We Keep Coding

Cloudformation - Route table has a conflicting association with the gateway - amazon-web-services

I'm trying to deploy EC2 instance using cloudformation, It's giving the following error when i try to execute the stack.
Route table has a conflicting association with the gateway igw-0d7bbb47c8b4e8875 (Service: AmazonEC2; Status Code: 400; Error Code: RouteConflict; Request ID: 0ca161d0-b58d-4f95-a2f1-01038ccc4cae; Proxy: null)
Parameters:
InstanceType:
Type: "String"
Default: t2.micro
Image:
Type: "String"
Default: ami-0aab712d6363da7f9
Resources:
WebServer:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: ap-southeast-2a
KeyName: poweruser-keypair
InstanceType: !Ref InstanceType
ImageId: !Ref Image
SubnetId: !Ref SubNet
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: "10.0.0.0/16"
InstanceTenancy: default
SubNet:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-southeast-2a
MapPublicIpOnLaunch: true
CidrBlock: "10.0.0.0/24"
VpcId: !Ref VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
IgwAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
RoutingToInternet:
Type: AWS::EC2::Route
DependsOn: IgwAttachment
Properties:
RouteTableId: !Ref RouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
SubnetRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubNet
SubnetNetworkAclAssociation:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
SubnetId:
Ref: SubNet
NetworkAclId:
Ref: NetworkACL
NetworkACL:
Type: AWS::EC2::NetworkAcl
Properties:
VpcId: !Ref VPC
NACLEntry:
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: "10.0.0.0/16"
Egress: true
NetworkAclId: !Ref NetworkACL
Protocol: -1
RuleAction: "allow"
RuleNumber: 100

There is nothing wrong with your cloudformation template. This means that the code that you used in the question is not fully representative of your actual template that you use.

Related

AWSTemplateFormatVersion: 2010-09-09
Description: VPC, Subnets and EC2
Resources:
MyVpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 192.168.0.0/16
EnableDnsHostnames: true
Tags:
-
Key: Stack
Value: Test
MyVpcRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVpc
MyInternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
-
Key: Stack
Name: Test
AddInternetGatewayToVpc:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref MyInternetGateway
VpcId: !Ref MyVpc
AddInternetGatewayRouteToRouteTable
Type: AWS::EC2::Route
Properties:
GatewayId: !Ref MyInternetGateway
DestinationCidrBlock: 0.0.0.0/0
RouteTableId: !Ref MyVpcRouteTable
PublicSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVpc
CidrBlock: 192.168.1.0/24
MapPublicIpOnLaunch: true
AvailabilityZoneId: euw1-az2
PrivateSubnet:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVpc
CidrBlock: 192.168.2.0/24
MapPublicIpOnLaunch: false
AvailabilityZoneId: euw1-az2
WebserverInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0ea0f26a6d50850c5
InstanceType: t2.micro
SubnetId: !Ref PublicSubnet
KeyName: !Ref MyInstanceKeyPair
MyInstanceKeyPair:
Type: AWS::EC2::KeyPair
Properties:
KeyName: MyKeyPair

You are missing : after AddInternetGatewayRouteToRouteTable. So it should be:
AddInternetGatewayRouteToRouteTable:

Issue Summary
I would like to set up Redash Instance in private subnet, but it didn’t work well. The instance status check is “1/2 failed”.
The question is whether there is some necessary setting in addition to the setting introduced in the website(https://redash.io/help/open-source/setup).
For your information, if I place the redash instance on the public subnet, it works well.
Technical details:
AMI: ami-060741a96307668be
EC2 size: t2.small
the private subnet has NAT Gateway
CloudFormation template is below.（I removed parameters because those were kind of secret information. The parameters are correct because I checked those parameters with public subnet. So please check the other part, Thank you.）
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PrivateSubnetACidrBlock
VpcId: !Ref VpcId
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PublicSubnetACidrBlock
VpcId: !Ref VpcId
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Sub ${InternetGatewayId}
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: !Ref VpcId
From marcin's comment, I try the template below, but it did not work well, ec2 status check shows '1/2 failed'
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 172.18.0.0/24
VpcId: <VPCID>
Tags:
- Key: Name
Value: Private
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: <VPCID>
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 172.18.2.0/24
VpcId: <VPCID>
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: <VPCID>
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: <INTERNETGATEWAYID>
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
#SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: <VPCID>

I modified the template so that it works. I can only test in us-east-1 in my sandbox account, so I made changes for that region. You need to modify it further as your template is incomplete and I had to fill out a lot of blanks.
The template works and provisions the instance (from curl):
<div class="fixed-width-page">
<div class="bg-white tiled">
<h4 class="m-t-0">Welcome to Redash!</h4>
<div>Before you can use your instance, you need to do a quick setup.</div>
Full working template:
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
VpcId:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a #ap-northeast-1a
CidrBlock: "10.0.1.0/24"
VpcId: !Ref VpcId
Tags:
- Key: Name
Value: Private
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
DependsOn: IGWAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a #ap-northeast-1a
CidrBlock: 10.0.0.0/24
VpcId: !Ref VpcId
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
InternetGatewayId:
Type: AWS::EC2::InternetGateway
Properties: {}
IGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGatewayId
VpcId: !Ref VpcId
#VpnGatewayId: String
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGatewayId
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-0d915a031cabac0e0 #ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
#SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: !Ref VpcId

I am trying to create the nested stack but having trouble as I am new to this and still in learning process. I have created the vpc with 2 private and 2 public subnets. Then attached the internet-facing elb to 2 public subnets. I think I am not referencing it right. Vpc is created but while creating elb there is an error Output 'VpcID' not found in stack I think there might be a problem in the syntax as I am changing my previous file to nested stack. I might not be referencing right in the Internet facing elb stack.
Root stack:
---
AWSTemplateFormatVersion: 2010-09-09
Parameters:
bucketname:
Type: String
Description: Path to the bucket
Default: wahaj-webserver
bucketpath:
Type: String
Description: Path to the bucket
Default: /nested-stack
Resources:
Vpcstack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub "https://${bucketname}.s3.us-east-2.amazonaws.com${bucketpath}/vpc1.yml"
elb:
DependsOn: Vpcstack
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Sub "https://${bucketname}.s3.us-east-2.amazonaws.com${bucketpath}/internetfacing-elb.yml"
Parameters:
SubnetA: !GetAtt Vpcstack.Outputs.SubnetA
SubnetB: !GetAtt Vpcstack.Outputs.SubnetB
VpcID: !GetAtt Vpcstack.Outputs.VpcID
Vpc stack:
---
AWSTemplateFormatVersion: 2010-09-09
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 11.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
SubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-2a
VpcId: !Ref VPC
CidrBlock: 11.0.0.0/24
MapPublicIpOnLaunch: true
SubnetB:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-2b
VpcId: !Ref VPC
CidrBlock: 11.0.1.0/24
MapPublicIpOnLaunch: true
SubnetC:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-2a
VpcId: !Ref VPC
CidrBlock: 11.0.2.0/24
MapPublicIpOnLaunch: false
SubnetD:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-2b
VpcId: !Ref VPC
CidrBlock: 11.0.3.0/24
MapPublicIpOnLaunch: false
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
RouteTable2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
InternetRoute:
Type: AWS::EC2::Route
DependsOn: VPCGatewayAttachment
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteTableId: !Ref RouteTable
SubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetA
SubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetB
SubnetCRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable2
SubnetId: !Ref SubnetC
SubnetDRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable2
SubnetId: !Ref SubnetD
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "Internet Group"
GroupDescription: "SSH traffic in, all traffic out."
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "22"
ToPort: "22"
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
NAT:
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- EIP
- AllocationId
SubnetId:
Ref: SubnetA
Tags:
- Key: Name
Value: wahaj-nat
EIP:
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::EIP
Properties:
Domain: VPC
Route:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: RouteTable2
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: NAT
Outputs:
VpcID:
Description: VPC id
Value: !Ref VPC
Export:
Name: "VpcID"
SubnetA:
Description: public subnet
Value: !Ref SubnetA
Export:
Name: "SubnetA"
SubnetB:
Description: public subnet 2
Value: !Ref SubnetB
Export:
Name: "SubnetB"
SubnetC:
Description: priavte subnet
Value: !Ref SubnetC
Export:
Name: "SubnetC"
SubnetD:
Description: private subnet 2
Value: !Ref SubnetD
Export:
Name: "SubnetD"
Internet facing elb:
---
AWSTemplateFormatVersion: 2010-09-09
Resources:
wahajelb:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: wahaj-elb
VpcId:
Fn::ImportValue: "VpcID"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
Description: For traffic from Internet
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Description: For traffic from Internet
GroupDescription: Security Group for demo server
MyLoadBalancer:
Type: AWS::ElasticLoadBalancing::LoadBalancer
Properties:
Listeners:
- LoadBalancerPort: "80"
InstancePort: "80"
Protocol: HTTP
SecurityGroups:
- !Ref wahajelb
LoadBalancerName: wahajelb
Subnets:
- Fn::ImportValue: "SubnetA"
- Fn::ImportValue: "SubnetB"
HealthCheck:
Target: HTTP:80/SamplePage.php
HealthyThreshold: "3"
UnhealthyThreshold: "5"
Interval: "30"
Timeout: "5"
Outputs:
ec2:
Description: ec2
Value: !Ref MyLoadBalancer
Export:
Name: "MyLoadBalancer"
lgsg:
Description: lg-sg
Value: !GetAtt wahajelb.GroupId
Export:
Name: "lgsg"

Your Vpc stack has an out out of vpcID not VpcID.
This must be an exact string match for it to be successfully referenced in your Root stack
Update your Vpc stack to the below
---
AWSTemplateFormatVersion: 2010-09-09
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 11.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
InstanceTenancy: default
InternetGateway:
Type: AWS::EC2::InternetGateway
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
SubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-2a
VpcId: !Ref VPC
CidrBlock: 11.0.0.0/24
MapPublicIpOnLaunch: true
SubnetB:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-2b
VpcId: !Ref VPC
CidrBlock: 11.0.1.0/24
MapPublicIpOnLaunch: true
SubnetC:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-2a
VpcId: !Ref VPC
CidrBlock: 11.0.2.0/24
MapPublicIpOnLaunch: false
SubnetD:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-2b
VpcId: !Ref VPC
CidrBlock: 11.0.3.0/24
MapPublicIpOnLaunch: false
RouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
RouteTable2:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
InternetRoute:
Type: AWS::EC2::Route
DependsOn: VPCGatewayAttachment
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
RouteTableId: !Ref RouteTable
SubnetARouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetA
SubnetBRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable
SubnetId: !Ref SubnetB
SubnetCRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable2
SubnetId: !Ref SubnetC
SubnetDRouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTable2
SubnetId: !Ref SubnetD
SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: "Internet Group"
GroupDescription: "SSH traffic in, all traffic out."
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "22"
ToPort: "22"
CidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
NAT:
Type: AWS::EC2::NatGateway
Properties:
AllocationId:
Fn::GetAtt:
- EIP
- AllocationId
SubnetId:
Ref: SubnetA
Tags:
- Key: Name
Value: wahaj-nat
EIP:
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::EIP
Properties:
Domain: VPC
Route:
Type: AWS::EC2::Route
Properties:
RouteTableId:
Ref: RouteTable2
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId:
Ref: NAT
Outputs:
VpcID:
Description: VPC id
Value: !Ref VPC
Export:
Name:
Fn::Sub: "${AWS::StackName}-VpcID"
SubnetA:
Description: public subnet
Value: !Ref SubnetA
Export:
Name:
Fn::Sub: "${AWS::StackName}-SubnetA"
SubnetB:
Description: public subnet 2
Value: !Ref SubnetB
Export:
Name:
Fn::Sub: "${AWS::StackName}-SubnetB"
SubnetC:
Description: priavte subnet
Value: !Ref SubnetC
Export:
Name:
Fn::Sub: "${AWS::StackName}-SubnetC"
SubnetD:
Description: private subnet 2
Value: !Ref SubnetD
Export:
Name:
Fn::Sub: "${AWS::StackName}-SubnetD"

I am trying to create Network resources using CloudFormation template but when I import the template i get following error:
The following resource types are not supported for resource import: AWS::EC2::SubnetRouteTableAssociation,AWS::EC2::VPCGatewayAttachment,AWS::EC2::Route,AWS::EC2::Route
Any idea what be the reason for the same. Below the code from my CF template:
AWSTemplateFormatVersion: 2010-09-09
Resources:
TestDevVPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 172.32.0.0/16
Tags:
- Key: Description
Value: Created for Test development
PublicSubnet:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 172.32.1.0/24
MapPublicIpOnLaunch: true
VpcId: !Ref TestDevVPC
Tags:
- Key: Description
Value: Public subnet for Test build
TestDevPublicRouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref TestDevVPC
Tags:
- Key: Description
Value: public route table
TestDevInternetGateway:
Type: 'AWS::EC2::InternetGateway'
Properties:
Tags:
- Key: Description
Value: Internet Gateway for Test Dev
TestDevIGVPCAttach:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
InternetGatewayId: !Ref TestDevInternetGateway
VpcId: !Ref TestDevVPC
TestDevSubnetRouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: TestDevPublicRouteTable
SubnetId: PublicSubnet
Route1:
Type: 'AWS::EC2::Route'
Properties:
DestinationCidrBlock: 172.32.0.0/16
RouteTableId: !Ref TestDevPublicRouteTable
Route2:
Type: 'AWS::EC2::Route'
Properties:
DestinationCidrBlock: 0.0.0.0/0
RouteTableId: !Ref TestDevPublicRouteTable
GatewayId: !Ref TestDevInternetGateway

There are few mistakes in your template.
Most importantly you don't need Route1 with local rule of 172.32.0.0/16. This is always created by default.
Also TestDevSubnetRouteTableAssociation is missing !Ref in its parameters.
I modified your template so that it deploys now. I haven't checked its functionality, only whether it deploys.
You can use it as basis for future modification. :
AWSTemplateFormatVersion: 2010-09-09
Resources:
TestDevVPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 172.32.0.0/16
Tags:
- Key: Description
Value: Created for Test development
PublicSubnet:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 172.32.1.0/24
MapPublicIpOnLaunch: true
VpcId: !Ref TestDevVPC
Tags:
- Key: Description
Value: Public subnet for Test build
TestDevPublicRouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref TestDevVPC
Tags:
- Key: Description
Value: public route table
TestDevInternetGateway:
Type: 'AWS::EC2::InternetGateway'
Properties:
Tags:
- Key: Description
Value: Internet Gateway for Test Dev
TestDevIGVPCAttach:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
InternetGatewayId: !Ref TestDevInternetGateway
VpcId: !Ref TestDevVPC
Route2:
Type: 'AWS::EC2::Route'
Properties:
DestinationCidrBlock: 0.0.0.0/0
RouteTableId: !Ref TestDevPublicRouteTable
GatewayId: !Ref TestDevInternetGateway
TestDevSubnetRouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref TestDevPublicRouteTable
SubnetId: !Ref PublicSubnet

AWSTemplateFormatVersion: 2010-09-09
Parameters:
MyKeyName:
Description: Select the key name from the list
Type: AWS::EC2::KeyPair::KeyName
Instancetypes:
Type: String
AllowedValues:
- t2.micro
- t2.nano
Resources:
myEC2Instance:
Type: AWS::EC2::Instance
Properties:
KeyName: !Ref MyKeyName
ImageId: ami-0323c3dd2da7fb37d
InstanceType: !Ref Instancetypes
SecurityGroupIds:
- default
- !Ref SSHSecurityGroup
SubnetId: !Ref subnet1
Tags:
- Key: Name
Value: EC2
SSHSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: my new SSH security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
VpcId: !Ref LocalVPC
LocalVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
subnet1:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a
VpcId: !Ref LocalVPC
CidrBlock: 10.0.1.0/24
subnet2:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1b
VpcId: !Ref LocalVPC
CidrBlock: 10.0.2.0/24
subnet3:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1c
VpcId: !Ref LocalVPC
CidrBlock: 10.0.3.0/24
routeTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: LocalVPC
routeName:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref routeTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref igwName
routeTableAssocName:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref subnet1
RouteTableId: !Ref routeTable
igwName:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: keyname
Value: valuea
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref LocalVPC
InternetGatewayId: !Ref igwName
enter image description here

SecurityGroupIds takes a Group ID, rather then a Group Name:
SecurityGroupIds:
- !GetAtt SSHSecurityGroup.GroupId