0
我正在構建一個爲我創建自定義Windows 2016 AMI的AWS CloudFormation自動化文檔。無法檢索AWS EC2中的默認Windows管理員密碼
如果我啓動一個基於AMI的EC2實例,我無法檢索密碼。
密碼尚未公佈。在嘗試檢索自動生成的 密碼之前,請在 啓動實例之後至少等待4分鐘。
注意:密碼是在啓動亞馬遜Windows AMI 或已配置爲啓用此功能的自定義AMI期間生成的。 未啓用此功能的自定義AMI啓動的實例使用 AMI父級實例的用戶名和密碼。
的CloudFormation模板看起來是這樣的:
AWSTemplateFormatVersion: "2010-09-09"
Description: "SSM Automation Document"
Parameters:
SubnetId:
Description: "ID of subnet to use for launching EC2 instance"
Type: "AWS::EC2::Subnet::Id"
KeyPairName:
Description: "Name of EC2 key pair for logging in to the instance"
Type: "String"
SecurityGroupIds:
Description: "The IDs of security groups that are permitted access to EC2 instance"
Type: "List<AWS::EC2::SecurityGroup::Id>"
Outputs:
AmiAutomationDocumentName:
Value: !Ref "AmiAutomationDoc"
Resources:
AutomationRole:
Type: "AWS::IAM::Role"
Properties:
Path: "/"
AssumeRolePolicyDocument:
Statement:
- Action:
- "sts:AssumeRole"
Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
- "ssm.amazonaws.com"
Version: "2012-10-17"
Policies:
- PolicyName: "PassRole"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "iam:PassRole"
Effect: "Allow"
Resource: "*"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole"
InstanceProfileRole:
Type: "AWS::IAM::Role"
Properties:
Path: "/"
AssumeRolePolicyDocument:
Statement:
- Action:
- "sts:AssumeRole"
Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
- "ssm.amazonaws.com"
Version: "2012-10-17"
Policies:
- PolicyName: "PassRole"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "iam:PassRole"
Effect: "Allow"
Resource: "*"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
InstanceProfile:
Properties:
Path: "/"
Roles:
- !Ref "InstanceProfileRole"
Type: "AWS::IAM::InstanceProfile"
AmiAutomationDoc:
Type: "AWS::SSM::Document"
Properties:
DocumentType: "Automation"
Content:
schemaVersion: "0.3"
description: "Create a new AMI"
parameters:
SourceAmiId:
type: "String"
description: "AMI to patch"
TargetAmiName:
type: "String"
description: "Name of new AMI"
default: "NewAMI_{{ global:DATE_TIME }}_{{ SourceAmiId }}"
assumeRole: !GetAtt "AutomationRole.Arn"
mainSteps:
- name: "startInstance"
action: "aws:runInstances"
timeoutSeconds: 360
maxAttempts: 1
onFailure: "Abort"
inputs:
ImageId: "{{ SourceAmiId }}"
InstanceType: "t2.micro"
IamInstanceProfileArn: !GetAtt "InstanceProfile.Arn"
KeyName: !Ref "KeyPairName"
SecurityGroupIds: !Ref "SecurityGroupIds"
SubnetId: !Ref "SubnetId"
MinInstanceCount: 1
MaxInstanceCount: 1
- name: "stopInstance"
action: "aws:changeInstanceState"
maxAttempts: 1
onFailure: "Continue"
inputs:
InstanceIds:
- "{{ startInstance.InstanceIds }}"
DesiredState: "stopped"
- name: "createImage"
action: "aws:createImage"
maxAttempts: 1
onFailure: "Continue"
inputs:
InstanceId: "{{ startInstance.InstanceIds }}"
ImageName: "{{ TargetAmiName }}"
ImageDescription: "AMI based on base image {{ SourceAmiId }}"
outputs:
- createImage.ImageId
- startInstance.InstanceIds