Ref: https://learn.cantrill.io/courses/1820301/lectures/41301595

• Summary
• Contents:

Bootstrapping Concepts

• 🔧 Bootstrapping (system automation) = process which allows a system to self-configure
  • 💡 Link to bootstrap etymology
• EC2 bootstrapping = running configuration scripts when an instance is launched
  • EC2 build automation → bring instance to pre-configured state
    • e.g. SW installation, post-installation configurations…
  • Enabled via EC2 User Data (via Instance Metadata Endpoint)
  • ❗ Unlike launching a pre-baked instance, configuration happens AFTER launch!

EC2 User Data

• 🔧 Block of data that customer can pass to an EC2 instance
  • Mainly used for bootstrapping EC2 instances
• Accessed via Metadata Endpoint: http://169.254.169.254/latest/user-data
• Executed by instance OS after instance launches
  • ‼️ User Data is executed ONLY ONCE, and at LAUNCH TIME!!
    • ❗ Updating User Data and restarting the instance will NOT execute it again!!
    • To execute User Data again, instance must be relaunched (create a new instance)
    • 💡 If you hear the term “**first launch“ (**of an EC2 instance), that's a pleonasm (like “free gift”, or “fall down”) → there is no such thing as a “second launch”, “third launch”, etc. If you launch an AMI or LC/LT more than once, you're creating multiple different instances. Relaunching an instance means creating a new instance.
• ❗ Opaque to EC2
  • OS needs to understand the User Data in order to execute it, but…
  • …NO interpretation NOR validation by EC2 (it's just a block of data) → be careful!
    • OS runs User Data as root user without checking anything
• ❗ NOT secure
  • Anyone who can access the OS can also access User Data
  • Don't use for passing passwords or long-term credentials (ideally)
• Limited to 16kB in size
  • 💡 for anything larger, pass a script that downloads larger data from somewhere else
• Can be modified when instance is stopped
  • Can be accessed after launch if desired…
  • …but will NOT be executed again! (unless you relaunch the instance)
  • 💡 Possible to pass data to an existing instance, but there's better ways to do that

EC2 Bootstrapping - Architecture

Diagram: https://github.com/acantril/aws-sa-associate-saac03/blob/main/1100-ADVANCED_EC2/00_LEARNINGAIDS/EC2Bootstrapping-1.png

1. EC2 instance is launched and a boot volume is attached to it