https://pulumi.com logo
Powered by
Title
s

sparse-caravan-37954

03/08/2023, 1:59 PM
Hello! Is there a way to create an EC2 instance and automatically pull and run an image from ECR? I tried by passing commands to 
user_data
, but it doesn't seem to work. 
# Create an EC2 instance
instance = aws.ec2.Instance(
    config.INSTANCE_NAME,
    instance_type=config.INSTANCE_TYPE,
    ami=config.AMI,
    key_name=config.KEY_NAME,
    vpc_security_group_ids=[security_group.id],
    user_data=f"""#!/bin/bash
            yum update -y
            amazon-linux-extras install docker
            service docker start
            usermod -a -G docker ec2-user
            chkconfig docker on
            docker login --username AWS --password $(aws ecr get-login-password --region {config.AWS_REGION})
            docker pull {image.image_uri}
            docker run -d -p 80:80 {image.image_uri} > /hello.txt"""
)
If I ssh into the instance and run those commands, I get an error with 
docker login --username AWS --password $(aws ecr get-login-password --region {config.AWS_REGION})
namely 
Unable to locate credentials. You can configure credentials by running "aws configure".
How make it working?
b

billowy-army-68599

03/08/2023, 2:32 PM
you’ll need to add an iam role that allows access to the ecr repo
s

sparse-caravan-37954

03/08/2023, 3:48 PM
Thanks! I am going to try
@billowy-army-68599 I was able to create the role. If I connect via ssh to my instance everything works. However if I use the 
user_data
option, it seems that it does not pull and run the image. Any idea about why, and how I can check where the execution gets blocked? 
commands_to_run = f"""#!/bin/bash
    cd /home/ec2-user
    sudo yum update -y
    sudo amazon-linux-extras install docker
    sudo systemctl start docker
    usermod -a -G docker ec2-user
    aws ecr get-login-password --region {config.AWS_REGION} | docker login --username AWS --password-stdin $(aws sts get-caller-identity --query "Account" --output text).dkr.ecr.{config.AWS_REGION}.<http://amazonaws.com|amazonaws.com>
    docker pull {image_uri}
    docker run -d {image_uri} > ./hello.txt"""

# Create an EC2 instance
instance = aws.ec2.Instance(
    config.INSTANCE_NAME,
    instance_type=config.INSTANCE_TYPE,
    ami=config.AMI,
    key_name=config.KEY_NAME,
    vpc_security_group_ids=[security_group.id],
    iam_instance_profile=instance_profile.name,
    user_data=commands_to_run
)
b

billowy-army-68599

03/08/2023, 11:58 PM
You should be able to see user data logs inside the instance, I’m not at a computer now but can send instructions tomorrow
s

sparse-caravan-37954

03/09/2023, 12:10 AM
I got it. Thanks
The problem is that the 
image_uri
variable is a pulumi Output and not a string, so when used in formatted strings in 
commands_to_run
gives 
docker pull Calling __str__ on an Output[T] is not supported.
      + To get the value of an Output[T] as an Output[str] consider:
      + 1. o.apply(lambda v: f"prefix{v}suffix")
      + See <https://pulumi.io/help/outputs> for more details.
      + This function may throw in a future version of Pulumi.
How can I use it as a string? Following the solution with apply does not work
b

billowy-army-68599

03/09/2023, 3:40 AM
Common problem, you need to use an apply
s

sparse-caravan-37954

03/09/2023, 7:50 AM
I tried, but it doesn't work
None of these worked. What am I doing wrong? 
stack_ref = pulumi.StackReference("/mtg-cv-ecr/dev")
image_uri = stack_ref.get_output("image_uri").apply(lambda v: f"{v}")
# image_uri = stack_ref.get_output("image_uri").apply(lambda v: v)
# image_uri = stack_ref.get_output("image_uri").apply(lambda v: str(v)")
All options do not give me errors, but I still get 
Calling __str__ on an Output[T] ...
instead of the string when I use 
image_uri
in the formatted string
SOLVED! 
def get_commands(uri):
    return f"""#!/bin/bash
        cd /home/ec2-user
        sudo yum update -y
        sudo amazon-linux-extras install docker
        sudo systemctl start docker
        usermod -a -G docker ec2-user
        sudo aws ecr get-login-password --region {params.AWS_REGION} | docker login --username AWS --password-stdin $(aws sts get-caller-identity --query "Account" --output text).dkr.ecr.{params.AWS_REGION}.<http://amazonaws.com|amazonaws.com>
        docker pull {uri}
        docker run -d {uri} > ./hello.txt"""

# Create an EC2 instance
instance = aws.ec2.Instance(
    params.INSTANCE_NAME,
    instance_type=params.INSTANCE_TYPE,
    ami=params.AMI,
    key_name=params.KEY_NAME,
    vpc_security_group_ids=[security_group.id],
    iam_instance_profile=instance_profile.name,
    user_data=image_uri.apply(lambda uri: get_commands(uri))
)
Thanks for your help
2 Views
#awsJoin Slack
Powered by