Is there a way to confirm user_data ran successfully with Terraform for EC2?

问题

I'm wondering if it's possible to know when the script in user data executes completely?

data "template_file" "script" {
  template = file("${path.module}/installing.sh")
}

data "template_cloudinit_config" "config" {
  gzip          = false
  base64_encode = false

  # Main cloud-config configuration file.
  part {
    filename     = "install.sh"
    content      = "${data.template_file.script.rendered}"
  }
}

resource "aws_instance" "web" {
  ami           = "ami-04e7b4117bb0488e4"
  instance_type = "t2.micro"
  key_name = "KEY"
  vpc_security_group_ids = [aws_default_security_group.default.id]
  subnet_id = aws_default_subnet.default_az1.id
  associate_public_ip_address = true
  iam_instance_profile = "Role_S3"
  user_data = data.template_cloudinit_config.config.rendered
  tags = {
    Name = "Terraform-Ansible"
  }
}

And in the content of the script I have this. It tells me Terraform successfully apply the changes, but the script is still running, is there a way I can monitor that?

#!/usr/bin/env bash
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
echo BEGIN
sudo apt update
sudo apt upgrade -y
sudo apt install -y unzip
echo END

回答1:

No, You can not confirm the user data status from the terraform, as it posts launching script that executes once EC2 instance launched. But you will need some extra effort on init script that one way to check.

How to check User Data status while launching the instance in aws

If you do something that is mentioned above to make some marker file once user data completed, then you can try this to check.

resource "null_resource" "user_data_status_check" {

  provisioner "local-exec" {
    on_failure  = "fail"
    interpreter = ["/bin/bash", "-c"]
    command     = <<EOT
          echo -e "\x1B[31m wait for few minute for instance warm up, adjust accordingly \x1B[0m"
          # wait 30 sec 
          sleep 30
          ssh -i yourkey.pem instance_ip ConnectTimeout=30  -o 'ConnectionAttempts 5' test -f "/home/user/markerfile.txt" && echo found || echo not found
          if [ $? -eq 0 ]; then
          echo "user data sucessfully executed"
          else
            echo "Failed to execute user data"
          fi
     EOT
  }
    triggers = {
    #remove this once you test it out as it should run only once
    always_run ="${timestamp()}"

  }
  depends_on = ["aws_instance.my_instance"]
  
}

so this script will check marker file on the newly launch server by doing ssh with timeout 30 seconds with max attempts 5.

来源：https://stackoverflow.com/questions/62723894/is-there-a-way-to-confirm-user-data-ran-successfully-with-terraform-for-ec2