AWS::CloudFormation::Init how does it work?

Question

We can use AWS::CloudFormation::Init to execute commands and upload files after starting an instance. But does anybody know what are the internals of this operation (from Amazon's side)?

When we pass a template in, at what point are the files or commands transmitted to the VM? Is this is a Xen feature (through special pipe), or via the network?

"Resources": {
  "MyInstance": {
    "Type": "AWS::EC2::Instance",
    "Metadata" : {
      "AWS::CloudFormation::Init" : {
        "config" : {
          "packages" : {
            :
          },
          "sources" : {
            :
          },
          "commands" : {
            :
          },
          "files" : {
            :
          },
          "services" : {
            :
          },
          "users" : {
            :
          },
          "groups" : {
            :
          }
        }
      }
    },
    "Properties": {
      :
    }
  }
}

Answer 1

Creating a AWS::CloudFormation::Init resource as metadata to an EC2 instance does not cause the instance to do anything by itself.

For the instance to actually perform all the operations specified in that resource, it must run the cfn-init command line tool. On Amazon EC2 AMIs that command is already installed at /opt/aws/bin/cfn-init. The command takes several options, including the name of the AWS::CloudFormation::Init resource, the name of the EC2 server resource, and the region you are running in. You also need to provide AWS security credentials.

If you'd like this to run automatically when you create a new instance (I sure did) you'll have to use the EC2 instance's UserData to create a shell script that the instance will run on first boot, and put the cfn-init command in it.

I've written about this specific issue in my blog recently.