search

wallix / awless

A Mighty CLI for AWS
http://awless.io/
Apache License 2.0
4.97k stars 263 forks source link

Pass in variables into userdata? #179

Open skloeckner-inc opened 6 years ago

skloeckner-inc commented 6 years ago

IE,

Can I pass variables into something I inject into user-data like I would a normal template?

awless run template.aws dbname=mydatabase dbpassword=securepassword

With the template like this:

# Create keypair and instance
keypair = create keypair name={keypairname}
create instance name=magento2-instance subnet=@magento2-subnet keypair=$keypair securitygroup=@magento-secgroup userdata=/some/script/here
attach securitygroup id=@ssh-whitelist instance=@magento2-instance

My understanding is that running the above only puts it in the rendered awless template, and not user data but I'm just not 100% sure. I would appreciate any confirmation people have or suggestions on how I would approach this.

I am looking at IAM roles but AWS documentation can be quite a rabbit hole and hoping I can just work with awless to solve this one issue of avoiding storing sensitive data anywhere but my own terminal. :)

fxaguessy commented 6 years ago

Hi,

Yes, this is something possible. First, you need to add variables in your template. These variables can be filled in with holes ({myhole}) in order to be prompted when executing the template.

In your example:

dbname = {dbname} # Create the variable dbname, that can be referenced with $dbname, its value will be filled in with the hole {dbname}
dbpassword = {dbpassword} # idem for dbpassword
# Create keypair and instance
keypair = create keypair name={keypairname}
create instance name=magento2-instance subnet=@magento2-subnet keypair=$keypair securitygroup=@magento-secgroup userdata=/some/script/here
attach securitygroup id=@ssh-whitelist instance=@magento2-instance

The value of variables created in the template will be accessible in the userdata script with {{.Variables.myvarname}} (using golang template format).

In your example:

##!/bin/bash
DBNAME="{{.Variables.dbname}}"
DBPASSWORD="{{.Variables.dbpassword}}"

echo $DBNAME

The, you can run the template, as wanted, with:

awless run template.aws dbname=mydatabase dbpassword=securepassword

If you want to see an example, have a look at this template and the related userdata script.

skloeckner-inc commented 6 years ago

Excellent, thanks for the explanation.

Looking at this portion:

##!/bin/bash
DBNAME="{{.Variables.dbname}}"
DBPASSWORD="{{.Variables.dbpassword}}"

echo $DBNAME

This "{{.Variables." portion looks very specific. I am assuming the way this is written, it's necessary for the variables to pass through to the user-data script. Is that correct?

fxaguessy commented 6 years ago

Yes, the format {{.Variables.dbnames}} is golang templating format, meaning "replace with the content of the dbnames variable in the Variables collection".

Indeed, this is necessary to pass the variables through the user-data script. At run time, what is inside {{ }} will be replaced with the string of the evaluated expression.