cfn-signal

AWS CloudFormation Helper Scripts

~ Last updated on : ~ jayendrapatil

AWS CloudFormation Helper Scripts

  • AWS CloudFormation helper scripts can be used to install software and start services on an EC2 instance created as a part of the stack
  • CloudFormation Helper scripts aren’t executed by default and calls must be included in the template to execute specific helper scripts.
  • CloudFormation helper scripts are preinstalled on Amazon Linux AMI images.

cfn-init

  • cfn-init  can be used to retrieve and interpret resource metadata, install packages, create files, and start services.
  • cfn-init helper script reads template metadata from the AWS::CloudFormation::Init key and acts accordingly to:
    • Fetch and parse metadata from CloudFormation
    • Install packages
    • Write files to disk
    • Enable/disable and start/stop services

cfn-signal

  • cfn-signal can be used to signal with a CreationPolicy or WaitCondition, so you can synchronize other resources in the stack when the prerequisite resource or application is ready.
  • cfn-signal script is used in conjunction with a CreationPolicy or an Auto Scaling group with a WaitOnResourceSignals update policy.
  • When CloudFormation creates or updates resources with those policies, it suspends work on the stack until the resource receives the requisite number of signals or until the timeout period is exceeded.
  • For each valid signal that CloudFormation receives, CloudFormation publishes the signals to the stack events so that you track each signal.

Troubleshoot Failed to receive X resource signal(s) within the specified duration

  • cfn-signalscript isn’t installed on one or more instances of the AWS CloudFormation stack.
  • There are syntax errors or incorrect values in the AWS CloudFormation template
  • Value of the Timeout property for the CreationPolicy attribute is too low.
  • Check the logs /var/log/cloud-init.log and /var/log/cfn-init.log
  • Logs can be checked only if the instance is not terminated, by using Rollback on failure option of the AWS CloudFormation stack to No
  • cfn-signal isn’t sent from the EC2 instance.
  • Verify the instances have internet connectivity

cfn-get-metadata

  • cfn-get-metadata helper script helps to retrieve metadata for a resource or path to a specific key.
  • cfn-get-metadata helper script can be used to fetch a metadata block from CloudFormation and print it to standard out.
  • You can also print a sub-tree of the metadata block if you specify a key.
  • However, only top-level keys are supported.

cfn-hup

  • Use to check for updates to metadata and execute custom hooks when changes are detected.
  • cfn-hup helper is a daemon that detects changes in resource metadata and runs user-specified actions when a change is detected.
  • This allows you to make configuration updates on the running EC2 instances through the UpdateStack API action.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. Which of these is not a CloudFormation Helper Script?
    1. cfn-signal
    2. cfn-hup
    3. cfn-request (Refer link)
    4. cfn-get-metadata
  2. You are designing a CloudFormation template to create a set of EC2 Instance and install an application package. You need to ensure that the stack is only successful if the software package gets installed successfully. Which of the following would assign in achieving this requirement?
    1. Use the Change sets feature
    2. Use CloudWatch logs to signal the completion
    3. Use CloudTrail to signal the completion
    4. Use the cfn-signal helper script
  3. You are in charge of designing a CloudFormation template, which deploys a LAMP stack. After deploying a stack, you see that the status of the stack is showing as CREATE_COMPLETE, but the apache server is still not up and running and is experiencing issues while starting up. You want to ensure that the stack creation only shows the status of CREATE_COMPLETE after all resources defined in the stack are up and running. How can you achieve this? (Select TWO)
    1. Define a stack policy, which defines that all underlying resources should be up and running before showing a status of
      CREATE_COMPLETE.
    2. Use lifecycle hooks to mark the completion of the creation and configuration of the underlying resource.
    3. Use the CreationPolicy to ensure it is associated with the EC2 Instance resource.
    4. Use the cfn helper scripts to signal once the resource configuration is complete.

References

AWS_CloudFormation_Helper_Scripts