Metadata

AWS EC2 Instance Automated Startup – Metadata & Userdata – Certification

~ Last updated on : ~ jayendrapatil ~ 4 Comments

EC2 Instance Metadata & Userdata

  • Instance metadata and user data can be used for Self Configuration allowing EC2 instance answer the question Who am I ? What should I do ?
  • Instance metadata and user data can be accessed from within the instance itself
  • Data is not protected by cryptographic methods. Anyone who can access the instance can view its metadata and should not be used to any store sensitive data, such as passwords, as user data.
  • Both the metadata and user data is available from the IP address 169.254.169.254 and has the latest as well as previous versions available
  • Metadata and User data can be retrieved using simple curl or GET command and these requests are not billed

Instance Metadata

  • Instance metadata is data about the Instance and allows you to get answers to the Who am I?
  • Instance metadata is divided into two categories
    • Instance metadata
      • includes metadata about the instance such as instance id, ami id, hostname, ip address, role etc
      • Can be accessed from http://169.254.169.254/latest/meta-data/
    • Dynamic data
      • is generated when the instances are launched such as instance identity documents, instance monitoring etc
      • Can be accessed from http://169.254.169.254/latest/dynamic/
  • Instance metadata can be used for managing and configuring instances

User Data

  • User data can be used for bootstrapping EC2 instance and helps answer the What should I do?
  • User data is supplied when launching a EC2 instance and executed at boot time
  • User data can be in the form of parameters or user defined script executed when the instance is launched for e.g. perform software patch updates, load and update the application from an S3 bucket etc
  • User data can be used to build more generic AMIs which can then be configured at launch time dynamically
  • User data can be retrieved from http://169.254.169.254/latest/user-data
  • User data is executed only at the launch of the instance.
  • If you stop an instance, modify the user data, and start the instance, the new user data is not executed automatically.
  • User data is treated as opaque data and returned as is.
  • User data is limited to 16 KB. This limit applies to the data in raw form, not base64-encoded form.
  • User data must be base64-encoded before being submitted to the API. The EC2 command line tools perform the base64 encoding for you. The data is decoded before being presented to the instance.

Cloud-Init & EC2Config

  • Cloud-Init and EC2Config provides the ability to parse the user-data script on the instance and run the instructions
  • Cloud-Init
    • Amazon Linux AMI supports Cloud-Init, which is an open source application built by Canonical.
    • Cloud-Init is installed on Amazon Linux, Ubuntu and RHEL AMIs
    • Cloud-Init enables using the EC2 UserData parameter to specify actions to run on the instance at boot time
    • User data is executed on first boot using Cloud-Init if the user data begins with #!
  • EC2Config
    • EC2Config is installed on Windows Server AMIs
    • User data is executed on first boot using Cloud-Init (technically EC2Config parses the instructions) if the user data begins with <script> or <powershell>
    • EC2Config service is started when the instance is booted. It performs tasks during initial instance startup (once) and each time you stop and start the instance.
    • It can also perform tasks on demand. Some of these tasks are enabled automatically, while others must be enabled manually.
    • EC2Config uses settings files to control its operation
    • EC2Config service runs Sysprep, a Microsoft tool that enables you to create a customized Windows AMI that can be reused.
    • When EC2Config calls Sysprep, it uses the settings files in EC2ConfigService\Settings to determine which operations to perform.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?
    1. Query the local instance metadata
    2. Query the appropriate Amazon CloudWatch metric.
    3. Query the local instance userdata.
    4. Use ipconfig or ifconfig command.
  2. The base URI for all requests for instance metadata is ___________
    1. http://254.169.169.254/latest/
    2. http://169.169.254.254/latest/
    3. http://127.0.0.1/latest/
    4. http://169.254.169.254/latest/
  3. Which Amazon Elastic Compute Cloud feature can you query from within the instance to access instance properties?
    1. Instance user data
    2. Resource tags
    3. Instance metadata
    4. Amazon Machine Image
  4. You need to pass a custom script to new Amazon Linux instances created in your Auto Scaling group. Which feature allows you to accomplish this?
    1. User data
    2. EC2Config service
    3. IAM roles
    4. AWS Config
  5. By default, when an EBS volume is attached to a Windows instance, it may show up as any drive letter on the instance. You can change the settings of the _____ Service to set the drive letters of the EBS volumes per your specifications.
    1. EBSConfig Service
    2. AMIConfig Service
    3. EC2Config Service
    4. Ec2-AMIConfig Service
  6. How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?
    1. Query the appropriate Amazon CloudWatch metric.
    2. Use ipconfig or ifconfig command.
    3. Query the local instance userdata.
    4. Query the local instance metadata.