AWS Management Console cannot handle binary EC2 user data

Question

This is not a question. I just wanted to put something I found out there so other people can talk about it. I didn't create a support ticket as I don't have premium support. I know that it wouldn't affect anyone in most cases.

https://repost.aws/questions/QUtZd267f4SSuyBkfNxQY1Cw/bug-report

---

If "Input is already base64-encoded" option is checked, the browser does not
handle the data as binary and try to convert the input from ISO-8859-1 to utf-8
if it "thinks" it's text data.

## Steps to reproduce
Generate the arbitrary binary. Any binary data should work as long as the JS's
algorithm determines it as text.

```sh
echo -ne '\xab\xba\xba\xbe' | base64
# q7q6vg==
```

Pick a stopped instance to play with. Put the base64 encoded text to the textbox.

![AWS Management Console EC2 "Edit user data" form](/media/postImages/original/IM-Pmgb3k5TmOpIBR2l6uJhQ)

Inspect the actual data uploaded.

```
aws --region=AA-BBBB-N ec2 describe-instance-attribute --instance-id i-NNNNNNNNNNNNNNNNN --attribute userData | jq -r '.UserData.Value' | base64 -d | hexdump -C
```

You'll see that the data is not what you put in.

```
00000000  c2 ab c2 ba c2 ba c2 ba                           |........|
00000008
```

This is a bug in in the web client. It's confirmed by inspecting the actual
request sent to the API endpoint from the browser.

![POST request capture](/media/postImages/original/IMI0oeZZnWSXekhKLv3YOWZw)

## This can complicate things
According to [the user
guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-add-user-data.html),

> User data is treated as opaque data: what you give is what you get back. It is
> up to the instance to interpret it.

User data can be set to binary data using **awscli**. It has no problem handling
binary data and sending it to the API endpoint. The endpoints does not seem to
care about the data. IMDS even returns user data to the instance as
"application/octet-stream" So in essence, you can put anything in your user
data. The AWS Management Console is built upon the assumption that the user data
is always plain text. It always try to decode and show the data as plain text.

> User data must be base64-encoded. The Amazon EC2 console can perform the
> base64-encoding for you or accept base64-encoded input.

This is just because user data has to be put in the request JSON object. Again,
nothing at EC2 end should care about the contents of the user data because it's
an attack vector if anything does.

This complicate things for users who wants to put binary data in user data using
Management Console. Using **awscli** to make launch template is not an easy task
for some people.

Answer

Hello.

I think it's a good idea to report bugs in the management console UI, etc. using the "Feedback" button at the bottom left of the screen.  
I think if you report it here, they will respond someday.  
![a](/media/postImages/original/IMCyOkdOCoSLuJq1PvUwgeew)

![b](/media/postImages/original/IMLGnXtsfEQ7iaoeeByZUyyA)

AWS Management Console cannot handle binary EC2 user data

Steps to reproduce

This can complicate things

관련 콘텐츠