AWS CloudFormation error: "Route did not stabilize in expected time" - amazon-web-services

I am trying to deploy a CloudFormation template from an AWS workshop - https://emr-developer-experience.workshop.aws/how-to-start/self-paced/cloudformation.html.
The CF template is located at https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=EMR-Dev-Exp-Workshop&templateURL=https://aws-data-analytics-workshops.s3.amazonaws.com/emr-dev-exp-workshop/cfn/emr-dev-exp.template
This CF template creates a new VPC with all the required networking components as well as various services such as EMR, EMR Studio, Service Catalog, etc.
I am from a data background and I am having a hard time debugging this CF template.
Basically, it fails when creating the logical ID "VPCGatewayAttachment" with the error message "Route did not stabilize in expected time". A KB article from AWS (https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-route-did-not-stabilize/) has some information, but I don't think I really understand the outlined solution.
Appreciate any help.
thanks.

I found this article for you on AWS' Knowledge Center https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-route-did-not-stabilize/ As the article mentions I would also have a look at the AWS CloudTrail Event History and investigate any potential errors and root causes. When browsing the Event History, I personally like enabling the error codes (you can do that if you press the gear icon) which allow me to quickly detect events that have failed.

Related

I can't find and disable AWS resources

My free AWS tier is going to expire in 8 days. I removed every EC2 resource and elastic IP associated with it. Because that is what I recall initializing and experimenting with. I deleted all the roles I created because as I understand it, roles permit AWS to perform actions for AWS services. And yet, when I go to the billing page it shows I have these three services that are in current usage.
[1]: https://i.stack.imgur.com/RvKZc.png
I used the script as recommended by AWS documentation to check for all instances and it shows "no resources found".
Link for script: https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-listec2resources.html
I tried searching for each service using the dashboard and didn't get anywhere. I found an S3 bucket, I don't remember creating it but I deleted it anyway, and still, I get the same output.
Any help is much appreciated.
ok, I was able to get in touch with AWS support via Live chat, and they informed me that those services in my billing were usages generated before the services were terminated. AWS support was much faster than I expected.

CloudWatch alert when a new deploy is made AWS

There are some issues in a company I'm working for. Basically the dev team is pushing new deploys to the API Gateway before consulting with the security guy.
This leads to the security person noticing a new endpoint on the application was released when security issues start to arise.
I was wondering if there's any simple way of creating an alert that pops up on AWS CloudWatch when a new deploy is created. If I recall corectly, these are called "alarms".
I have looked a bit into alarms but they seem to be based on metrics and I was not able to find a metric that shows a new endpoint being created on deploy.
This is certainly not the best approach to the problem, but It should work for now until the deploy process is changed.
I was thinking you could come up with a script that runs aws cloudformation list-stacks and check whether the output has more number of stacks than last time. But this method will only work for new stacks, not for stack modifications.

Logs are not send to logentries from aws ecs

We are using log-entries as driver on AWS ECS service for sending logs to our logentries account. We have configured AWS ECS service with required parameters like logentries-token but it's observed that after certain amount of time certain containers are not able to send logs to logentries.
Appreciate your help in advance, I am unable to find proper documentation for this on both logenries as well as AWS.
Thanks,
We had the same issue, so I started digging deeper than usual.
Actual driver implementation is quite simple.
The dragon is a dependency that does the socket, tls handling
There is a open issue and a PR to solve a very similar issue.
The PR is stale and I don't see chance for it to land, so I move away from logentries and recommend doing the same. Probably cloudwatch will be better.

How to setup email notifications for AWS operational issues

Yesterday our infrastructure started throwing lots of connection errors. We started debugging and the more we looked, the more perplexing the issue appeared to be; until someone noticed the bell icon (Alerts) on the AWS page had an orange dot on it.
Behold! there were lots of AWS operational issues in our availability region that AWS were fixing.
To avoid this situation in the future I wanted to subscribe to these 'Alert' so we get an email notification.
Does anyone know how to set up an email alert for AWS operational issues in the specified region?
Much to my astonishment, there was no obvious way to set this up.
Easiest way is to subscribe RSS feed on AWS Service Health Dashboard.
If you want customized stuffs, you can checkout AWS Personal Health Dashbaord. It shows your AWS services and whether they are experiencing issues.
This AWS documentation provides a really comprehensive guide on how to setup alerts. Checkout this aws-health-tools github repository for fully functional examples.

How common is it to use AWS Cloud Formation for repeated provisioning of AWS environments?

I'm a noobie to CloudFormation. But reading the documentation for CloudFormation, Amazon seems to think it is the method we should use to consistently, repeatedly deploy a given topology of AWS service instances. However AWS has been around for over a decade, and the AWS push for CF seems to be only within the last 5 years.
I stumbled across a great post, AWS OpsWorks vs AWS Beanstalk vs AWS CloudFormation?, which explores the strengths of different AWS deployment offerings. And given the needs of my organization for flexible and repeatable IaaS/PaaS deployments, CF seems to fit the bill.
What I want to know is: How prevalent is the use of CF, vs other "template" deployment technologies? What is YOUR team using for deploying repeated configurations of AWS services?
How usable/learnable is it? If I adopt CF, how likely is it that existing developers on AWS will already be familiar with it, and be able to use it straight off the bat? CF seems to support many or most AWS services already, but are people actually using it to repeatedly stamp out identically-configured topologies of services?
Or do most teams favor a simpler, less endlessly-configurable option? And if so, why?
What pitfalls do I need to watch out for when using CloudFormation Templates? What doesn't CF handle, which it really should?
I'll try to answer most of your questions based on my personal experience:
What I want to know is: How prevalent is the use of CF, vs other "template" deployment technologies?
I can't assert to specific usage distribution, but I know people who use Terraform. Although Terraform supports CF, my team decided not to use it simply because CF already satisfies our needs.
What is YOUR team using for deploying repeated configurations of AWS
services?
My team uses CloudFormation (without Terraform) to deploy our whole infrastructure to AWS
How usable/learnable is it?
Pretty easy. Start with a small template (ideally YAML), then build up from there. The aws cloudformation deploy will speed up your feedback loop.
If I adopt CF, how likely is it that existing developers on AWS will already be familiar with it, and be able to use it straight off the bat?
I think developers who are familiar to AWS can easily pick up CF. If you can find your way around AWS documentation, CF is just another service to learn. I can't assert to the likeliness that existing AWS devs are familiar with CF.
CF seems to support many or most AWS services already, but are people actually using it to repeatedly stamp out identically-configured topologies of services?
My team uses it to provision testing and production environments that have the same topology. Some parts of our infrastructure is duplicated for redundancy using shared CF templates.
What pitfalls do I need to watch out for when using CloudFormation Templates?
You have to watch out for some CF limits, namely the template body's maximum size, which is capped at 46KB. We have hit this limit a few times, especially when provisioning EC2 instances with larger user data scripts. That being said, you should not hit that limit early on, and there are many workarounds
What doesn't CF handle, which it really should?
From the top of my head: Elastic Transcoder, EC2 AMIs, API Gateway VPC Links. My team has circumvented these limitations using Lambda-backed custom resources, which allow you to extend CF to your needs.
Overall, my team is very satisfied with CloudFormation. It definitely helps us maintain our AWS accounts in order.
Hope this helps!