
},
"DomainCredential":{
"Description":"Password of the Service/User domain account to be used to join the EC2 instance into CX domain",
"Type" : "String",
"MinLength" : "8",
"MaxLength" : "32",
"AllowedPattern" : "(?=^.{6,255}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
"NoEcho" : "True"
},
"Resources" : {
"EC2InstanceOne":{
"Type":"AWS::EC2::Instance",
"DeletionPolicy" : "Retain",
"Properties":{
"InstanceType":{ "Ref" : "InstanceType" },
"SubnetId": { "Ref" : "MySubnetVM1" },
"SecurityGroupIds":[ { "Ref" : "SGUtilized" } ],
"SecurityGroupIds":[ { "Ref" : "SGUtilized2" } ],
"IamInstanceProfile" : { "Ref" : "RoleName" },
"KeyName": { "Ref" : "ServerKeyName" },
"ImageId":{ "Ref" : "AMIUtilized" },
"BlockDeviceMappings" : [
{
"DeviceName" : "/dev/sda1",
"Ebs" : {
"VolumeType" : "standard",
"DeleteOnTermination" : "false",
"VolumeSize" : "50"
}
}
],
"UserData" : { "Fn::Base64" : { "Fn::Join" : [ "", [
"<script>\n",
"PowerShell -Command \"& {$password = 'variable from parameter here' | ConvertTo-SecureString -asPlainText -Force ; $username = 'variable from parameter here'' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Rename-Computer -NewName 'variable from parameter here'' -DomainCredential $credential}\" \n",
"PowerShell -Command \"& {$domain='variable from parameter here';$password = 'variable from parameter here'' | ConvertTo-SecureString -asPlainText -Force ;$username = 'variable from parameter here'' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Add-Computer -DomainName $domain -Credential $credential}\" \n",
"PowerShell -Command \"& {Restart-Computer}\" \n",
"</script>"
]
]
}
} }
谢谢,最诚挚的问候。
您可以这样使用 Fn::Sub:
{
"Fn::Sub":
"PowerShell -Command \"& {$domain=${VMName};$password = ${DomainCredential}' | ConvertTo-SecureString -asPlainText -Force ;$username = ${DomainUser}' ; $credential = New-Object System.Management.Automation.PSCredential($username,$password) ; Add-Computer -DomainName $domain -Credential $credential}\" \n"
}
这是一个 yaml 示例:
UserData:
Fn::Base64:
!Sub |
echo ${ParamPassword} | tee - | passwd ec2-user