[英]aws lambda to create different init script on different ec2 machine
I have a lambda function to launch windows EC2 instance with below user data and gather instance details from environment variables.我有一个 lambda function 来启动具有以下用户数据的 windows EC2 实例,并从环境变量中收集实例详细信息。
#!/usr/bin/python
# -*- coding: utf-8 -*-
import os
import boto3
AMI = os.environ["AMI"]
INSTANCE_TYPE = os.environ["INSTANCE_TYPE"]
KEY_NAME = os.environ["KEY_NAME"]
SUBNET_ID = os.environ["SUBNET_ID"]
REGION = os.environ["REGION"]
ec2 = boto3.client("ec2", region_name=REGION)
def lambda_handler(event, context):
init_script = '''<powershell>$USERNAME="latchu"
$PASSWORD="eM2An@ydxk"
net user /add $USERNAME $PASSWORD</powershell>'''
instance = ec2.run_instances(
ImageId=AMI,
InstanceType=INSTANCE_TYPE,
KeyName=KEY_NAME,
SubnetId=SUBNET_ID,
MaxCount=3,
MinCount=1,
InstanceInitiatedShutdownBehavior="terminate",
UserData=init_script,
)
Here, i have used simple init script to create one user with password on Windows Instance.在这里,我使用简单的初始化脚本在 Windows 实例上创建了一个密码用户。 But its very easy when i go with launch one instance.但是当我 go 启动一个实例时,它非常容易。 Some times, I should create more than 100 instance with different userdata which is creating user.有时,我应该使用创建用户的不同用户数据创建 100 多个实例。 I can simply create more than 100 instance using MaxCount in boto3.我可以在 boto3 中使用 MaxCount 简单地创建超过 100 个实例。
MaxCount=3
However, my case each Ec2 instance should have separate user credentials.但是,我的情况是每个 Ec2 实例都应该有单独的用户凭据。
So i would like to one lambda function to handle more than 100 instances with different userdata.所以我想要一个 lambda function 来处理 100 多个具有不同用户数据的实例。 How can i achieve?我怎样才能实现? Any help would be appreciated.任何帮助,将不胜感激。
There are essentially two different ways to achieve this.Either creating the user during bootstrap as you so, or doing it post-boot once the instance is up and running.基本上有两种不同的方法可以实现这一点。要么像您一样在引导期间创建用户,要么在实例启动并运行后在引导后创建用户。
MaxCount
and hardcoding the credentials in the init-script within the lambda handler you need to fully templatize it and in addition use a for loop and iterate over something.如果您想坚持使用第一种方法,而不是使用MaxCount
并在 lambda 处理程序中的初始化脚本中对凭据进行硬编码,则需要对其进行完全模板化,此外还需要使用 for 循环并迭代某些内容。 Now, based on where you want to have the same username but with a different password on those 100 instances:现在,根据您希望在这 100 个实例上使用相同用户名但使用不同密码的位置:You'll still need to create or pass the credentials somehow in this second post-bootstrap approach and in general you can use a mixture between the two options and either generate random strings to pass to the RunCommand (or even generate them locally on the instance within the powershell script) or poll for credential pre-created and stored in Parameter Store or Secrets Manager.在这第二种后引导方法中,您仍然需要以某种方式创建或传递凭据,通常您可以混合使用这两个选项,或者生成随机字符串以传递给 RunCommand(或者甚至在实例本地生成它们在 powershell 脚本中)或轮询预先创建并存储在 Parameter Store 或 Secrets Manager 中的凭证。
As suggested by John in the comments rather than creating local users you can go for Active Directory正如约翰在评论中所建议的,而不是创建本地用户,您可以为 Active Directory go
You can scrap credentials all together and use AWS Systems Manager Session Manager or even potentially tool like HashiCorp Boundary or similar.您可以一起废弃凭据并使用AWS Systems Manager Session Manager ,甚至可能使用 HashiCorp Boundary 或类似工具。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.