无法检索 AWS EC2 中的默认 Windows 管理员密码
Nic*_*las 5 amazon-ec2 amazon-web-services aws-cloudformation aws-sdk
我正在构建一个 AWS CloudFormation 自动化文档,该文档为我创建自定义 Windows 2016 AMI。
\n\n如果我基于此 AMI 启动 EC2 实例,我将无法检索密码。
\n\n
\n
\n\n\n密码尚不可用。启动实例后,请等待至少 4 分钟,然后再尝试检索自动生成的密码。
\n\n注意:密码是在启动 Amazon Windows AMI 或已配置为启用此功能的自定义 AMI 期间生成的。\n 从未启用此功能的自定义 AMI 启动的实例使用 AMI 的用户名和密码\xe2 \x80\x99s 父实例。
\n
AWS 系统日志中也没有显示任何内容:\n
CloudFormation 模板如下所示:
\n\nAWSTemplateFormatVersion: "2010-09-09"\nDescription: "SSM Automation Document"\nParameters:\n SubnetId:\n Description: "ID of subnet to use for launching EC2 instance"\n Type: "AWS::EC2::Subnet::Id"\n KeyPairName:\n Description: "Name of EC2 key pair for logging in to the instance"\n Type: "String"\n SecurityGroupIds:\n Description: "The IDs of security groups that are permitted access to EC2 instance"\n Type: "List<AWS::EC2::SecurityGroup::Id>"\nOutputs:\n AmiAutomationDocumentName:\n Value: !Ref "AmiAutomationDoc"\nResources:\n AutomationRole:\n Type: "AWS::IAM::Role"\n Properties:\n Path: "/"\n AssumeRolePolicyDocument:\n Statement:\n - Action:\n - "sts:AssumeRole"\n Effect: "Allow"\n Principal:\n Service:\n - "ec2.amazonaws.com"\n - "ssm.amazonaws.com"\n Version: "2012-10-17"\n Policies:\n - PolicyName: "PassRole"\n PolicyDocument:\n Version: "2012-10-17"\n Statement:\n - Action:\n - "iam:PassRole"\n Effect: "Allow"\n Resource: "*"\n ManagedPolicyArns:\n - "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole"\n InstanceProfileRole:\n Type: "AWS::IAM::Role"\n Properties:\n Path: "/"\n AssumeRolePolicyDocument:\n Statement:\n - Action:\n - "sts:AssumeRole"\n Effect: "Allow"\n Principal:\n Service:\n - "ec2.amazonaws.com"\n - "ssm.amazonaws.com"\n Version: "2012-10-17"\n Policies:\n - PolicyName: "PassRole"\n PolicyDocument:\n Version: "2012-10-17"\n Statement:\n - Action:\n - "iam:PassRole"\n Effect: "Allow"\n Resource: "*"\n ManagedPolicyArns:\n - "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"\n InstanceProfile:\n Properties:\n Path: "/"\n Roles:\n - !Ref "InstanceProfileRole"\n Type: "AWS::IAM::InstanceProfile"\n AmiAutomationDoc:\n Type: "AWS::SSM::Document"\n Properties:\n DocumentType: "Automation"\n Content: \n schemaVersion: "0.3"\n description: "Create a new AMI"\n parameters:\n SourceAmiId:\n type: "String"\n description: "AMI to patch"\n TargetAmiName:\n type: "String"\n description: "Name of new AMI"\n default: "NewAMI_{{ global:DATE_TIME }}_{{ SourceAmiId }}"\n assumeRole: !GetAtt "AutomationRole.Arn"\n mainSteps:\n - name: "startInstance"\n action: "aws:runInstances"\n timeoutSeconds: 360\n maxAttempts: 1\n onFailure: "Abort"\n inputs:\n ImageId: "{{ SourceAmiId }}"\n InstanceType: "t2.micro"\n IamInstanceProfileArn: !GetAtt "InstanceProfile.Arn"\n KeyName: !Ref "KeyPairName"\n SecurityGroupIds: !Ref "SecurityGroupIds"\n SubnetId: !Ref "SubnetId"\n MinInstanceCount: 1\n MaxInstanceCount: 1\n - name: "stopInstance"\n action: "aws:changeInstanceState"\n maxAttempts: 1\n onFailure: "Continue"\n inputs:\n InstanceIds:\n - "{{ startInstance.InstanceIds }}"\n DesiredState: "stopped"\n - name: "createImage"\n action: "aws:createImage"\n maxAttempts: 1\n onFailure: "Continue"\n inputs:\n InstanceId: "{{ startInstance.InstanceIds }}"\n ImageName: "{{ TargetAmiName }}"\n ImageDescription: "AMI based on base image {{ SourceAmiId }}"\n outputs:\n - createImage.ImageId\n - startInstance.InstanceIds\nWindows 2016 引入了新的 Powershell 脚本。这些需要在构建 AMI 时进行安排。
为了完成这个添加:
- name: "installServices"
action: "aws:runCommand"
maxAttempts: 1
onFailure: "Abort"
inputs:
DocumentName: !Ref "InstallServicesCommand"
InstanceIds:
- "{{ startInstance.InstanceIds }}"
进而:
InstallServicesCommand:
Type: "AWS::SSM::Document"
Properties:
DocumentType: "Command"
Content:
schemaVersion: "1.2"
description: "Install base services"
runtimeConfig:
aws:runPowerShellScript:
properties:
- runCommand:
- C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule
- C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\SendWindowsIsReady.ps1 -Schedule
| 归档时间: |
|
| 查看次数: |
11377 次 |
| 最近记录: |