Windows AWS EC2 Instance User Data PowerShell do not load Powershell Modules for System Account level

Question

I have created a PowerShell script to run in the user data of an AWS Windows instance. If I manually execute the script as Administrator, it runs successfully and does work.

But when I send the script in user data (during instance creation) it throws an exception. This happens during the installation of the module from System Account

PowerShell Version on EC2 Windows 2012 R2 = v4.0

 Cannot bind argument to parameter 'Path' because it is an empty string.


2017-04-10T18:24:25.004Z: Ec2HandleUserData: Message: Executing C:Windowssystem32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy unrestricted . 'C:\Program Files\Amazon\Ec2ConfigService\Scripts\UserScript.ps1' from System account
2017-04-10T18:24:25.006Z: Ec2HandleUserData: Message: Executing User Data with PID: 1084
2017-04-10T18:24:34.639Z: Ec2HandleUserData: Message: ExitCode of User Data with PID: 1084 is 1
2017-04-10T18:24:34.642Z: Ec2HandleUserData: Message: The errors from user scripts: iex : Cannot bind argument to parameter 'Path' because it is an empty string.
At C: Program Files Amazon Ec2ConfigService Scripts UserScript.ps1:5 char:79
+  (new-object Net.WebClient).DownloadString("http://psget.net/GetPsGet.ps1") 
| ie ...
+                                                                              
 ~~
    + CategoryInfo          : InvalidData: (:) [Invoke-Expression], ParameterB 
   indingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAl 
   lowed,Microsoft.PowerShell.Commands.InvokeExpressionCommand


2017-04-10T18:24:34.642Z: Ec2HandleUserData: Message: The output from user scripts: 
2017-04-10T18:24:34.642Z: Background plugin complete: Ec2HandleUserData

Work Around /Solution : This is more of PsGet Module issue, not EC2 issue

https://github.com/psget/psget/issues/208

At System Account level PsGet Module was setting Path InCorrectly. As of now I have Modified PsGet.ps1 to read my custom path $env:PSModulePath, and it works with no issues.

PsGet.Ps1 Line 1615 Comment the line #Add-PathToPSModulePath -PathToAdd:$Destination -PersistEnvironment:$PersistEnvironment -Global:$Global

Added : [Environment]::SetEnvironmentVariable("PSModulePath", ";C:{DirectoryIwantModulesToBe}\\Modules", "Machine")

It works , at System Account level with no Issues

Thanks Alex for help.

Answer 1

I would advice to use specific paths. The userdata block executes under the windows system account and as such it doesn't have a profile directory nor a temp path. For example [System.IO.Path]::GetTempFileName() fails when executing with this user.

This is the same when code-deploy packages execute.

If you have to work often with AWS-EC2 then it's best to try to replicate the environment as much as possible locally because an EC2 takes minimum 6 minutes to launch and that can be a major slow down in your troubleshooting efforts. For this reason, I've decided to setup a vagrant box with the matching operating system and on that box I execute/test what I need. When things get tough and I'm suspicious of the System user's special characteristics, I use psexec to launch my processes. This is a good starting point How to: become the LOCAL SYSTEM account with PsExec