aws-ec2: Expose userDataCausesReplacement in BastionHostLinuxProps #31348
Description
Describe the bug
When creating a bastion host, I use the instance's userData to write approved public keys to .ssh/authorized_keys. However, when changing the list of authorized keys, it does not trigger the instance to be replaced, so the modification has no effect.
Regression Issue
- Select this option if this issue appears to be a regression.
Last Known Working CDK Version
No response
Expected Behavior
Changing userData would (optionally) cause the bastion host instance to be replaced.
Current Behavior
Changing userData has no effect on the bastion host instance.
Reproduction Steps
const vpc = new ec2.Vpc(this, 'Vpc', {
ipAddresses: ec2.IpAddresses.cidr('10.0.0.0/16')
});
const bastionHost = new BastionHostLinux(this, 'Bastion', {
vpc,
});
const sshKeys = ['foo', 'bar'];
bastionHost.instance.addUserData(
...sshKeys.map(key =>
`echo ${key} >> ~ec2-user/.ssh/authorized_keys`,
),
);- Deploy the bastion host
- Change the
sshKeyscollection - Deploy the bastion host
- Note that the bastion host is not replaced
- Check
.ssh/authorized_keysand see that the authorized keys have not been updated
Possible Solution
Exposing the userDataCausesReplacement property in BastionHostLinuxProps and passing that to the Instance would fix this.
e.g.
const bastionHost = new BastionHostLinux(this, 'Bastion', {
vpc,
userDataCausesReplacement: true,
});Additional Information/Context
As a workaround, I have been adding the init and initOptions properties to BastionHostLinuxProps since their existence will force the instance to be replaced when userData changes.
const bastionHost = new BastionHostLinux(this, 'Bastion', {
vpc,
init: CloudFormationInit.fromElements(),
initOptions: {},
});CDK CLI Version
2.149.0 (build c8e5924)
Framework Version
No response
Node.js Version
v18.20.2
OS
Ubuntu 20.04
Language
TypeScript
Language Version
No response
Other information
No response