AWS Cloudformation CIDR block conflict - amazon-web-services

I am currently trying to wrap my head around how to use AWS CloudFormation service. This might be a really simple question, but I think it is very hard to understand the platform so far.
I followed Amazon's tutorial on how to create a basic web server. Going off the final template from there, I want to modify it to enable a user-defined VPC IP range. For this, I tried to add a VPC CIDR Block property, as well as modify the PublicSubnet settings to get a /24 subnet from the block property, but when trying to create a stack I get the following error message:
Here's the template I am trying to use:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation Sample Template VPC_Single_Instance_In_Subnet: Sample template showing how to create a VPC and add an EC2 instance with an Elastic IP address and a security group. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters": {
"InstanceType": {
"Description": "WebServer EC2 instance type",
"Type": "String",
"Default": "t2.micro",
"AllowedValues": [
"t1.micro",
"t2.micro",
"t2.small",
"t2.medium"
],
"ConstraintDescription": "must be a valid EC2 instance type."
},
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance.",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
},
"SSHLocation": {
"Description": " The IP address range that can be used access the web server using SSH.",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Mappings": {
"AWSInstanceType2Arch": {
"t1.micro": {"Arch": "PV64"},
"t2.micro": {"Arch": "HVM64"},
"t2.small": {"Arch": "HVM64"},
"t2.medium": {"Arch": "HVM64"}
},
"AWSRegionArch2AMI": {
"us-east-1": {
"PV64": "ami-1ccae774",
"HVM64": "ami-1ecae776",
"HVMG2": "ami-8c6b40e4"
}
}
},
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"CidrBlock": "10.0.0.0/16"
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "96a791f0-938b-4ebe-9f3c-b3fe2a588aee"}
}
},
"VpcCidrBlock": {
"Type": "AWS::EC2::VPCCidrBlock",
"Properties": {
"VpcId": {"Ref": "VPC"},
"CidrBlock": "10.0.0.0/16"
}
},
"PublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": { "Fn::Select" : [ "0", { "Fn::Cidr" : ["10.0.0.0/24", 1, 8 ]}]},
"VpcId": {"Ref": "VPC"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "3df467ad-673c-4c48-a41c-3ac1626961e3"}
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "a166c4f5-7cc4-429b-b9d8-2c8c43facc63"}
}
},
"VPCGatewayAttachment": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {"Ref": "VPC"},
"InternetGatewayId": {"Ref": "InternetGateway"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "1790ebeb-2e41-4293-8cc1-aaba134fd1e0"}
}
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Ref": "VPC"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "175bad80-0988-4588-a919-331be705b02d"}
}
},
"PublicRoute": {
"Type": "AWS::EC2::Route",
"DependsOn": "VPCGatewayAttachment",
"Properties": {
"RouteTableId": {"Ref": "PublicRouteTable"},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {"Ref": "InternetGateway"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "143bbaa1-66a2-42a5-885f-e6300817103c"}
}
},
"PublicSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {"Ref": "PublicSubnet"},
"RouteTableId": {"Ref": "PublicRouteTable"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "528e2b71-46e6-4e09-815a-f70630755219"}
}
},
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {"Ref": "VPC"},
"GroupDescription": "Allow access from HTTP and SSH traffic",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {"Ref": "SSHLocation"}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "2e76192b-a4f8-48a5-92b6-abbfa8b83263"}
}
},
"WebServerInstance": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"configSets": {
"All": ["ConfigureSampleApp"]
},
"ConfigureSampleApp": {
"packages": {
"yum": {
"httpd": []
}
},
"files": {
"/var/www/html/index.html": {
"content": {
"Fn::Join": [
"\n",
["<h1>Congratulations, you have successfully launched the AWS CloudFormation sample.</h1>"]
]
},
"mode": "000644",
"owner": "root",
"group": "root"
}
},
"services": {
"sysvinit": {
"httpd": {
"enabled": "true",
"ensureRunning": "true"
}
}
}
}
},
"AWS::CloudFormation::Designer": {"id": "0f900c9e-1272-4ec2-8a42-790b074baa39"}
},
"Properties": {
"InstanceType": {"Ref": "InstanceType"},
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2AMI",
{"Ref": "AWS::Region"},
{
"Fn::FindInMap": [
"AWSInstanceType2Arch",
{"Ref": "InstanceType"},
"Arch"
]
}
]
},
"KeyName": {"Ref": "KeyName"},
"NetworkInterfaces": [
{
"GroupSet": [
{"Ref": "WebServerSecurityGroup"}
],
"AssociatePublicIpAddress": "true",
"DeviceIndex": "0",
"DeleteOnTermination": "true",
"SubnetId": {"Ref": "PublicSubnet"}
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -xe\n",
"yum update -y aws-cfn-bootstrap\n",
"# Install the files and packages from the metadata\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ",
{"Ref": "AWS::StackName"},
" --resource WebServerInstance ",
" --configsets All ",
" --region ",
{"Ref": "AWS::Region"},
"\n",
"# Signal the status from cfn-init\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ",
{"Ref": "AWS::StackName"},
" --resource WebServerInstance ",
" --region ",
{"Ref": "AWS::Region"},
"\n"
]
]
}
}
},
"CreationPolicy": {
"ResourceSignal": {"Timeout": "PT5M"}
}
}
},
"Outputs": {
"URL": {
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Fn::GetAtt": [
"WebServerInstance",
"PublicIp"
]
}
]
]
},
"Description": "Newly created application URL"
},
"SubnetCIDR": {
"Value": {"Ref": "PublicSubnet"},
"Description": "Subnet for the application"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"a166c4f5-7cc4-429b-b9d8-2c8c43facc63": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": -40,
"y": 210
},
"z": 1,
"embeds": []
},
"96a791f0-938b-4ebe-9f3c-b3fe2a588aee": {
"size": {
"width": 320,
"height": 250
},
"position": {
"x": 70,
"y": 190
},
"z": 1,
"embeds": [
"2e76192b-a4f8-48a5-92b6-abbfa8b83263",
"175bad80-0988-4588-a919-331be705b02d"
]
},
"2e76192b-a4f8-48a5-92b6-abbfa8b83263": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 280,
"y": 370
},
"z": 2,
"parent": "96a791f0-938b-4ebe-9f3c-b3fe2a588aee",
"embeds": []
},
"175bad80-0988-4588-a919-331be705b02d": {
"size": {
"width": 120,
"height": 120
},
"position": {
"x": 90,
"y": 230
},
"z": 2,
"parent": "96a791f0-938b-4ebe-9f3c-b3fe2a588aee",
"embeds": ["143bbaa1-66a2-42a5-885f-e6300817103c"]
},
"1790ebeb-2e41-4293-8cc1-aaba134fd1e0": {
"source": {"id": "a166c4f5-7cc4-429b-b9d8-2c8c43facc63"},
"target": {"id": "96a791f0-938b-4ebe-9f3c-b3fe2a588aee"},
"z": 1
},
"143bbaa1-66a2-42a5-885f-e6300817103c": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 120,
"y": 260
},
"z": 3,
"parent": "175bad80-0988-4588-a919-331be705b02d",
"embeds": [],
"references": ["a166c4f5-7cc4-429b-b9d8-2c8c43facc63"],
"dependson": ["1790ebeb-2e41-4293-8cc1-aaba134fd1e0"],
"isrelatedto": ["a166c4f5-7cc4-429b-b9d8-2c8c43facc63"]
},
"3df467ad-673c-4c48-a41c-3ac1626961e3": {
"size": {
"width": 120,
"height": 120
},
"position": {
"x": 250,
"y": 230
},
"z": 0,
"embeds": ["0f900c9e-1272-4ec2-8a42-790b074baa39"]
},
"0f900c9e-1272-4ec2-8a42-790b074baa39": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 280,
"y": 260
},
"z": 3,
"parent": "3df467ad-673c-4c48-a41c-3ac1626961e3",
"embeds": [],
"isrelatedto": ["2e76192b-a4f8-48a5-92b6-abbfa8b83263"]
},
"13e0e0da-40c9-45d0-8460-7732ed20d764": {
"source": {"id": "96a791f0-938b-4ebe-9f3c-b3fe2a588aee"},
"target": {"id": "3df467ad-673c-4c48-a41c-3ac1626961e3"},
"z": 2
},
"528e2b71-46e6-4e09-815a-f70630755219": {
"source": {"id": "175bad80-0988-4588-a919-331be705b02d"},
"target": {"id": "3df467ad-673c-4c48-a41c-3ac1626961e3"},
"z": 2
}
}
}
}

You don't need AWS::EC2::VPCCidrBlock. Instead you add VPCCidr parameter to your template and use that:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation Sample Template VPC_Single_Instance_In_Subnet: Sample template showing how to create a VPC and add an EC2 instance with an Elastic IP address and a security group. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters": {
"InstanceType": {
"Description": "WebServer EC2 instance type",
"Type": "String",
"Default": "t2.micro",
"AllowedValues": [
"t1.micro",
"t2.micro",
"t2.small",
"t2.medium"
],
"ConstraintDescription": "must be a valid EC2 instance type."
},
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance.",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
},
"VPCCidr": {
"Type": "String",
"Default": "10.0.0.0/16"
},
"SSHLocation": {
"Description": " The IP address range that can be used access the web server using SSH.",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Mappings": {
"AWSInstanceType2Arch": {
"t1.micro": {"Arch": "PV64"},
"t2.micro": {"Arch": "HVM64"},
"t2.small": {"Arch": "HVM64"},
"t2.medium": {"Arch": "HVM64"}
},
"AWSRegionArch2AMI": {
"us-east-1": {
"PV64": "ami-1ccae774",
"HVM64": "ami-1ecae776",
"HVMG2": "ami-8c6b40e4"
}
}
},
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"CidrBlock": {"Ref": "VPCCidr"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "96a791f0-938b-4ebe-9f3c-b3fe2a588aee"}
}
},
"PublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": { "Fn::Select" : [ "0", { "Fn::Cidr" : [{"Ref": "VPCCidr"}, 1, 8 ]}]},
"VpcId": {"Ref": "VPC"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "3df467ad-673c-4c48-a41c-3ac1626961e3"}
}
},
"InternetGateway": {
"Type": "AWS::EC2::InternetGateway",
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "a166c4f5-7cc4-429b-b9d8-2c8c43facc63"}
}
},
"VPCGatewayAttachment": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {"Ref": "VPC"},
"InternetGatewayId": {"Ref": "InternetGateway"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "1790ebeb-2e41-4293-8cc1-aaba134fd1e0"}
}
},
"PublicRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Ref": "VPC"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "175bad80-0988-4588-a919-331be705b02d"}
}
},
"PublicRoute": {
"Type": "AWS::EC2::Route",
"DependsOn": "VPCGatewayAttachment",
"Properties": {
"RouteTableId": {"Ref": "PublicRouteTable"},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {"Ref": "InternetGateway"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "143bbaa1-66a2-42a5-885f-e6300817103c"}
}
},
"PublicSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {"Ref": "PublicSubnet"},
"RouteTableId": {"Ref": "PublicRouteTable"}
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "528e2b71-46e6-4e09-815a-f70630755219"}
}
},
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {"Ref": "VPC"},
"GroupDescription": "Allow access from HTTP and SSH traffic",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {"Ref": "SSHLocation"}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {"id": "2e76192b-a4f8-48a5-92b6-abbfa8b83263"}
}
},
"WebServerInstance": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"configSets": {
"All": ["ConfigureSampleApp"]
},
"ConfigureSampleApp": {
"packages": {
"yum": {
"httpd": []
}
},
"files": {
"/var/www/html/index.html": {
"content": {
"Fn::Join": [
"\n",
["<h1>Congratulations, you have successfully launched the AWS CloudFormation sample.</h1>"]
]
},
"mode": "000644",
"owner": "root",
"group": "root"
}
},
"services": {
"sysvinit": {
"httpd": {
"enabled": "true",
"ensureRunning": "true"
}
}
}
}
},
"AWS::CloudFormation::Designer": {"id": "0f900c9e-1272-4ec2-8a42-790b074baa39"}
},
"Properties": {
"InstanceType": {"Ref": "InstanceType"},
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2AMI",
{"Ref": "AWS::Region"},
{
"Fn::FindInMap": [
"AWSInstanceType2Arch",
{"Ref": "InstanceType"},
"Arch"
]
}
]
},
"KeyName": {"Ref": "KeyName"},
"NetworkInterfaces": [
{
"GroupSet": [
{"Ref": "WebServerSecurityGroup"}
],
"AssociatePublicIpAddress": "true",
"DeviceIndex": "0",
"DeleteOnTermination": "true",
"SubnetId": {"Ref": "PublicSubnet"}
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -xe\n",
"yum update -y aws-cfn-bootstrap\n",
"# Install the files and packages from the metadata\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ",
{"Ref": "AWS::StackName"},
" --resource WebServerInstance ",
" --configsets All ",
" --region ",
{"Ref": "AWS::Region"},
"\n",
"# Signal the status from cfn-init\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ",
{"Ref": "AWS::StackName"},
" --resource WebServerInstance ",
" --region ",
{"Ref": "AWS::Region"},
"\n"
]
]
}
}
},
"CreationPolicy": {
"ResourceSignal": {"Timeout": "PT5M"}
}
}
},
"Outputs": {
"URL": {
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Fn::GetAtt": [
"WebServerInstance",
"PublicIp"
]
}
]
]
},
"Description": "Newly created application URL"
},
"SubnetCIDR": {
"Value": {"Ref": "PublicSubnet"},
"Description": "Subnet for the application"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"a166c4f5-7cc4-429b-b9d8-2c8c43facc63": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": -40,
"y": 210
},
"z": 1,
"embeds": []
},
"96a791f0-938b-4ebe-9f3c-b3fe2a588aee": {
"size": {
"width": 320,
"height": 250
},
"position": {
"x": 70,
"y": 190
},
"z": 1,
"embeds": [
"2e76192b-a4f8-48a5-92b6-abbfa8b83263",
"175bad80-0988-4588-a919-331be705b02d"
]
},
"2e76192b-a4f8-48a5-92b6-abbfa8b83263": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 280,
"y": 370
},
"z": 2,
"parent": "96a791f0-938b-4ebe-9f3c-b3fe2a588aee",
"embeds": []
},
"175bad80-0988-4588-a919-331be705b02d": {
"size": {
"width": 120,
"height": 120
},
"position": {
"x": 90,
"y": 230
},
"z": 2,
"parent": "96a791f0-938b-4ebe-9f3c-b3fe2a588aee",
"embeds": ["143bbaa1-66a2-42a5-885f-e6300817103c"]
},
"1790ebeb-2e41-4293-8cc1-aaba134fd1e0": {
"source": {"id": "a166c4f5-7cc4-429b-b9d8-2c8c43facc63"},
"target": {"id": "96a791f0-938b-4ebe-9f3c-b3fe2a588aee"},
"z": 1
},
"143bbaa1-66a2-42a5-885f-e6300817103c": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 120,
"y": 260
},
"z": 3,
"parent": "175bad80-0988-4588-a919-331be705b02d",
"embeds": [],
"references": ["a166c4f5-7cc4-429b-b9d8-2c8c43facc63"],
"dependson": ["1790ebeb-2e41-4293-8cc1-aaba134fd1e0"],
"isrelatedto": ["a166c4f5-7cc4-429b-b9d8-2c8c43facc63"]
},
"3df467ad-673c-4c48-a41c-3ac1626961e3": {
"size": {
"width": 120,
"height": 120
},
"position": {
"x": 250,
"y": 230
},
"z": 0,
"embeds": ["0f900c9e-1272-4ec2-8a42-790b074baa39"]
},
"0f900c9e-1272-4ec2-8a42-790b074baa39": {
"size": {
"width": 60,
"height": 60
},
"position": {
"x": 280,
"y": 260
},
"z": 3,
"parent": "3df467ad-673c-4c48-a41c-3ac1626961e3",
"embeds": [],
"isrelatedto": ["2e76192b-a4f8-48a5-92b6-abbfa8b83263"]
},
"13e0e0da-40c9-45d0-8460-7732ed20d764": {
"source": {"id": "96a791f0-938b-4ebe-9f3c-b3fe2a588aee"},
"target": {"id": "3df467ad-673c-4c48-a41c-3ac1626961e3"},
"z": 2
},
"528e2b71-46e6-4e09-815a-f70630755219": {
"source": {"id": "175bad80-0988-4588-a919-331be705b02d"},
"target": {"id": "3df467ad-673c-4c48-a41c-3ac1626961e3"},
"z": 2
}
}
}
}

Related

How to solve JSON error on AWS Bad String?

Don't know where is the bad string here, someone can help me?
It appears like a bad error message on the AWS Console, but i can't find what am i missing here.
This script is to create VPCs, Routes, IGW and a Palo Alto Firewall, think that the problem is some ] or } that i am missing.
Do we have a tool to analyze it, instead of searching manually?
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "PANW Firewall (sample-cft).",
"Parameters": {
"BootstrapBucketName":{
"Description": "Bucket name for FW bootstrap configuration",
"Type": "String"
},
"ServerKeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the FW (Hint: You MUST have its private key)",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings": {
"PANFWRegionMap" : {
"us-west-2" : { "AMI": "ami-d28992ab"},
"ap-northeast-1" : { "AMI": "ami-ab04e7cd"},
"us-west-1" : { "AMI": "ami-0f88a16f"},
"ap-northeast-2" : { "AMI": "ami-6cbd6402"},
"ap-southeast-1" : { "AMI": "ami-1897057b"},
"ap-southeast-2" : { "AMI": "ami-8ed3cced"},
"eu-central-1" : { "AMI": "ami-6df35f02"},
"eu-west-1" : { "AMI": "ami-86d63eff"},
"eu-west-2" : { "AMI": "ami-3c170658"},
"sa-east-1" : { "AMI": "ami-15651279"},
"us-east-1" : { "AMI": "ami-0d7ef242edccdad95"},
"us-east-2" : { "AMI": "ami-f1200094"},
"ca-central-1" : { "AMI": "ami-0f08b76b"},
"ap-south-1" : { "AMI": "ami-1ffc8470"}
},
"Resources": {
"BootstrapRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
} ]
},
"Path":"/",
"Policies": [ {
"PolicyName" : "BootstrapRolePolicy",
"PolicyDocument": {
"Version" : "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": { "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "BootstrapBucketName" }]]}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": { "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "BootstrapBucketName" } , "/*" ]]}
}]
}
}]
}
},
"BootstrapInstanceProfile":{
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [ {
"Ref": "BootstrapRole"
}]
}
},
"NewVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
}
},
"PublicElasticIP": {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
},
"DependsOn": [ "NewVPC" ]
},
"ManagementElasticIP": {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
},
"DependsOn": [ "NewVPC" ]
},
"NewDBSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.2.0/24",
"VpcId": {"Ref": "NewVPC"},
"AvailabilityZone": "" ,
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn": "NewVPC"
},
"NewPublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"VpcId": {"Ref": "NewVPC"},
"AvailabilityZone": { "Fn::GetAtt" : [ "NewDBSubnet", "AvailabilityZone" ] },
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn": [ "NewVPC", "NewDBSubnet" ]
},
"NewWebSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": { "Fn::GetAtt" : [ "NewDBSubnet", "AvailabilityZone" ] },
"VpcId": {"Ref": "NewVPC"},
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn":[ "NewVPC", "NewDBSubnet" ]
},
"igweb3def8e": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
}
},
"dopt21c7d043": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "us-west-2.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
]
}
},
"aclb765d6d2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"rtb059a2460": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"rtb049a2461": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"FWManagementNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 MGMT",
"SubnetId": {"Ref": "NewPublicSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.0.99",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 MGMT"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPublicNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/1",
"SubnetId": {"Ref": "NewPublicSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.0.100",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 E1/1"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPrivate12NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/2",
"SubnetId": {"Ref": "NewWebSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.1.11",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 E1/2"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPrivate13NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/3",
"SubnetId": {"Ref": "NewDBSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.2.11",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name", "Value": "WP AWS FW1 E1/3"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWEIPMAnagementAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": { "Fn::GetAtt": [ "ManagementElasticIP", "AllocationId" ] },
"NetworkInterfaceId": { "Ref": "FWManagementNetworkInterface" }
},
"DependsOn": [ "FWManagementNetworkInterface", "ManagementElasticIP" ]
},
"FWEIPPublicAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": { "Fn::GetAtt": [ "PublicElasticIP", "AllocationId" ] },
"NetworkInterfaceId": { "Ref": "FWPublicNetworkInterface" }
},
"DependsOn": [ "FWPublicNetworkInterface", "PublicElasticIP" ]
},
"sgWideOpen": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Wide open security group",
"VpcId": {"Ref": "NewVPC"},
"Tags": [{"Key": "Name","Value": "Lab External SG"}],
"SecurityGroupIngress" : [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress" : [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewDBSubnet"}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewPublicSubnet"}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewWebSubnet"}
}
},
"gw1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {"Ref": "NewVPC"},
"InternetGatewayId": {"Ref": "igweb3def8e"}
}
},
"subnetroute2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {"Ref": "rtb049a2461"},
"SubnetId": {"Ref": "NewPublicSubnet"}
}
},
"route1": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {"Ref": "rtb059a2460"},
"GatewayId": {"Ref": "igweb3def8e"}
},
"DependsOn": "gw1"
},
"route2": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {"Ref": "rtb049a2461"},
"GatewayId": {"Ref": "igweb3def8e"}
},
"DependsOn": "gw1"
},
"dchpassoc1": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {"Ref": "NewVPC"},
"DhcpOptionsId": {"Ref": "dopt21c7d043"}
}
},
"FWInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"IamInstanceProfile": {"Ref": "BootstrapInstanceProfile"},
"InstanceInitiatedShutdownBehavior": "stop",
"EbsOptimized": "true",
"ImageId": { "Fn::FindInMap" : [ "PANFWRegionMap", { "Ref" : "AWS::Region" }, "AMI" ] },
"InstanceType": "m4.xlarge",
"BlockDeviceMappings" :
[
{
"DeviceName" : "/dev/xvda",
"Ebs" :
{
"VolumeType" : "gp2",
"DeleteOnTermination" : "true",
"VolumeSize" : "60"
}
}
],
"KeyName": { "Ref" : "ServerKeyName" },
"Monitoring": "false",
"Tags": [{ "Key": "Name", "Value": "WP VM-Series Firewall" }],
"NetworkInterfaces": [
{
"NetworkInterfaceId": { "Ref": "FWManagementNetworkInterface"},
"DeviceIndex": 0
},
{
"NetworkInterfaceId": { "Ref": "FWPublicNetworkInterface"},
"DeviceIndex": 1
},
{
"NetworkInterfaceId": { "Ref": "FWPrivate12NetworkInterface"},
"DeviceIndex": 2
},
{
"NetworkInterfaceId": { "Ref": "FWPrivate13NetworkInterface"},
"DeviceIndex": 3
}
],
"UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
"vmseries-bootstrap-aws-s3bucket=", { "Ref" : "BootstrapBucketName" }
]]}}
},
"DependsOn": [ "FWPublicNetworkInterface", "FWPrivate12NetworkInterface", "FWPrivate13NetworkInterface", "NewPublicSubnet" ]
},
"Outputs": {
"FirewallManagementURL": {
"Description": "VM-Series management interface URL",
"Value": { "Fn::Join" : ["", [
"https://",
{ "Ref": "ManagementElasticIP"}
]]}}
},
}]]
}
}
}
Yes, you had missing } and some extra ,. Below is valid json. The template may have other issues, but your current error is about invalid json, so I fixed only that. For new issues, please make new question.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "PANW Firewall (sample-cft).",
"Parameters": {
"BootstrapBucketName": {
"Description": "Bucket name for FW bootstrap configuration",
"Type": "String"
},
"ServerKeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the FW (Hint: You MUST have its private key)",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings": {
"PANFWRegionMap": {
"us-west-2": {
"AMI": "ami-d28992ab"
},
"ap-northeast-1": {
"AMI": "ami-ab04e7cd"
},
"us-west-1": {
"AMI": "ami-0f88a16f"
},
"ap-northeast-2": {
"AMI": "ami-6cbd6402"
},
"ap-southeast-1": {
"AMI": "ami-1897057b"
},
"ap-southeast-2": {
"AMI": "ami-8ed3cced"
},
"eu-central-1": {
"AMI": "ami-6df35f02"
},
"eu-west-1": {
"AMI": "ami-86d63eff"
},
"eu-west-2": {
"AMI": "ami-3c170658"
},
"sa-east-1": {
"AMI": "ami-15651279"
},
"us-east-1": {
"AMI": "ami-0d7ef242edccdad95"
},
"us-east-2": {
"AMI": "ami-f1200094"
},
"ca-central-1": {
"AMI": "ami-0f08b76b"
},
"ap-south-1": {
"AMI": "ami-1ffc8470"
}
}
},
"Resources": {
"BootstrapRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}]
},
"Path": "/",
"Policies": [{
"PolicyName": "BootstrapRolePolicy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": {
"Fn::Join": ["", ["arn:aws:s3:::", {
"Ref": "BootstrapBucketName"
}]]
}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": {
"Fn::Join": ["", ["arn:aws:s3:::", {
"Ref": "BootstrapBucketName"
}, "/*"]]
}
}
]
}
}]
}
},
"BootstrapInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [{
"Ref": "BootstrapRole"
}]
}
},
"NewVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
}
},
"PublicElasticIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
},
"DependsOn": ["NewVPC"]
},
"ManagementElasticIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
},
"DependsOn": ["NewVPC"]
},
"NewDBSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.2.0/24",
"VpcId": {
"Ref": "NewVPC"
},
"AvailabilityZone": "",
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": "NewVPC"
},
"NewPublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"VpcId": {
"Ref": "NewVPC"
},
"AvailabilityZone": {
"Fn::GetAtt": ["NewDBSubnet", "AvailabilityZone"]
},
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": ["NewVPC", "NewDBSubnet"]
},
"NewWebSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": {
"Fn::GetAtt": ["NewDBSubnet", "AvailabilityZone"]
},
"VpcId": {
"Ref": "NewVPC"
},
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": ["NewVPC", "NewDBSubnet"]
},
"igweb3def8e": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
}
},
"dopt21c7d043": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "us-west-2.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
]
}
},
"aclb765d6d2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"rtb059a2460": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"rtb049a2461": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"FWManagementNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 MGMT",
"SubnetId": {
"Ref": "NewPublicSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.0.99",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 MGMT"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPublicNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/1",
"SubnetId": {
"Ref": "NewPublicSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.0.100",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/1"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPrivate12NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/2",
"SubnetId": {
"Ref": "NewWebSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.1.11",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/2"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPrivate13NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/3",
"SubnetId": {
"Ref": "NewDBSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.2.11",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/3"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWEIPMAnagementAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["ManagementElasticIP", "AllocationId"]
},
"NetworkInterfaceId": {
"Ref": "FWManagementNetworkInterface"
}
},
"DependsOn": ["FWManagementNetworkInterface", "ManagementElasticIP"]
},
"FWEIPPublicAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["PublicElasticIP", "AllocationId"]
},
"NetworkInterfaceId": {
"Ref": "FWPublicNetworkInterface"
}
},
"DependsOn": ["FWPublicNetworkInterface", "PublicElasticIP"]
},
"sgWideOpen": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Wide open security group",
"VpcId": {
"Ref": "NewVPC"
},
"Tags": [{
"Key": "Name",
"Value": "Lab External SG"
}],
"SecurityGroupIngress": [{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}],
"SecurityGroupEgress": [{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}]
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewDBSubnet"
}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewPublicSubnet"
}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewWebSubnet"
}
}
},
"gw1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
},
"InternetGatewayId": {
"Ref": "igweb3def8e"
}
}
},
"subnetroute2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "rtb049a2461"
},
"SubnetId": {
"Ref": "NewPublicSubnet"
}
}
},
"route1": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtb059a2460"
},
"GatewayId": {
"Ref": "igweb3def8e"
}
},
"DependsOn": "gw1"
},
"route2": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtb049a2461"
},
"GatewayId": {
"Ref": "igweb3def8e"
}
},
"DependsOn": "gw1"
},
"dchpassoc1": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
},
"DhcpOptionsId": {
"Ref": "dopt21c7d043"
}
}
},
"FWInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"IamInstanceProfile": {
"Ref": "BootstrapInstanceProfile"
},
"InstanceInitiatedShutdownBehavior": "stop",
"EbsOptimized": "true",
"ImageId": {
"Fn::FindInMap": ["PANFWRegionMap", {
"Ref": "AWS::Region"
}, "AMI"]
},
"InstanceType": "m4.xlarge",
"BlockDeviceMappings": [{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp2",
"DeleteOnTermination": "true",
"VolumeSize": "60"
}
}],
"KeyName": {
"Ref": "ServerKeyName"
},
"Monitoring": "false",
"Tags": [{
"Key": "Name",
"Value": "WP VM-Series Firewall"
}],
"NetworkInterfaces": [{
"NetworkInterfaceId": {
"Ref": "FWManagementNetworkInterface"
},
"DeviceIndex": 0
},
{
"NetworkInterfaceId": {
"Ref": "FWPublicNetworkInterface"
},
"DeviceIndex": 1
},
{
"NetworkInterfaceId": {
"Ref": "FWPrivate12NetworkInterface"
},
"DeviceIndex": 2
},
{
"NetworkInterfaceId": {
"Ref": "FWPrivate13NetworkInterface"
},
"DeviceIndex": 3
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": ["", [
"vmseries-bootstrap-aws-s3bucket=", {
"Ref": "BootstrapBucketName"
}
]]
}
}
},
"DependsOn": ["FWPublicNetworkInterface", "FWPrivate12NetworkInterface", "FWPrivate13NetworkInterface", "NewPublicSubnet"]
},
"Outputs": {
"FirewallManagementURL": {
"Description": "VM-Series management interface URL",
"Value": {
"Fn::Join": ["", [
"https://",
{
"Ref": "ManagementElasticIP"
}
]]
}
}
}
}
}

Cloudformation application load balancer elastic IP error

I am trying to automate a stack consisting of one Fargate cluster, multiple services and one application load balancer with Cloudformation.
Unfortunately the creation of the LoadBalancer fails with the following error message: "Elastic IPs are not supported for load balancers with type 'application'"
I know that elastic IPs are not supported however I cannot figure out why Cloudformation tries to assign an elastic IP to my loadbalancer. I found no hints in the reference about some value defaulting to elastic IP assignment.
"Resources": {
"Cluster": {
"Type": "AWS::ECS::Cluster",
"Properties": {}
},
"Service": {
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": {
"Ref": "Cluster"
},
"TaskDefinition": {
"Ref": "Task"
},
"LoadBalancers": [
{
"ContainerName": "service1",
"ContainerPort": 80,
"LoadBalancerName": {
"Ref": "LoadBalancer"
},
"TargetGroupArn": {
"Ref": "TargetGroup"
}
}
],
"NetworkConfiguration": {
"AwsvpcConfiguration": {
"AssignPublicIp": "false",
"Subnets": [
{
"Ref": "Subnet1"
},
{
"Ref": "Subnet2"
}
]
}
}
}
},
"Task": {
"Type": "AWS::ECS::TaskDefinition",
"Properties": {
"ContainerDefinitions": [
{
"PortMappings": [
{
"HostPort": 80,
"Protocol": "tcp",
"ContainerPort": 80
}
],
"Environment": [
{
"Name": "SERVER_PORT",
"Value": "80"
}
],
"Image": "arn",
"Essential": true,
"Name": "service1",
"Memory": 2048
}
],
"TaskRoleArn": "arn",
"NetworkMode": "awsvpc"
}
},
"LoadBalancer": {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Properties": {
"SubnetMappings": [
{
"SubnetId": {
"Ref": "Subnet1"
},
"AllocationId": "subnet-1"
},
{
"SubnetId": {
"Ref": "Subnet2"
},
"AllocationId": "subnet-2"
}
],
"SecurityGroups": [
{
"Ref": "VPCSecurityGroup"
}
]
}
},
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16"
}
},
"VPCSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"GroupDescription": "security group"
}
},
"Subnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.0.0/24",
"MapPublicIpOnLaunch": false
}
},
"Subnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.1.0/24",
"MapPublicIpOnLaunch": false
}
},
"Listener": {
"Type": "AWS::ElasticLoadBalancingV2::Listener",
"Properties": {
"LoadBalancerArn": {
"Ref": "LoadBalancer"
},
"DefaultActions": [
{
"Type": "FORWARD"
}
],
"Port": 443,
"Protocol": "HTTPS",
"Certificates": [
{
"CertificateArn": "arn"
}
]
}
},
"TargetGroup": {
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"Port": 80,
"Protocol": "HTTP"
}
},
"ListenerRule": {
"Type": "AWS::ElasticLoadBalancingV2::ListenerRule",
"Properties": {
"Actions": [
{
"Type": "FORWARD"
}
],
"Priority": 1,
"Conditions": [],
"ListenerArn": {
"Ref": "Listener"
}
}
}
I fixed the elastic IP error by removing the SubnetMappings property and declaring the Subnets property instead.
"LoadBalancer": {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Properties": {
"Subnets": [
{
"Ref": "PublicSubnet1"
},
{
"Ref": "PublicSubnet2"
}
],
"SecurityGroups": [
{
"Ref": "VPCSecurityGroup"
}
]
}
}

How can i ensure NAT is up before instances

My instances when created by my cloudformation template do not run yum update or install aws-cfn-bootstrap. I see a timeout in the logs however it works after I login and they have fully booted.
Logs show me they are unable to connect at boot, I think because the natgw hasn't been built yet. It was working yesterday i have been tweaking since but cannot seem to get it to load anymore.
"Parameters": {
"ONtestenv": {
"Description": "env name",
"Type": "String"
},
"ONcidr": {
"Description": "subs for vpc",
"Type": "String",
"Default": "10.0.0.0/16"
},
"pubONsubnet": {
"Description": "pub sub block",
"Type": "String",
"Default": "10.0.0.0/24"
},
"privONsubnet": {
"Description": "priv subn clok",
"Type": "String",
"Default": "10.0.1.0/24"
},
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
},
"SSHLocation": {
"Description": "The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
},
"InstanceType": {
"Description": "WebServer EC2 instance type",
"Type": "String",
"Default": "t2.micro",
"AllowedValues": [
"t2.micro",
"m1.small",
"m1.medium",
"m1.large",
"m1.xlarge",
"m2.xlarge",
"m2.2xlarge",
"m2.4xlarge"
],
"ConstraintDescription": "must be a valid EC2 instance type."
}
},
"Mappings": {
"Region2Examples": {
"us-east-1": {
"Examples": "https://s3.amazonaws.com/cloudformation-examples-us-east-1"
},
"ca-central-1": {
"Examples": "https://s3.amazonaws.com/cloudformation-examples-us-east-1"
},
"us-west-2": {
"Examples": "https://s3-us-west-2.amazonaws.com/cloudformation-examples-us-west-2"
},
"us-west-1": {
"Examples": "https://s3-us-west-1.amazonaws.com/cloudformation-examples-us-west-1"
},
"eu-west-1": {
"Examples": "https://s3-eu-west-1.amazonaws.com/cloudformation-examples-eu-west-1"
},
"eu-central-1": {
"Examples": "https://s3-eu-central-1.amazonaws.com/cloudformation-examples-eu-central-1"
},
"ap-southeast-1": {
"Examples": "https://s3-ap-southeast-1.amazonaws.com/cloudformation-examples-ap-southeast-1"
},
"us-east-2": {
"Examples": "https://s3-us-east-2.amazonaws.com/cloudformation-examples-us-east-2"
},
"sa-east-1": {
"Examples": "https://s3-sa-east-1.amazonaws.com/cloudformation-examples-sa-east-1"
},
"cn-north-1": {
"Examples": "https://s3.cn-north-1.amazonaws.com.cn/cloudformation-examples-cn-north-1"
}
},
"AWSInstanceType2Arch": {
"t2.micro": {
"Arch": "64"
},
"m1.small": {
"Arch": "64"
},
"m1.medium": {
"Arch": "64"
},
"m1.large": {
"Arch": "64"
},
"m1.xlarge": {
"Arch": "64"
},
"m2.xlarge": {
"Arch": "64"
},
"m2.2xlarge": {
"Arch": "64"
},
"m2.4xlarge": {
"Arch": "64"
},
"c1.medium": {
"Arch": "64"
},
"c1.xlarge": {
"Arch": "64"
},
"cc1.4xlarge": {
"Arch": "64HVM"
},
"cc2.8xlarge": {
"Arch": "64HVM"
},
"cg1.4xlarge": {
"Arch": "64HVM"
}
},
"AWSRegionArch2AMI": {
"us-east-1": {
"32": "ami-31814f58",
"64": "ami-1b814f72",
"64HVM": "ami-0da96764"
},
"ca-central-1": {
"32": "ami-31814f58",
"64": "ami-b61b96d2",
"64HVM": "ami-b61b96d2"
},
"us-west-2": {
"32": "ami-38fe7308",
"64": "ami-30fe7300",
"64HVM": "NOT_YET_SUPPORTED"
},
"us-west-1": {
"32": "ami-11d68a54",
"64": "ami-1bd68a5e",
"64HVM": "NOT_YET_SUPPORTED"
},
"eu-west-1": {
"32": "ami-973b06e3",
"64": "ami-953b06e1",
"64HVM": "NOT_YET_SUPPORTED"
},
"ap-southeast-1": {
"32": "ami-b4b0cae6",
"64": "ami-beb0caec",
"64HVM": "NOT_YET_SUPPORTED"
},
"ap-northeast-1": {
"32": "ami-0644f007",
"64": "ami-0a44f00b",
"64HVM": "NOT_YET_SUPPORTED"
},
"sa-east-1": {
"32": "ami-3e3be423",
"64": "ami-3c3be421",
"64HVM": "NOT_YET_SUPPORTED"
}
}
},
"Resources": {
"ONtestVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": {
"Ref": "ONcidr"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Ref": "ONtestenv"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "3321d2b3-88cd-4e8f-bef1-b5d0b853ca46"
}
}
},
"ONIG": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": {
"Ref": "ONtestenv"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "d5878b9e-87f5-4088-8401-1a60d827a01a"
}
}
},
"ONgatewayattach": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"InternetGatewayId": {
"Ref": "ONIG"
},
"VpcId": {
"Ref": "ONtestVPC"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "b654db30-aa3f-4ffe-ab5c-27b9a14be28e"
}
}
},
"natGW": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"natEIP",
"AllocationId"
]
},
"SubnetId": {
"Ref": "pubsub"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "b030b414-e088-4733-8d0a-bbe426610828"
}
}
},
"pubsub": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "ONtestVPC"
},
"AvailabilityZone": {
"Fn::Select": [
0,
{
"Fn::GetAZs": ""
}
]
},
"CidrBlock": {
"Ref": "pubONsubnet"
},
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${ONtestenv} pub sub"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "dd0e3e42-3b94-4ffe-a8e3-85690934c839"
}
}
},
"privsub": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "ONtestVPC"
},
"AvailabilityZone": {
"Fn::Select": [
0,
{
"Fn::GetAZs": ""
}
]
},
"CidrBlock": {
"Ref": "privONsubnet"
},
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${ONtestenv} priv sub"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "4cfc646e-acb2-45ea-a075-596b7453e7d7"
}
}
},
"natEIP": {
"Type": "AWS::EC2::EIP",
"DependsOn": "ONgatewayattach",
"Properties": {
"Domain": "vpc"
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "c3501a25-dec8-4d5b-a8af-4c8ddc2b8c48"
}
}
},
"pubroutes": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ONtestVPC"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${ONtestenv} pub routes"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "15610e2e-2838-4b07-9ed0-3339a8ee2c6b"
}
}
},
"defaultpubroute": {
"Type": "AWS::EC2::Route",
"DependsOn": "ONgatewayattach",
"Properties": {
"RouteTableId": {
"Ref": "pubroutes"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ONIG"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "2ccd0372-a83b-42cf-8d24-4bf2937f9db2"
}
}
},
"pubsubrtassoc": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "pubroutes"
},
"SubnetId": {
"Ref": "pubsub"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "871f2e97-ff70-4bcf-a707-07cd7629a070"
}
}
},
"privroutetable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ONtestVPC"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${ONtestenv} priv routes"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "e3959861-54ef-41eb-8732-644b3302f1a2"
}
}
},
"defaultprivroute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "privroutetable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "natGW"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "0bd7af21-8d8c-4bcb-ac8d-b7a0c1bcc7f1"
}
}
},
"privsubrtassoc": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "privroutetable"
},
"SubnetId": {
"Ref": "privsub"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "e4a0e22d-b70f-498f-8269-7569a2a260cc"
}
}
},
"SG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable ping and ssh access via port 22 and ALL from VPC CIDR",
"VpcId": {
"Ref": "ONtestVPC"
},
"SecurityGroupIngress": [
{
"IpProtocol": "icmp",
"FromPort": "8",
"ToPort": "-1",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "udp",
"FromPort": "1",
"ToPort": "65535",
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"FromPort": "1",
"ToPort": "65535",
"CidrIp": "10.0.0.0/16"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "64176529-142e-41de-a97d-b4306dd2c445"
}
}
},
"webAutoscalingGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
},
"LoadBalancerNames": [
{
"Ref": "ElasticLoadBalancer"
}
],
"MaxSize": 4,
"MinSize": 2,
"VPCZoneIdentifier": [
{
"Ref": "pubsub"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "a331154a-b1ca-416c-80d3-651425c8ad8e"
}
}
},
"webAutoscalePolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Description": "A policy to expand the size of the pool by 1 instance",
"Properties": {
"AutoScalingGroupName": {
"Ref": "webAutoscalingGroup"
},
"AdjustmentType": "ChangeInCapacity",
"Cooldown": 300,
"ScalingAdjustment": 1
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "77ce9e6f-f50d-4f96-a229-76ffe3bfc32a"
}
}
},
"webAutoScaleAlarm": {
"Type": "AWS::CloudWatch::Alarm",
"Description": "When average bandwidth for the instances exceeds a threshold trigger\nthe policy (increasing instance count by 1)\n",
"Properties": {
"AlarmName": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"bytes out alarm"
]
]
},
"AlarmDescription": "This metric monitors network utilization",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"EvaluationPeriods": 2,
"MetricName": "NetworkIn",
"Namespace": "AWS/EC2",
"Period": 60,
"Statistic": "Average",
"Threshold": 5000,
"Dimensions": [
{
"Name": "AutoScalingGroupName",
"Value": {
"Ref": "webAutoscalingGroup"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "e04f759b-93b9-4072-8966-484a4e953230"
}
}
},
"LBSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SSH and HTTP inbound, egress to VPC",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "SSHLocation"
}
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": 0,
"ToPort": 65535,
"CidrIp": "0.0.0.0/0"
}
],
"VpcId": {
"Ref": "ONtestVPC"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "f6b443e1-6c3f-4e3c-bcc4-fbccb527b1f1"
}
}
},
"ElasticLoadBalancer": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Subnets": [
{
"Ref": "pubsub"
}
],
"CrossZone": "true",
"Listeners": [
{
"LoadBalancerPort": "80",
"InstancePort": "80",
"Protocol": "HTTP"
}
],
"HealthCheck": {
"Target": "HTTP:80/",
"HealthyThreshold": "3",
"UnhealthyThreshold": "5",
"Interval": "30",
"Timeout": "5"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "33772321-0e4d-4a0e-bfc6-e4196b7cdead"
}
}
},
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SSH inbound, port 80 inbound from the load balancer",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "SSHLocation"
}
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "SSHLocation"
}
}
],
"VpcId": {
"Ref": "ONtestVPC"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "9bed003f-7101-4f65-a41c-175bfa579c08"
}
}
},
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Metadata": {
"Comment": "Install a simple application",
"AWS::CloudFormation::Init": {
"config": {
"packages": {
"yum": {
"httpd": []
}
},
"files": {
"/var/www/html/index.html": {
"content": {
"Fn::Join": [
"\n",
[
"<img src=\"",
{
"Fn::FindInMap": [
"Region2Examples",
{
"Ref": "AWS::Region"
},
"Examples"
]
},
"/cloudformation_graphic.png\" alt=\"AWS CloudFormation Logo\"/>",
"<h1>Congratulations, you have successfully launched the AWS CloudFormation sample.</h1>"
]
]
},
"mode": "000644",
"owner": "root",
"group": "root"
},
"/etc/cfn/cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/etc/cfn/hooks.d/cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.LaunchConfig.Metadata.AWS::CloudFormation::Init\n",
"action=/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource LaunchConfig ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"runas=root\n"
]
]
}
}
},
"services": {
"sysvinit": {
"httpd": {
"enabled": "true",
"ensureRunning": "true"
},
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"/etc/cfn/cfn-hup.conf",
"/etc/cfn/hooks.d/cfn-auto-reloader.conf"
]
}
}
}
}
},
"AWS::CloudFormation::Designer": {
"id": "fb6eab98-3a1b-426a-945f-14c25bb99862"
}
},
"Properties": {
"KeyName": {
"Ref": "KeyName"
},
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2AMI",
{
"Ref": "AWS::Region"
},
{
"Fn::FindInMap": [
"AWSInstanceType2Arch",
{
"Ref": "InstanceType"
},
"Arch"
]
}
]
},
"SecurityGroups": [
{
"Ref": "InstanceSecurityGroup"
}
],
"InstanceType": {
"Ref": "InstanceType"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -xe\n",
"yum update -y aws-cfn-bootstrap\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource LaunchConfig ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource WebServerGroup ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
}
}
},
"Outputs": {
"VPC": {
"Description": "A reference to the created VPC",
"Value": {
"Ref": "ONtestVPC"
}
},
"PublicSubnet": {
"Description": "public subnet",
"Value": {
"Fn::Join": [
",",
[
{
"Ref": "pubsub"
}
]
]
}
},
"PrivateSubnet": {
"Description": "private subnet",
"Value": {
"Fn::Join": [
",",
[
{
"Ref": "privsub"
}
]
]
}
}
}
}```
I am hoping it will install the simple httpd server but it does not. I am able to run the exact same command ```yum update -y``` after it's booted and I login to it.
You can put a DependsOn condition on the Auto Scaling group referencing the natGW, so that it won't launch instances until the NAT Gateway is ready.
See: DependsOn Attribute - AWS CloudFormation
CloudFormation normally figures out "depends on" linkages automatically, based on references from one resource to another (eg a Subnet references a VPC, so CloudFormation waits for the VPC to be ready before creating the Subnet).
However, not all relationships are obvious such as between your Auto Scaling group and the NAT Gateway. For these situations, you can manually add a DependsOn.
It can also be beneficial to use multiple stacks. This reduces the number of resource dependencies that need to be specified.
Key things like a NAT Gateway should be in one of the first stacks and then if you put things like an autoscaling group in a stack added later the dependency doesn't have to be specified as the NAT Gateway will already be up from the earlier stack.

AWS cloud formation cannot valid instance id

I am creating a cloudformation template in AWS. I am still getting an error:
WaitCondition received failed message: 'ValidationError:' for uniqueId: i-04885f92b0b4a99ab
I have tried change instance id. and many other way. none of these works.
The error occurred on AWS::CloudFormation::WaitCondition
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"InstanceType": {
"Description": "FormEngine EC2 instance type",
"Type": "String",
"Default": "t2.micro"
}
},
"Mappings": {
"AWSInstanceType2Arch": {
"t2.micro": {
"Arch": "64"
}
},
"AWSRegionArch2AMI": {
"us-west-2": {
"64": "ami-f2d3638a"
}
}
},
"Resources": {
"WebServerGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable SSH and HTTP access",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"CfnUser": {
"Type": "AWS::IAM::User",
"Properties": {
"Path": "/",
"Policies": [
{
"PolicyName": "Admin",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
}
]
}
},
"HostKeys": {
"Type": "AWS::IAM::AccessKey",
"Properties": {
"UserName": {
"Ref": "CfnUser"
}
}
},
"WebServer": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"config": {
"packages": {
"yum": {
"java-1.6.0-openjdk": [],
"tomcat6": [],
"httpd": []
}
},
"files": {
"/var/www/html/index.html": {
"source": "http://a00807428-lab02/index.html",
"mode": "000600",
"owner": "apache",
"group": "apache"
},
"/var/www/html/index.html": {
"source": "http://a00807428-lab02/index.html",
"mode": "000600",
"owner": "apache",
"group": "apache"
}
}
}
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2AMI",
{
"Ref": "AWS::Region"
},
{
"Fn::FindInMap": [
"AWSInstanceType2Arch",
{
"Ref": "InstanceType"
},
"Arch"
]
}
]
},
"InstanceType": {
"Ref": "InstanceType"
},
"SecurityGroups": [
{
"Ref": "WebServerGroup"
}
],
"KeyName": {
"Ref": "KeyName"
},
"Tags": [
{
"Key": "Name",
"Value": "WebServer"
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -v\n",
"date > /home/ec2-user/starttime\n",
"yum update -y aws-cfn-bootstrap\n",
"## Error reporting helper function\n",
"function error_exit\n",
"{\n",
" /opt/aws/bin/cfn-signal -e 1 -r \"$1\" '",
{
"Ref": "WaitHandle"
},
"'\n",
" exit 1\n",
"}\n",
"## Initialize CloudFormation bits\n",
"/opt/aws/bin/cfn-init -v -s ",
{
"Ref": "AWS::StackId"
},
" -r FormEngine",
" --access-key ",
{
"Ref": "HostKeys"
},
" --secret-key ",
{
"Fn::GetAtt": [
"HostKeys",
"SecretAccessKey"
]
},
" --region ",
{
"Ref": "AWS::Region"
},
" > /tmp/cfn-init.log 2>&1 || error_exit $(</tmp/cfn-init.log)\n",
"# Configure Apache HTTPD\n",
"chkconfig httpd on\n",
"chkconfig --level 345 httpd on\n",
"# Start servers\n",
"/etc/init.d/httpd start\n",
"# Send signal to WaitHandle that the setup is completed\n",
"/opt/aws/bin/cfn-signal",
" -e 0",
" '",
{
"Ref": "WaitHandle"
},
"'",
"\n",
"date > /home/ec2-user/stoptime"
]
]
}
}
}
},
"WaitHandle": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
"WaitCondition": {
"Type": "AWS::CloudFormation::WaitCondition",
"DependsOn": "WebServer",
"Properties": {
"Handle": {
"Ref": "WaitHandle"
},
"Timeout": "1200"
}
},
"IPAddress": {
"Type": "AWS::EC2::EIP"
},
"IPAssoc": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"InstanceId": {
"Ref": "WebServer"
},
"EIP": {
"Ref": "IPAddress"
}
}
}
},
"Outputs": {
"InstanceIPAddress": {
"Value": {
"Ref": "IPAddress"
},
"Description": "public IP address of the new WebServer"
},
"InstanceName": {
"Value": {
"Fn::GetAtt": [
"WebServer",
"PublicDnsName"
]
},
"Description": "public DNS name of the new WebServer"
}
}
}
succeed to created cloudformation.

AWS Cloudformation Random Build Fail

I'm using Cloudformation to automate instance creation. I'm using an auto scaling group to build a variable number dependent on what i need. However there is a reoccurring issue where at least 1 instance fails to run when i build 2+ instances from this script.
For Example: I state 7 instances for cloudformation to build, 6 will work perfectly but there is always 1 that will not work. There is no error, it just seems to ignore commands. In the userdata section of this script i launch dockers to run in the instance.
I get this error: rpc error code = 13 desc = transport is closing
Can someone take a look to see if doing something wrong or I'm missing a step?
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Test",
"Parameters": {
"InstanceType": {
"Type": "String",
"Default": "t2.large"
},
"NoOfInstances": {
"Type": "String",
"ConstraintDescription": ""
},
"RoleName": {
"Type": "String",
"Default": "**",
"ConstraintDescription": ""
},
"VPCParameter": {
"Type": "AWS::EC2::VPC::Id",
"Default": "**"
},
"SubnetsParameter": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Default": "**"
},
"KeyName": {
"Type": "AWS::EC2::KeyPair::KeyName",
"Default": "**",
"ConstraintDescription": ""
}
},
"Mappings": {
"AWSInstanceType2Arch": {
"t2.large": {
"Arch": "HVM64"
}
},
"AWSRegionArch2AMI": {
"**": {
"HVM64": "**"
}
}
},
"Resources": {
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"KeyName": {
"Ref": "KeyName"
},
"IamInstanceProfile": {
"Ref": "RoleName"
},
"SecurityGroups": [{
"Ref": "WebServerSecurityGroup"
}],
"ImageId": {
"Fn::FindInMap": ["AWSRegionArch2AMI",
{
"Ref": "AWS::Region"
}, {
"Fn::FindInMap": ["AWSInstanceType2Arch", {
"Ref": "InstanceType"
}, "Arch"]
}
]
},
"InstanceType": {
"Ref": "InstanceType"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": ["", [ ** ]]
}
}
}
},
"AutoScalingServerGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
},
"MinSize": "1",
"MaxSize": "30",
"Cooldown": "300",
"VPCZoneIdentifier": {
"Ref": "SubnetsParameter"
},
"DesiredCapacity": {
"Ref": "NoOfInstances"
},
"Tags": [ ** ]
}
},
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "**",
"VpcId": {
"Ref": "VPCParameter"
},
"SecurityGroupIngress": [{
"IpProtocol": "tcp",
"CidrIp": "**",
"FromPort": "**",
"ToPort": "**"
}, ]
}
},
"WebServerScaleUpPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "AutoScalingServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": "1"
}
},
"WebServerScaleDownPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "AutoScalingServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": "-1"
}
}
}
}
You could be hitting EC2 instance limits - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html
You could also look at the Activity History tab for the Auto Scaling Group. See if it has any useful information.