close

Endpoint Security Firewall Policy Failed

cat /etc/cfn/cfn-hup.com

If everything looks present and correct we can conclude that our metadata components have been successfully created and the cause of the wait condition timeout must be elsewhere.

It’s worth mentioning how metadata operations can fail. An example could be yum not having access to a repo or permissions on an S3 bucket that are too restrictive to allow access.

6. Go back to the userdata script. Let’s send it again to stdout and work through each command manually.

The first command is our cfn-init which installs the metadata. We have already confirmed that our metadata is present and correct so we can rule this command out.

/opt/aws/bin/cfn-init -s script -r ScriptInstance  --region ap-northeast-1

The next command is our local puppet apply which uses the modules that we pulled down from s3 in our metadata section. Check to see the puppet modules have been installed and if they haven’t you can manually run the puppet apply command and see where the error is. Perhaps it is timing out?

/usr/bin/puppet apply --modulepath=/var/tmp/puppet/modules /var/tmp/puppet/manifests/custom-scripts.pp

The script then starts the cfn-hup daemon which reads the config file we created in our metadata section. Is the daemon running? If not then run the command manually and see what’s gone wrong.

/opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup'

  

endpoint security eset     endpoint security companies

TAGS

CATEGORIES