How to Implement CloudFormation Creation Policy on Ubuntu

--

Step-by-Step Implementation

The entire process is orchestrated within your CloudFormation template, primarily in the UserData and CreationPolicy sections of your EC2 instance resource.

The CloudFormation Template Structure

Here is a YAML example demonstrating how to structure your template.

AWSTemplateFormatVersion: '2010-09-09'

Resources:

  MyEC2Instance:

    Type: AWS::EC2::Instance

    # 1. Add the CreationPolicy Attribute

    CreationPolicy:

      ResourceSignal:

        Count: 1

        Timeout: PT15M # Wait for 15 minutes

    Properties:

      ImageId: ami-xxxxxxxxxxxxxxxxx # An Ubuntu AMI

      InstanceType: t2.micro

      # ... other properties like KeyName and SecurityGroupIds

      

      # 2. Add the UserData Script

      UserData:

        Fn::Base64: !Sub |

          #!/bin/bash -xe

          

          # Update instance and install Python pip

          apt-get update -y

          apt-get -y install python3-pip



          # Install CloudFormation helper scripts

          pip3 install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz

          

          # Create a symlink for cfn-signal

          ln -s /usr/local/bin/cfn-signal /usr/bin/cfn-signal



          # --- Your Configuration Script Goes Here ---

          # For example, install a web server

          apt-get -y install apache2

          systemctl start apache2

          systemctl enable apache2

          # -----------------------------------------



          # 3. Send the Signal to CloudFormation

          # The -e $? flag sends the exit code of the last command. 0 = SUCCESS.

          /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource MyEC2Instance --region ${AWS::Region}

Breakdown of the Template

1. The CreationPolicy Block:

   • We've instructed CloudFormation to wait for 1 success signal.

   • It will wait for a maximum of 15 minutes (PT15M). If no signal is received by then, it will fail the resource creation.

2. The UserData Script:

   • Helper Script Installation: The first few lines handle the installation of the aws-cfn-bootstrap package, which contains the cfn-signal script. This step is mandatory for non-Amazon Linux distributions like Ubuntu.

   • Your Configuration: This is where you place the commands for the tasks you need to complete (e.g., installing a web server, configuring an application, downloading data).

   • Sending the Signal: The final line is the most critical.

     • /usr/local/bin/cfn-signal: Executes the signal script.

     • -e $?: This sends the exit code of the last command that was run. In shell scripting, $? holds the exit status of the previously executed command. A status of 0 means success, while any non-zero value indicates failure. This is how you tell CloudFormation if your configuration succeeded.

     • --stack ${AWS::StackName}: A pseudo parameter that tells the script which stack to send the signal to.

     • --resource MyEC2Instance: Tells the script which logical resource within the stack to signal. This must match the name of your resource (MyEC2Instance in this case).

     • --region ${AWS::Region}: Another pseudo parameter specifying the region of the stack.

Expected Outcome

When you launch a stack with this template:

1. CloudFormation will provision the EC2 instance.

2. The instance will remain in the CREATE_IN_PROGRESS state.

3. The UserData script will run on the instance.

4. If all commands in the script succeed, the cfn-signal script will be called with an exit code of 0, sending a SUCCESS signal.

5. Upon receiving the success signal, CloudFormation will change the resource's status to CREATE_COMPLETE.

6. If any command in the UserData script fails, cfn-signal will send a FAILURE signal, and CloudFormation will mark the resource as CREATE_FAILED and roll back the stack.