How to Build Custom Cloud-Init Templates

How to Build Custom Cloud-Init Templates

Cloud-init runs during the first boot of a new Breeze, automating initial configuration like user creation, package installation, and network setup. Custom templates ensure every Breeze launches with your exact specifications.

Basic User-Data Template

Create a cloud-config.yml file:

#cloud-config
hostname: breeze-web-01
manage_etc_hosts: true

users:
  - name: deploy
    groups: sudo
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh_authorized_keys:
      - ssh-ed25519 AAAA... your-key-here

package_update: true
package_upgrade: true
packages:
  - curl
  - wget
  - vim
  - ufw
  - fail2ban

runcmd:
  - ufw allow 22/tcp
  - ufw allow 80/tcp
  - ufw allow 443/tcp
  - ufw --force enable
  - systemctl enable fail2ban
  - systemctl start fail2ban

Adding Write Files

Deploy configuration files on first boot:

write_files:
  - path: /etc/ssh/sshd_config.d/hardening.conf
    content: |
      PermitRootLogin no
      PasswordAuthentication no
      MaxAuthTries 3

Testing Templates

Validate your cloud-init config before deploying:

cloud-init schema --config-file cloud-config.yml
cloud-init query --format "{{v1.instance_id}}"

Tips

• Use runcmd for one-time commands and bootcmd for every-boot commands
• Set final_message to log when provisioning completes
• Store templates in version control alongside your Terraform configs