Last active
April 20, 2020 03:47
-
-
Save cwgem/5898c7626ddfe50c46bb975597946a50 to your computer and use it in GitHub Desktop.
Sample SSM Doc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "schemaVersion":"0.3", | |
| "description":"Updates AMI with Linux distribution packages and Amazon software. For details,see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sysman-ami-walkthrough.html", | |
| "assumeRole":"{{AutomationAssumeRole}}", | |
| "parameters":{ | |
| "SourceAmiId":{ | |
| "type":"String", | |
| "description":"(Required) The source Amazon Machine Image ID.", | |
| "default":"ami-8b92b4ee" | |
| }, | |
| "EFSId":{ | |
| "type":"String", | |
| "description":"(Required) The ID of the EFS volume." | |
| }, | |
| "OsUser":{ | |
| "type":"String", | |
| "description":"(Required) The ID of the non-root user.", | |
| "default":"ubuntu" | |
| }, | |
| "EFSMount":{ | |
| "type":"String", | |
| "description":"(Required) The mount point for the EFS volume.", | |
| "default":"/mnt/efs" | |
| }, | |
| "InstanceIamRole":{ | |
| "type":"String", | |
| "description":"(Required) The name of the role that enables Systems Manager (SSM) to manage the instance.", | |
| "default": "ManagedInstanceProfile" | |
| }, | |
| "AutomationAssumeRole":{ | |
| "type":"String", | |
| "description":"(Required) The ARN of the role that allows Automation to perform the actions on your behalf.", | |
| "default":"arn:aws:iam::{{global:ACCOUNT_ID}}:role/AutomationServiceRole" | |
| }, | |
| "TargetAmiName":{ | |
| "type":"String", | |
| "description":"(Optional) The name of the new AMI that will be created. Default is a system-generated string including the source AMI id, and the creation time and date.", | |
| "default":"UpdateLinuxAmi_from_{{SourceAmiId}}_on_{{global:DATE_TIME}}" | |
| }, | |
| "InstanceType":{ | |
| "type":"String", | |
| "description":"(Optional) Type of instance to launch as the workspace host. Instance types vary by region. Default is t2.micro.", | |
| "default":"t2.micro" | |
| } | |
| }, | |
| "mainSteps":[ | |
| { | |
| "name":"launchInstance", | |
| "action":"aws:runInstances", | |
| "maxAttempts":3, | |
| "timeoutSeconds":300, | |
| "onFailure":"Abort", | |
| "inputs":{ | |
| "ImageId":"{{SourceAmiId}}", | |
| "InstanceType":"{{InstanceType}}", | |
| "UserData":"IyEvYmluL2Jhc2gNCg0KZnVuY3Rpb24gZ2V0X2NvbnRlbnRzKCkgew0KICAgIGlmIFsgLXggIiQod2hpY2ggY3VybCkiIF07IHRoZW4NCiAgICAgICAgY3VybCAtcyAtZiAiJDEiDQogICAgZWxpZiBbIC14ICIkKHdoaWNoIHdnZXQpIiBdOyB0aGVuDQogICAgICAgIHdnZXQgIiQxIiAtTyAtDQogICAgZWxzZQ0KICAgICAgICBkaWUgIk5vIGRvd25sb2FkIHV0aWxpdHkgKGN1cmwsIHdnZXQpIg0KICAgIGZpDQp9DQoNCnJlYWRvbmx5IElERU5USVRZX1VSTD0iaHR0cDovLzE2OS4yNTQuMTY5LjI1NC8yMDE2LTA2LTMwL2R5bmFtaWMvaW5zdGFuY2UtaWRlbnRpdHkvZG9jdW1lbnQvIg0KcmVhZG9ubHkgVFJVRV9SRUdJT049JChnZXRfY29udGVudHMgIiRJREVOVElUWV9VUkwiIHwgYXdrIC1GXCIgJy9yZWdpb24vIHsgcHJpbnQgJDQgfScpDQpyZWFkb25seSBERUZBVUxUX1JFR0lPTj0idXMtZWFzdC0xIg0KcmVhZG9ubHkgUkVHSU9OPSIke1RSVUVfUkVHSU9OOi0kREVGQVVMVF9SRUdJT059Ig0KDQpyZWFkb25seSBTQ1JJUFRfTkFNRT0iYXdzLWluc3RhbGwtc3NtLWFnZW50Ig0KIFNDUklQVF9VUkw9Imh0dHBzOi8vYXdzLXNzbS1kb3dubG9hZHMtJFJFR0lPTi5zMy5hbWF6b25hd3MuY29tL3NjcmlwdHMvJFNDUklQVF9OQU1FIg0KDQppZiBbICIkUkVHSU9OIiA9ICJjbi1ub3J0aC0xIiBdOyB0aGVuDQogIFNDUklQVF9VUkw9Imh0dHBzOi8vYXdzLXNzbS1kb3dubG9hZHMtJFJFR0lPTi5zMy5jbi1ub3J0aC0xLmFtYXpvbmF3cy5jb20uY24vc2NyaXB0cy8kU0NSSVBUX05BTUUiDQpmaQ0KDQppZiBbICIkUkVHSU9OIiA9ICJ1cy1nb3Ytd2VzdC0xIiBdOyB0aGVuDQogIFNDUklQVF9VUkw9Imh0dHBzOi8vYXdzLXNzbS1kb3dubG9hZHMtJFJFR0lPTi5zMy11cy1nb3Ytd2VzdC0xLmFtYXpvbmF3cy5jb20vc2NyaXB0cy8kU0NSSVBUX05BTUUiDQpmaQ0KDQpjZCAvdG1wDQpGSUxFX1NJWkU9MA0KTUFYX1JFVFJZX0NPVU5UPTMNClJFVFJZX0NPVU5UPTANCg0Kd2hpbGUgWyAkUkVUUllfQ09VTlQgLWx0ICRNQVhfUkVUUllfQ09VTlQgXSA7IGRvDQogIGVjaG8gQVdTLVVwZGF0ZUxpbnV4QW1pOiBEb3dubG9hZGluZyBzY3JpcHQgZnJvbSAkU0NSSVBUX1VSTA0KICBnZXRfY29udGVudHMgIiRTQ1JJUFRfVVJMIiA+ICIkU0NSSVBUX05BTUUiDQogIEZJTEVfU0laRT0kKGR1IC1rIC90bXAvJFNDUklQVF9OQU1FIHwgY3V0IC1mMSkNCiAgZWNobyBBV1MtVXBkYXRlTGludXhBbWk6IEZpbmlzaGVkIGRvd25sb2FkaW5nIHNjcmlwdCwgc2l6ZTogJEZJTEVfU0laRQ0KICBpZiBbICRGSUxFX1NJWkUgLWd0IDAgXTsgdGhlbg0KICAgIGJyZWFrDQogIGVsc2UNCiAgICBpZiBbWyAkUkVUUllfQ09VTlQgLWx0IE1BWF9SRVRSWV9DT1VOVCBdXTsgdGhlbg0KICAgICAgUkVUUllfQ09VTlQ9JCgoUkVUUllfQ09VTlQrMSkpOw0KICAgICAgZWNobyBBV1MtVXBkYXRlTGludXhBbWk6IEZpbGVTaXplIGlzIDAsIHJldHJ5Q291bnQ6ICRSRVRSWV9DT1VOVA0KICAgIGZpDQogIGZpIA0KZG9uZQ0KDQppZiBbICRGSUxFX1NJWkUgLWd0IDAgXTsgdGhlbg0KICBjaG1vZCAreCAiJFNDUklQVF9OQU1FIg0KICBlY2hvIEFXUy1VcGRhdGVMaW51eEFtaTogUnVubmluZyBVcGRhdGVTU01BZ2VudCBzY3JpcHQgbm93IC4uLi4NCiAgLi8iJFNDUklQVF9OQU1FIiAtLXJlZ2lvbiAiJFJFR0lPTiINCmVsc2UNCiAgZWNobyBBV1MtVXBkYXRlTGludXhBbWk6IFVuYWJsZSB0byBkb3dubG9hZCBzY3JpcHQsIHF1aXR0aW5nIC4uLi4NCmZp", | |
| "MinInstanceCount":1, | |
| "MaxInstanceCount":1, | |
| "IamInstanceProfileName":"{{InstanceIamRole}}" | |
| } | |
| }, | |
| { | |
| "name":"updateOSSoftware", | |
| "action":"aws:runCommand", | |
| "maxAttempts":3, | |
| "timeoutSeconds":3600, | |
| "onFailure":"Abort", | |
| "inputs":{ | |
| "DocumentName":"AWS-RunShellScript", | |
| "InstanceIds":[ | |
| "{{launchInstance.InstanceIds}}" | |
| ], | |
| "Parameters":{ | |
| "commands":[ | |
| "set -e", | |
| "export DEBIAN_FRONTEND=noninteractive", | |
| "apt-get update -y", | |
| "apt-get install -y cloud-init nfs-common" | |
| ] | |
| } | |
| } | |
| }, | |
| { | |
| "name":"efsSetup", | |
| "action":"aws:runCommand", | |
| "maxAttempts":3, | |
| "timeoutSeconds":300, | |
| "onFailure":"Abort", | |
| "inputs":{ | |
| "DocumentName":"AWS-RunShellScript", | |
| "InstanceIds":[ | |
| "{{launchInstance.InstanceIds}}" | |
| ], | |
| "Parameters":{ | |
| "commands":[ | |
| "mkdir {{EFSMount}}", | |
| "echo '{{EFSId}}.efs.{{global:REGION}}.amazonaws.com:/ {{EFSMount}} nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,_netdev 0 0' >> /etc/fstab" | |
| ] | |
| } | |
| } | |
| }, | |
| { | |
| "name":"setupPython", | |
| "action":"aws:runCommand", | |
| "maxAttempts":3, | |
| "timeoutSeconds":3600, | |
| "onFailure":"Abort", | |
| "inputs":{ | |
| "DocumentName":"AWS-RunShellScript", | |
| "InstanceIds":[ | |
| "{{launchInstance.InstanceIds}}" | |
| ], | |
| "Parameters":{ | |
| "commands":[ | |
| "set -e", | |
| "export DEBIAN_FRONTEND=noninteractive", | |
| "apt-get install -y build-essential python-pip python3-venv", | |
| "su {{OsUser}} -c 'python3 -m venv ~/venv-python3'", | |
| "pip install --upgrade pip" | |
| ] | |
| } | |
| } | |
| }, | |
| { | |
| "name":"setupAWS", | |
| "action":"aws:runCommand", | |
| "maxAttempts":3, | |
| "timeoutSeconds":3600, | |
| "onFailure":"Abort", | |
| "inputs":{ | |
| "DocumentName":"AWS-RunShellScript", | |
| "InstanceIds":[ | |
| "{{launchInstance.InstanceIds}}" | |
| ], | |
| "Parameters":{ | |
| "commands":[ | |
| "pip install awscli", | |
| "su {{OsUser}} -c 'aws configure set default.region {{global:REGION}}'" | |
| ] | |
| } | |
| } | |
| }, | |
| { | |
| "name":"asciidocInstall", | |
| "action":"aws:runCommand", | |
| "maxAttempts":3, | |
| "timeoutSeconds":3600, | |
| "onFailure":"Abort", | |
| "inputs":{ | |
| "DocumentName":"AWS-RunShellScript", | |
| "InstanceIds":[ | |
| "{{launchInstance.InstanceIds}}" | |
| ], | |
| "Parameters":{ | |
| "commands":[ | |
| "set -e", | |
| "export DEBIAN_FRONTEND=noninteractive", | |
| "apt-get install -y asciidoc", | |
| "pip install Pygments" | |
| ] | |
| } | |
| } | |
| }, | |
| { | |
| "name":"stopInstance", | |
| "action":"aws:changeInstanceState", | |
| "maxAttempts":3, | |
| "timeoutSeconds":1200, | |
| "onFailure":"Abort", | |
| "inputs":{ | |
| "InstanceIds":[ | |
| "{{launchInstance.InstanceIds}}" | |
| ], | |
| "DesiredState":"stopped" | |
| } | |
| }, | |
| { | |
| "name":"createImage", | |
| "action":"aws:createImage", | |
| "maxAttempts":3, | |
| "onFailure":"Abort", | |
| "inputs":{ | |
| "InstanceId":"{{launchInstance.InstanceIds}}", | |
| "ImageName":"{{TargetAmiName}}", | |
| "NoReboot":true, | |
| "ImageDescription":"AMI Generated by EC2 Automation on {{global:DATE_TIME}} from {{SourceAmiId}}" | |
| } | |
| }, | |
| { | |
| "name":"terminateInstance", | |
| "action":"aws:changeInstanceState", | |
| "maxAttempts":3, | |
| "onFailure":"Continue", | |
| "inputs":{ | |
| "InstanceIds":[ | |
| "{{launchInstance.InstanceIds}}" | |
| ], | |
| "DesiredState":"terminated" | |
| } | |
| } | |
| ], | |
| "outputs":[ | |
| "createImage.ImageId" | |
| ] | |
| } |
Author
Author
Updates:
- Broke out python setup into a separate section
- Made python setup a virtual environment for the non-privileged user
- Fixed aws CLI not installing due to copying and pasting the upgrade line because I hadn't had coffee (oops)
- Made the non-root user a parameter (though really this is a pretty ubuntu specific document
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a sample SSM doc for creating a custom AMI EC2 Systems Manager automation. Most of it was pulled from the already existing doc to do Linux AMI updates. Some features:
Before you run this, be sure to grab the Cloud Formation Template for the IAM roles. They're a bit annoying to setup up manually to be honest.