Associate a new instance with a chef server from AWS userdata. Powershell version
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

UPDATE 2017-11-06: AWS now includes a userdata.ps1 script with their OpsWorks for Chef Automate starter_kit. You probably want to use that instead. The main difference in functionality is that they use the embedded openssl from chef - a much better solution (which I would have used if I knew it was included..)

Adding Nodes Automatically in AWS OpsWorks for Chef Automate

Associate a new instance with a chef server from AWS userdata.

Powershell version of the script provided at

This script allows you to automatically add nodes to AWS OpsWorks for Chef Automate. Simply provide it as userdata to an AWS instance and launch the instance. You can also add the the script to the userdata section of an Auto Scaling group launch configurations, or an AWS CloudFormation template to automatically associate new instances in an autoscaling group with a Chef server.


Your IAM instance profile must allow the following as a minimum:

    "Version": "2012-10-17",
        "Statement": [
            "Action": [
            "Effect": "Allow",
            "Resource": [


Wrap the script in <powershell></powershell> tags and add it to userdata when launching an instance, either from the AWS console, an autoscaling launch configuration or cloudformation. There is a bit more info about the script here:

Challenge in actually using it in userdata from anywhere but console

Cloudformation unfortunately has some limitations on how long a string you can pass as userdata and if you base64 encode the script, it's too large. If you just paste it into a parameter field when launching a CF you need to add ; to the end of each line as it messes up formatting. I'm currently working on better options.


The script requires OpenSSL to generate a private/public keypair. OpenSSL typically doesn't exist on Windows instances, so a binary is downloaded and installed in the Windows temp directory ($env:temp), this could certainly be done smarter.