{Auto Scaling}チュートリアル: インスタンスメタデータを使用してターゲットライフサイクル状態を取得するようにユーザーデータを設定する

AWS

https://docs.aws.amazon.com/ja_jp/autoscaling/ec2/userguide/tutorial-lifecycle-hook-instance-metadata.html

-- 1. コマンド等のインストール

-- 1.1 aws cli version 2 インストール

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version

-- 1.2 jqインストール
sudo yum -y install jq

 

-- 2. IAMポリシー作成
vim policy01.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "autoscaling:CompleteLifecycleAction"
      ],
      "Resource": "arn:aws:autoscaling:*:999999999999:autoScalingGroup:*:autoScalingGroupName/asg01"
    }
  ]
}


aws iam create-policy \
--policy-name policy01 \
--policy-document file://policy01.json

-- 3. IAMロール作成
vim role01.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

aws iam create-role \
--role-name role01 \
--assume-role-policy-document file://role01.json

-- 4. ポリシーをロールにアタッチ
aws iam attach-role-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01 \
--role-name role01

 

-- 5. インスタンスプロファイルを作成
aws iam create-instance-profile --instance-profile-name profile01

aws iam list-instance-profiles | grep InstanceProfileName

 

-- 6. インスタンスプロファイルにロールを追加
aws iam add-role-to-instance-profile --instance-profile-name profile01 --role-name role01

aws iam list-instance-profiles-for-role --role-name role01

 

-- 7. 起動テンプレートの作成

ユーザデータのbase64-encoded textを取得

vim userdata.sh

--------

#!/bin/bash

function get_target_state {
    echo $(curl -s http://169.254.169.254/latest/meta-data/autoscaling/target-lifecycle-state)
}

function get_instance_id {
    echo $(curl -s http://169.254.169.254/latest/meta-data/instance-id)
}

function complete_lifecycle_action {
    instance_id=$(get_instance_id)
    group_name='asg01'
    region='ap-northeast-1'
 
    echo $instance_id
    echo $region
    echo $(aws autoscaling complete-lifecycle-action \
      --lifecycle-hook-name lh01 \
      --auto-scaling-group-name $group_name \
      --lifecycle-action-result CONTINUE \
      --instance-id $instance_id \
      --region $region)
}

function main {
    while true
    do
        target_state=$(get_target_state)
        if [ \"$target_state\" = \"InService\" ]; then
            # Change hostname
            export new_hostname="${group_name}-$instance_id"
            hostname $new_hostname
            # Send callback
            complete_lifecycle_action
        fi
        echo $target_state
        sleep 5
    done
}

main

--------
cat  userdata.sh | base64


vim a.json

{
  "IamInstanceProfile": {
    "Arn": "arn:aws:iam::999999999999:instance-profile/profile01"
  },
  "ImageId": "ami-02c3627b04781eada",
  "InstanceType": "t3.nano",
  "UserData": "IyEvYmluL2Jhc2gKCmZ1bmN0aW9uIGdldF90YXJnZXRfc3RhdGUgewogICAgZWNobyAkKGN1cmwgLXMgaHR0cDovLzE2OS4yNTQuMTY5LjI1NC9sYXRlc3QvbWV0YS1kYXRhL2F1dG9zY2FsaW5nL3RhcmdldC1saWZlY3ljbGUtc3RhdGUpCn0KCmZ1bmN0aW9uIGdldF9pbnN0YW5jZV9pZCB7CiAgICBlY2hvICQoY3VybCAtcyBodHRwOi8vMTY5LjI1NC4xNjkuMjU0L2xhdGVzdC9tZXRhLWRhdGEvaW5zdGFuY2UtaWQpCn0KCmZ1bmN0aW9uIGNvbXBsZXRlX2xpZmVjeWNsZV9hY3Rpb24gewogICAgaW5zdGFuY2VfaWQ9JChnZXRfaW5zdGFuY2VfaWQpCiAgICBncm91cF9uYW1lPSdhc2cwMScKICAgIHJlZ2lvbj0nYXAtbm9ydGhlYXN0LTEnCiAKICAgIGVjaG8gJGluc3RhbmNlX2lkCiAgICBlY2hvICRyZWdpb24KICAgIGVjaG8gJChhd3MgYXV0b3NjYWxpbmcgY29tcGxldGUtbGlmZWN5Y2xlLWFjdGlvbiBcCiAgICAgIC0tbGlmZWN5Y2xlLWhvb2stbmFtZSBsaDAxIFwKICAgICAgLS1hdXRvLXNjYWxpbmctZ3JvdXAtbmFtZSAkZ3JvdXBfbmFtZSBcCiAgICAgIC0tbGlmZWN5Y2xlLWFjdGlvbi1yZXN1bHQgQ09OVElOVUUgXAogICAgICAtLWluc3RhbmNlLWlkICRpbnN0YW5jZV9pZCBcCiAgICAgIC0tcmVnaW9uICRyZWdpb24pCn0KCmZ1bmN0aW9uIG1haW4gewogICAgd2hpbGUgdHJ1ZQogICAgZG8KICAgICAgICB0YXJnZXRfc3RhdGU9JChnZXRfdGFyZ2V0X3N0YXRlKQogICAgICAgIGlmIFsgXCIkdGFyZ2V0X3N0YXRlXCIgPSBcIkluU2VydmljZVwiIF07IHRoZW4KICAgICAgICAgICAgIyBDaGFuZ2UgaG9zdG5hbWUKICAgICAgICAgICAgZXhwb3J0IG5ld19ob3N0bmFtZT0iJHtncm91cF9uYW1lfS0kaW5zdGFuY2VfaWQiCiAgICAgICAgICAgIGhvc3RuYW1lICRuZXdfaG9zdG5hbWUKICAgICAgICAgICAgIyBTZW5kIGNhbGxiYWNrCiAgICAgICAgICAgIGNvbXBsZXRlX2xpZmVjeWNsZV9hY3Rpb24KICAgICAgICBmaQogICAgICAgIGVjaG8gJHRhcmdldF9zdGF0ZQogICAgICAgIHNsZWVwIDUKICAgIGRvbmUKfQoKbWFpbgo=",
  "SecurityGroupIds": ["sg-11111111111111111"]
}


aws ec2 create-launch-template \
--launch-template-name lt01 \
--launch-template-data file://a.json

 

aws ec2 describe-launch-templates


aws ec2 describe-launch-template-versions --launch-template-id lt-33333333333333333

 

-- 8. オートスケーリンググループの作成


aws autoscaling create-auto-scaling-group \
--auto-scaling-group-name asg01 \
--launch-template '{
                "LaunchTemplateName": "lt01",
                "Version": "$Default"
            }' \
--min-size 1 \
--max-size 1 \
--desired-capacity 1 \
--default-cooldown 300 \
--health-check-type "EC2" \
--health-check-grace-period 300 \
--vpc-zone-identifier "subnet-22222222222222222" \
--no-new-instances-protected-from-scale-in

 

 

aws autoscaling describe-auto-scaling-groups

 


-- 9. ライフサイクルフックを追加

aws autoscaling put-lifecycle-hook \
--lifecycle-hook-name lh01 \
--auto-scaling-group-name asg01 \
--lifecycle-transition "autoscaling:EC2_INSTANCE_LAUNCHING" \
--heartbeat-timeout 300 \
--default-result "ABANDON"

 

aws autoscaling describe-lifecycle-hooks \
--auto-scaling-group-name asg01

 

-- 10. 機能をテストして検証する


aws autoscaling describe-auto-scaling-groups

aws autoscaling update-auto-scaling-group \
--auto-scaling-group-name asg01 \
--max-size 2 \
--desired-capacity 2

 

-- 11. クリーンアップ

-- ライフサイクルフックの削除
aws autoscaling describe-lifecycle-hooks \
--auto-scaling-group-name asg01

 

aws autoscaling delete-lifecycle-hook \
--auto-scaling-group-name asg01 \
--lifecycle-hook-name lh01


-- オートスケーリンググループの削除

aws autoscaling describe-auto-scaling-groups


aws autoscaling delete-auto-scaling-group \
--auto-scaling-group-name asg01 --force-delete 

 


-- 起動テンプレートの削除

aws ec2 describe-launch-templates

aws ec2 delete-launch-template \
--launch-template-name lt01


-- インスタンスプロファイルの削除

aws iam remove-role-from-instance-profile --instance-profile-name profile01 --role-name role01


aws iam delete-instance-profile --instance-profile-name profile01

aws iam list-instance-profiles | grep InstanceProfileName

-- IAMロールの削除
aws iam list-roles | grep role01

aws iam detach-role-policy \
--role-name role01 \
--policy-arn arn:aws:iam::999999999999:policy/policy01

aws iam delete-role --role-name role01


-- IAMポリシーの削除
aws iam list-policies | grep policy01

aws iam delete-policy \
--policy-arn arn:aws:iam::999999999999:policy/policy01