When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.If you are interested in more complex automation scenarios, consider using AWS CloudFormation and AWS OpsWorks.(中国不支持AWS OpsWorks)
Linux Shell
Scripts entered as user data are executed as the root user, so do not use the sudo command in the script. Remember that any files you create will be owned by root; if you need non-root users to have file access, you should modify the permissions accordingly in the script.
By default, user data and cloud-init directives only run during the first boot cycle when you launch an instance.If you stop an instance, modify the user data, and start the instance, the new user data is not executed automatically.
下面的例子使用user-data属性,Launch Instance时执行Shell脚本配置DNS,然后给Instance增加了Tag:
run_instance() {
# 根据配置文件创建EC2实例,创建时执行shell脚本,返回instance id
instance_id=$(aws ec2 run-instances --cli-input-json file://instance.json --user-data file://add_dns.sh --query ‘Instances[0].[InstanceId]‘ | grep -o -E "i-\w{17}")
echo "InstanceId: $instance_id"
# 为EC2添加tag
echo "Add tags: Name:$1, Category:$2"
aws ec2 create-tags --resources $instance_id --tags Key=Name,Value="$1" Key=Category,Value="$2"
run_instance "test" "test"
"DryRun": false,
"ImageId": "ami-4ec31723",
"KeyName": "Prod Key Pair",
"SecurityGroupIds": [
"InstanceType": "m3.large",
"Placement": {
"AvailabilityZone": "cn-north-1b",
"Tenancy": "default"
"Monitoring": {
"Enabled": false
"SubnetId": "subnet-6166bc16",
"DisableApiTermination": true,
"InstanceInitiatedShutdownBehavior": "stop",
"PrivateIpAddress": "",
"EbsOptimized": false
配置DNS Shell脚本add-dns.sh
# 将第六行替换为PEERDNS="no"
sed -i ‘6c PEERDNS="no"‘ $IFCFG
# 增加DNS
sed -i ‘$a DNS1=""‘ $IFCFG
sed -i ‘$a DNS1=""‘ $IFCFG
systemctl restart network
Windows Script
由Amazon Windows AMI创建EC2 Instance时会执行userdata;如要自定义AMI,在创建AMI前要先修改EC2Launch service或EC2Config service配置(从Windows Server 2016开始使用EC2Launch,之前使用EC2Config),才会执行userdata。
<script>dir > c:\test.log</script>
<powershell>Set-DnsClientServerAddress -InterfaceAlias "Ethernet 2" -ServerAddresses ("","")</powershell>
$OldObj = Get-DnsServerResourceRecord -Name "prod-db" -ZoneName "iata.com" -RRType "A"
$NewObj = $OldObj.Clone()
Set-DnsServerResourceRecord -NewInputObject $NewObj -OldInputObject $OldObj -ZoneName "asd.com" -PassThru
aws ec2 run-instances --image-id ami-2fb56342 --instance-type m3.large --user-data file://user_data.txt --subnet-id subnet-fbc42a3 --security-group-ids sg-fbc42a3 --key-name jason-test
