Userdata option under aws_workspaces_workspace

venetianvows · July 7, 2020, 4:51pm

Hi,
I was writing a tf file to bring up aws workspace and wanted to run a userdata script to install winrm in it. But the option user_data gave an error while running terraform plan. A sample of my tf code

resource "aws_workspaces_directory" "main" {
  directory_id = "<directory_id>"
}

data "aws_workspaces_bundle" "value_windows_10" {
  bundle_id = "<bundle_id>" # Value with Windows 10 (English)
}


resource "aws_workspaces_workspace" "john.doe" {
  directory_id = "<directory_id>"
  bundle_id = "${data.aws_workspaces_bundle.value_windows_10.id}"
  user_name = "john.doe"
  root_volume_encryption_enabled = true
  user_volume_encryption_enabled = true
  volume_encryption_key = "alias/aws/workspaces"

  tags = {
    Department = "test"
  }
}

  user_data = <<-EOF
              <script>
                  winrm quickconfig -q & winrm set winrm/config @{MaxTimeoutms="1800000"} & winrm set winrm/config/service @{AllowUnencrypted="true"} & winrm set winrm/config/service/auth @{Basic="true"}
                </script>
                <powershell>
                  netsh advfirewall firewall add rule name="WinRM in" protocol=TCP dir=in profile=any localport=5985 remoteip=any localip=any action=allow
                  netsh advfirewall set allprofiles state off
                  # Set Administrator password
                  $admin = [adsi]("WinNT://./administrator, user")
                  $admin.psbase.invoke("SetPassword", "pwd")
                  $META_URL="<meta_url>"
                  $subnet=$(curl -usebasicparsing $META_URL/network/interfaces/macs/$((curl -usebasicparsing $META_URL/network/interfaces/macs/).Content)/subnet-ipv4-cidr-block).Content
                  $local_ipv4s=$(curl -usebasicparsing $META_URL/network/interfaces/macs/$((curl -usebasicparsing $META_URL/network/interfaces/macs/).Content)/local-ipv4s).Content
                  $ip_segs=$local_ipv4s.split(".")
                  $hostname="N{0:D3}" -f [int]$ip_segs[2] + "-H" + "{0:D3}" -f [int]$ip_segs[3]
                  update-help
                  set-ExecutionPolicy -ExecutionPolicy unrestricted -Force
                  Install-windowsfeature -name AD-Domain-Services -IncludeManagementTools -IncludeAllSubFeature
                  rename-computer -NewName $hostname -Restart=False -Force
                </powershell>
              EOF
  connection {
    host = "${self.ip_address}"
    type = "winrm"
    user = "username"
    password = "pwd"
    insecure = "true"
    use_ntlm = "true"
  }
 
  provisioner "file" {
    source = "userdata.ps1"
    destination = "c:\\userdata.ps1"
  }
  provisioner "remote-exec" {
    inline = [
      "powershell c:\\userdata.ps1 "
    ]
  }

terraform plan error

terraform plan

Error: aws_workspaces_workspace.john.doe: : invalid or unknown key: user_data

I also see that host = "${self.ip_address}" self reference like this is giving an error. Are these options supported under aws_workspace? If not, then how do we connect to the workspace and run scripts remotely through terraform?

kth-xx · July 15, 2020, 1:00pm

I too would like to use user_data to install software on my AWS Workspaces instances, anyone successfully done this?

venetianvows · July 15, 2020, 5:47pm

After reading through more documentation, it looks like user_data seems to be available only with aws_instance resource - https://www.terraform.io/docs/providers/aws/r/instance.html It would be great if these options were also available with aws_workspaces_workspace too. For now, I am trying to see if provisioner "local-exec" will work to copy over my winrm setup script and run it via provisioner "remote-exec" option. Though this is not the most stable way to be setting up windows instances, am having to use them due to limited choices available with aws workspaces

niallwalsh · May 29, 2024, 3:32pm

Any update here? I am trying to run a script on Workspace startup also.

acwwat · May 29, 2024, 6:37pm

It seems that the options are to either use SSM run commands or create a custom image for subsequent deployment. There are Terraform resources for SSM.

niallwalsh · July 24, 2024, 8:23pm

Unfortunately using SSM run commands against the workspace requires an SSM agent to be running on the workspace, and have the Workspace register itself with SSM upon startup (so we have a chicken and egg problem; the script I’d like to run in user data would be the script that downloads SSM agent, sets it up and registers itself). I’m wondering could a script that runs on startup to complete this process be packaged up in a custom image?

acwwat · July 25, 2024, 2:16am

Some quick Googling yielded the following AWS blog post that describes a way to automate the workspace registration process with SSM. I suppose the elaborate setup is necessary for the automation. Step 5 suggests that you can have the script run on WorkSpaces launch and create a custom image. In theory you can use Terraform to set up most parts of the solution except maybe the custom image building part.

Topic		Replies	Views
No useful output from aws_instance user_data PowerShell Terraform	0	760	May 19, 2021
User_data and aws_launch_template AWS	3	5417	September 24, 2020
Userdata issue while creating EC2 instance AWS	2	3531	January 22, 2021
Problems with deploying aws workspaces with terraform AWS	1	556	May 17, 2023
Run multiple userdata scripts on EC2 instance \| AWS Terraform	4	10397	November 21, 2020

Userdata option under aws_workspaces_workspace

Related topics