I have this AWS exercise scenario, where your customer has not used AWS before, and is encountering issues when trying to launch a web application as a proof of concept.
So far your customer has launched an AWS Elastic Load Balancer (ELB) and an Amazon Elastic Compute Cloud (EC2) instance acting as the web server. Both are deployed in a Virtual Private Cloud (VPC) on AWS. While your customer's initial deployment aims to present a static web page to its users (demo.html located in the document root of the web server
Below is the cloud formation script:
AWSTemplateFormatVersion: '2010-09-09'
Description: |
AWS CloudFormation SA Assignment - WARNING: You will be billed for the
AWS resources used if you create a stack from this template and consume all your
promotional credit.
We recommend you create a billing alert. Once you submit your
answers delete the CloudFormation stack and terminate any other resources launched
in relation to this exercise.
Feel free to do that as soon as you have submitted
your document and before your interview.
Parameters:
CandidateName:
Description: 'Please input your first and last name:'
Type: String
MaxLength: '50'
MinLength: '3'
ConstraintDescription: Please input your full name.
Resources:
SAVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
InstanceTenancy: default
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [SAVPC, !Ref 'CandidateName']]
PublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.0.0/24
AvailabilityZone: eu-west-1a
MapPublicIpOnLaunch: 'True'
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PublicSubnetA, !Ref 'CandidateName']]
PublicSubnetB:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.1.0/24
AvailabilityZone: eu-west-1b
MapPublicIpOnLaunch: 'True'
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PublicSubnetB, !Ref 'CandidateName']]
PrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.2.0/24
AvailabilityZone: eu-west-1a
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PrivateSubnetA, !Ref 'CandidateName']]
PrivateSubnetB:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.3.0/24
AvailabilityZone: eu-west-1b
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PrivateSubnetB, !Ref 'CandidateName']]
SAIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [IGW, !Ref 'CandidateName']]
SANetworkACL:
Type: AWS::EC2::NetworkAcl
Properties:
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [NACL, !Ref 'CandidateName']]
SARoutePublic:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PublicRoute, !Ref 'CandidateName']]
SARoutePrivate:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PrivateRoute, !Ref 'CandidateName']]
SAInstance1:
Type: AWS::EC2::Instance
Properties:
DisableApiTermination: 'false'
InstanceInitiatedShutdownBehavior: stop
ImageId: ami-047bb4163c506cd98
InstanceType: t2.micro
Monitoring: 'false'
UserData: IyEvYmluL2Jhc2gNCnl1bSB1cGRhdGUgLXkNCnl1bSBpbnN0YWxsIC15IGh0dHBkMjQNCnNlcnZpY2UgaHR0cGQgc3RhcnQNCmNoa2NvbmZpZyBodHRwZCBvbg0KZ3JvdXBhZGQgd3d3DQp1c2VybW9kIC1hIC1HIHd3dyBlYzItdXNlcg0KY2hvd24gLVIgcm9vdDp3d3cgL3Zhci93d3cNCmNobW9kIDI3NzUgL3Zhci93d3cNCmZpbmQgL3Zhci93d3cgLXR5cGUgZCAtZXhlYyBjaG1vZCAyNzc1IHt9ICsNCmZpbmQgL3Zhci93d3cgLXR5cGUgZiAtZXhlYyBjaG1vZCAwNjY0IHt9ICsNCmVjaG8gJzxodG1sPjxoZWFkPjx0aXRsZT5TdWNjZXNzITwvdGl0bGU+PC9oZWFkPjxib2R5PjxpZnJhbWUgd2lkdGg9IjU2MCIgaGVpZ2h0PSIzMTUiIHNyYz0iaHR0cHM6Ly93d3cueW91dHViZS5jb20vZW1iZWQvSnMyMXhLTUZkd3ciIGZyYW1lYm9yZGVyPSIwIiBhbGxvd2Z1bGxzY3JlZW4+PC9pZnJhbWU+PC9ib2R5PjwvaHRtbD4nID4gL3Zhci93d3cvaHRtbC9kZW1vLmh0bWw=
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [Instance1, !Ref 'CandidateName']]
NetworkInterfaces:
- AssociatePublicIpAddress: 'true'
DeleteOnTermination: 'true'
Description: Primary network interface
DeviceIndex: 0
SubnetId: !Ref 'PublicSubnetA'
GroupSet: [!Ref 'SASGapp']
SAelb:
Type: AWS::ElasticLoadBalancing::LoadBalancer
Properties:
Subnets: [!Ref 'PublicSubnetB']
Instances: [!Ref 'SAInstance1']
SecurityGroups: [!Ref 'SASGELB']
Listeners:
- LoadBalancerPort: '80'
InstancePort: '80'
Protocol: HTTP
HealthCheck:
HealthyThreshold: '2'
Interval: '15'
Target: TCP:443
Timeout: '5'
UnhealthyThreshold: '2'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [ELB, !Ref 'CandidateName']]
SASGELB:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SA Assignment - ELB security group
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: ELBSecurityGroup
SASGapp:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SA Assignment - App server security group
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: AppServerSecurityGroup
SANACLEntry1:
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'true'
Protocol: '-1'
RuleAction: allow
RuleNumber: '100'
NetworkAclId: !Ref 'SANetworkACL'
SANACLEntry2:
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Protocol: '-1'
RuleAction: allow
RuleNumber: '100'
NetworkAclId: !Ref 'SANetworkACL'
subnetacl1:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
NetworkAclId: !Ref 'SANetworkACL'
SubnetId: !Ref 'PublicSubnetA'
subnetacl2:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
NetworkAclId: !Ref 'SANetworkACL'
SubnetId: !Ref 'PublicSubnetB'
subnetacl3:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
NetworkAclId: !Ref 'SANetworkACL'
SubnetId: !Ref 'PrivateSubnetA'
subnetacl4:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
NetworkAclId: !Ref 'SANetworkACL'
SubnetId: !Ref 'PrivateSubnetB'
SAIGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref 'SAVPC'
InternetGatewayId: !Ref 'SAIGW'
subnetRoutePublicA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref 'SARoutePublic'
SubnetId: !Ref 'PublicSubnetA'
subnetRoutePublicB:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref 'SARoutePublic'
SubnetId: !Ref 'PublicSubnetB'
subnetRoutePrivateA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref 'SARoutePrivate'
SubnetId: !Ref 'PrivateSubnetA'
subnetRoutePrivateB:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref 'SARoutePrivate'
SubnetId: !Ref 'PrivateSubnetB'
publicroute:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
RouteTableId: !Ref 'SARoutePublic'
GatewayId: !Ref 'SAIGW'
DependsOn: SAIGW
Outputs:
LoadBalancerDNSName:
Description: The DNSName of the load balancer
Value: !GetAtt SAelb.DNSName
what is the problem with this, is ELB configuration all correct?.
I have run your template with CloudFormation Linter and got the following warnings:
E3012 Property Resources/SAVPC/Properties/EnableDnsSupport should be of type Boolean
logesh.template:33:9
E3012 Property Resources/SAVPC/Properties/EnableDnsHostnames should be of type Boolean
logesh.template:34:9
W3010 Don't hardcode eu-west-1a for AvailabilityZones
logesh.template:45:9
E3012 Property Resources/PublicSubnetA/Properties/MapPublicIpOnLaunch should be of type Boolean
logesh.template:46:9
W3010 Don't hardcode eu-west-1b for AvailabilityZones
logesh.template:58:9
E3012 Property Resources/PublicSubnetB/Properties/MapPublicIpOnLaunch should be of type Boolean
logesh.template:59:9
W3010 Don't hardcode eu-west-1a for AvailabilityZones
logesh.template:71:9
W3010 Don't hardcode eu-west-1b for AvailabilityZones
logesh.template:83:9
E3012 Property Resources/SAInstance1/Properties/DisableApiTermination should be of type Boolean
logesh.template:133:9
E3012 Property Resources/SAInstance1/Properties/Monitoring should be of type Boolean
logesh.template:137:9
E3012 Property Resources/SAInstance1/Properties/NetworkInterfaces/0/AssociatePublicIpAddress should be of type Boolean
logesh.template:145:11
E3012 Property Resources/SAInstance1/Properties/NetworkInterfaces/0/DeleteOnTermination should be of type Boolean
logesh.template:146:11
E3012 Property Resources/SAInstance1/Properties/NetworkInterfaces/0/DeviceIndex should be of type String
logesh.template:148:11
E3012 Property Resources/SANACLEntry1/Properties/Egress should be of type Boolean
logesh.template:200:9
E3012 Property Resources/SANACLEntry1/Properties/Protocol should be of type Integer
logesh.template:201:9
E3012 Property Resources/SANACLEntry1/Properties/RuleNumber should be of type Integer
logesh.template:203:9
E3012 Property Resources/SANACLEntry2/Properties/Protocol should be of type Integer
logesh.template:210:9
E3012 Property Resources/SANACLEntry2/Properties/RuleNumber should be of type Integer
logesh.template:212:9
W3005 Obsolete DependsOn on resource (SAIGW), dependency already enforced by a "Ref" at Resources/publicroute/Properties/GatewayId/Ref
logesh.template:275:7
You might want to correct these problems before proceeding.
ELB is not configured to receive public internet traffic.
ELB is not configured for the right availability zone where the EC2 instance is running
ELB health check is not configured to access HTTP 80 to EC2
EC2 is not configured to receive traffic from the ELB
Related
Good afternoon,
I am having some issues with a CloudFormation given to me for an assignment on AWS.
The CloudFormation script creates a stack on AWS, but it does not let me display the website.
I have checked all the initial settings:
Set HTTP allowance for Inbound/Outbound in both LoadBalancer & APP Security Groups
Autoassign IP settings on both Public Subnets
I am a total newbie on AWS so I need some help with this misconfiguration.
I am attaching the yaml file here:
Description: |
AWS CloudFormation Assignment: Find the misconfiguration on the script and make
the website run (DNS Hostname)
Parameters:
CandidateName:
Description: 'Please input your first and last name:'
Type: String
MaxLength: '50'
MinLength: '3'
ConstraintDescription: Please input your full name.
Resources:
SAVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
InstanceTenancy: default
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [SAVPC, !Ref 'CandidateName']]
PublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.0.0/24
AvailabilityZone: eu-west-1a
MapPublicIpOnLaunch: 'True'
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PublicSubnetA, !Ref 'CandidateName']]
PublicSubnetB:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.1.0/24
AvailabilityZone: eu-west-1b
MapPublicIpOnLaunch: 'True'
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PublicSubnetB, !Ref 'CandidateName']]
PrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.2.0/24
AvailabilityZone: eu-west-1a
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PrivateSubnetA, !Ref 'CandidateName']]
PrivateSubnetB:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.3.0/24
AvailabilityZone: eu-west-1b
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PrivateSubnetB, !Ref 'CandidateName']]
SAIGW:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [IGW, !Ref 'CandidateName']]
SANetworkACL:
Type: AWS::EC2::NetworkAcl
Properties:
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [NACL, !Ref 'CandidateName']]
SARoutePublic:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PublicRoute, !Ref 'CandidateName']]
SARoutePrivate:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [PrivateRoute, !Ref 'CandidateName']]
SAInstance1:
Type: AWS::EC2::Instance
Properties:
DisableApiTermination: 'false'
InstanceInitiatedShutdownBehavior: stop
ImageId: ami-047bb4163c506cd98
InstanceType: t2.micro
Monitoring: 'false'
UserData: IyEvYmluL2Jhc2gNCnl1bSB1cGRhdGUgLXkNCnl1bSBpbnN0YWxsIC15IGh0dHBkMjQNCnNlcnZpY2UgaHR0cGQgc3RhcnQNCmNoa2NvbmZpZyBodHRwZCBvbg0KZ3JvdXBhZGQgd3d3DQp1c2VybW9kIC1hIC1HIHd3dyBlYzItdXNlcg0KY2hvd24gLVIgcm9vdDp3d3cgL3Zhci93d3cNCmNobW9kIDI3NzUgL3Zhci93d3cNCmZpbmQgL3Zhci93d3cgLXR5cGUgZCAtZXhlYyBjaG1vZCAyNzc1IHt9ICsNCmZpbmQgL3Zhci93d3cgLXR5cGUgZiAtZXhlYyBjaG1vZCAwNjY0IHt9ICsNCmVjaG8gJzxodG1sPjxoZWFkPjx0aXRsZT5TdWNjZXNzITwvdGl0bGU+PC9oZWFkPjxib2R5PjxpZnJhbWUgd2lkdGg9IjU2MCIgaGVpZ2h0PSIzMTUiIHNyYz0iaHR0cHM6Ly93d3cueW91dHViZS5jb20vZW1iZWQvSnMyMXhLTUZkd3ciIGZyYW1lYm9yZGVyPSIwIiBhbGxvd2Z1bGxzY3JlZW4+PC9pZnJhbWU+PC9ib2R5PjwvaHRtbD4nID4gL3Zhci93d3cvaHRtbC9kZW1vLmh0bWw=
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [Instance1, !Ref 'CandidateName']]
NetworkInterfaces:
- AssociatePublicIpAddress: 'true'
DeleteOnTermination: 'true'
Description: Primary network interface
DeviceIndex: 0
SubnetId: !Ref 'PublicSubnetA'
GroupSet: [!Ref 'SASGapp']
SAelb:
Type: AWS::ElasticLoadBalancing::LoadBalancer
Properties:
Subnets: [!Ref 'PublicSubnetB']
Instances: [!Ref 'SAInstance1']
SecurityGroups: [!Ref 'SASGELB']
Listeners:
- LoadBalancerPort: '80'
InstancePort: '80'
Protocol: HTTP
HealthCheck:
HealthyThreshold: '2'
Interval: '15'
Target: TCP:443
Timeout: '5'
UnhealthyThreshold: '2'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: !Join ['-', [ELB, !Ref 'CandidateName']]
SASGELB:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SA Assignment - ELB security group
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: ELBSecurityGroup
SASGapp:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SA Assignment - App server security group
VpcId: !Ref 'SAVPC'
Tags:
- Key: environment
Value: sa-assignment
- Key: Name
Value: AppServerSecurityGroup
SANACLEntry1:
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Egress: 'true'
Protocol: '-1'
RuleAction: allow
RuleNumber: '100'
NetworkAclId: !Ref 'SANetworkACL'
SANACLEntry2:
Type: AWS::EC2::NetworkAclEntry
Properties:
CidrBlock: 0.0.0.0/0
Protocol: '-1'
RuleAction: allow
RuleNumber: '100'
NetworkAclId: !Ref 'SANetworkACL'
subnetacl1:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
NetworkAclId: !Ref 'SANetworkACL'
SubnetId: !Ref 'PublicSubnetA'
subnetacl2:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
NetworkAclId: !Ref 'SANetworkACL'
SubnetId: !Ref 'PublicSubnetB'
subnetacl3:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
NetworkAclId: !Ref 'SANetworkACL'
SubnetId: !Ref 'PrivateSubnetA'
subnetacl4:
Type: AWS::EC2::SubnetNetworkAclAssociation
Properties:
NetworkAclId: !Ref 'SANetworkACL'
SubnetId: !Ref 'PrivateSubnetB'
SAIGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref 'SAVPC'
InternetGatewayId: !Ref 'SAIGW'
subnetRoutePublicA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref 'SARoutePublic'
SubnetId: !Ref 'PublicSubnetA'
subnetRoutePublicB:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref 'SARoutePublic'
SubnetId: !Ref 'PublicSubnetB'
subnetRoutePrivateA:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref 'SARoutePrivate'
SubnetId: !Ref 'PrivateSubnetA'
subnetRoutePrivateB:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref 'SARoutePrivate'
SubnetId: !Ref 'PrivateSubnetB'
publicroute:
Type: AWS::EC2::Route
Properties:
DestinationCidrBlock: 0.0.0.0/0
RouteTableId: !Ref 'SARoutePublic'
GatewayId: !Ref 'SAIGW'
DependsOn: SAIGW
Outputs:
LoadBalancerDNSName:
Description: The DNSName of the load balancer
Value: !GetAtt SAelb.DNSName
Any input would be helpful.
Thank you for your help in advance!
You are using healthchecks Target: TCP:443, while I don't see in your UserData anything related to port 443 nor SSL. Seems to me you want to use port 80.
There still could be many other issues in your template, but the port is definitely wrong.
Also, there is a mismatch between subnets and AZs set for your instance and CLB.
I am using Cloudformation to deploy EC2 instances into different VPC's. Using cloudformation I created a role and role profile and attached it to EC2 instance [Role in question is AmazonEC2RoleforSSM ]. Yet I am unable to connect to EC2 using the sane.
Here is the Cloudformation code:
AWSTemplateFormatVersion: 2010-09-09
Description: Test and Dev Environment
Resources:
VPCdev:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: VPCdev
VPCtest:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: 192.168.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: VPCtest
SubnetDev:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: SubnetDev
VpcId: !Ref VPCdev
SubnetTest:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
CidrBlock: 192.168.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Subnettest
VpcId: !Ref VPCtest
IGWdev:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Name
Value: IGWdev
IGWtest:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Name
Value: IGWtest
IGWdevattachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref IGWdev
VpcId: !Ref VPCdev
IGWtestattachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref IGWtest
VpcId: !Ref VPCtest
RouteTabledev:
Type: "AWS::EC2::RouteTable"
Properties:
Tags:
- Key: Name
Value: RouteTabledev
VpcId: !Ref VPCdev
RouteTabletest:
Type: "AWS::EC2::RouteTable"
Properties:
Tags:
- Key: Name
Value: RouteTabletest
VpcId: !Ref VPCtest
defaultdev:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref IGWdev
RouteTableId: !Ref RouteTabledev
defaulttest:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref IGWtest
RouteTableId: !Ref RouteTabletest
Ec2InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles: [ !Ref Ec2InstanceRole ]
Ec2InstanceRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ ec2.amazonaws.com ]
Action:
- sts:AssumeRole
Path: /
sgdev:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: sgdev
GroupName: sgdev
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: sgdev
VpcId: !Ref VPCdev
sgtest:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: sgtest
GroupName: sgtest
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: sgtest
VpcId: !Ref VPCtest
instancedev:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-02d55cb47e83a99a0
InstanceType: "t2.micro"
IamInstanceProfile: !Ref Ec2InstanceProfile
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: 0
GroupSet:
- !Ref sgdev
SubnetId: !Ref SubnetDev
Tags:
- Key: Name
Value: dev
instancetest:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-02d55cb47e83a99a0
InstanceType: "t2.micro"
IamInstanceProfile: !Ref Ec2InstanceProfile
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: 0
GroupSet:
- !Ref sgtest
SubnetId: !Ref SubnetTest
Tags:
- Key: Name
Value: test
Also attached is the error screenshot.
P.S: I tried manually doing it and it worked. Don't seem to understand where I went wrong, the stack gets succesfully built and all resources get deployed as well.
I am using Ubuntu 18.04 LTS Image, it comes pre installed with Session Manager
It does not work because your subnets are private, they don't have any internet connectivity.
Although you've created public route tables, they are not associated with any subnet.
The following should help:
MyRouteTableAssoc1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTabledev
SubnetId: !Ref SubnetDev
MyRouteTableAssoc2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTabletest
SubnetId: !Ref SubnetTest
i try to ramp up some cloudformation knowledge and playing around with some yaml files. No i stuck for a few hours with Docker and Fargate. The Docker Container is starting on a Fargate Instance but it cant pull the "httpd:latest" image from Dockerhub. The error is:
CannotPullContainerError: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I think ive some erros on the VPC/SecurityGroup or InternetGateway but i cant find it. Hope somebody can help me...
AWSTemplateFormatVersion: '2010-09-09'
#
# PARAMETERS?
#
Parameters:
AppSlug:
Type: String
Default: "polaris_55"
#
#
# Mappings ?
#
#
Mappings:
Config:
Network:
CidrVpc: '10.0.0.0/16'
CidrSubnetAlpha: '10.0.10.0/24'
CidrSubnetBeta: '10.0.20.0/24'
CidrSubnetGamma: '10.0.30.0/24'
#
#
# Resources ?
#
#
Resources:
#
# Network
#
Vpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !FindInMap [ Config, Network, CidrVpc ]
EnableDnsHostnames: "false"
EnableDnsSupport: "false"
InstanceTenancy: "default"
Tags:
- Key: Name
Value: !Sub "${AppSlug}_vpc"
SubnetAlpha:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: Vpc
CidrBlock: !FindInMap [ Config, Network, CidrSubnetAlpha ]
AvailabilityZone: !Sub "${AWS::Region}a"
Tags:
- Key: Name
Value: !Sub "${AppSlug}_alpha"
SubnetBeta:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: Vpc
CidrBlock: !FindInMap [ Config, Network, CidrSubnetBeta ]
AvailabilityZone: !Sub "${AWS::Region}b"
Tags:
- Key: Name
Value: !Sub "${AppSlug}_beta"
SubnetGamma:
Type: AWS::EC2::Subnet
Properties:
VpcId:
Ref: Vpc
CidrBlock: !FindInMap [ Config, Network, CidrSubnetGamma ]
AvailabilityZone: !Sub "${AWS::Region}c"
Tags:
- Key: Name
Value: !Sub "${AppSlug}_gamma"
# GATEWAY FÜR VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
GatewayAttachement:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref 'Vpc'
InternetGatewayId: !Ref 'InternetGateway'
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref 'Vpc'
PublicRoute:
Type: AWS::EC2::Route
DependsOn: GatewayAttachement
Properties:
RouteTableId: !Ref 'PublicRouteTable'
DestinationCidrBlock: '0.0.0.0/0'
GatewayId: !Ref 'InternetGateway'
PublicSubnetAlpha:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetAlpha
RouteTableId: !Ref PublicRouteTable
PublicSubnetBeta:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetBeta
RouteTableId: !Ref PublicRouteTable
PublicSubnetGamma:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref SubnetGamma
RouteTableId: !Ref PublicRouteTable
#
# ECS
#
EcsCluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: !Sub "${AppSlug}_ecs"
Tags:
- Key: Name
Value: !Sub "${AppSlug}_ecs"
#
# Apache Container
#
TaskApache:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Name: !Sub "${AppSlug}_apache_container"
Image: "httpd:latest"
PortMappings:
- ContainerPort: 80
HostPort: 80
Protocol: "tcp"
Cpu: "256"
Memory: "512"
RequiresCompatibilities:
- "FARGATE"
NetworkMode: "awsvpc"
Tags:
- Key: Name
Value: !Sub "${AppSlug}_apache_task"
# ECS Service für Apache
ServiceApache:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref EcsCluster
#DeploymentController:
# Type: "CODE_DEPLOY"
DesiredCount: 1
LaunchType: "FARGATE"
#LoadBalancers:
# - LoadBalancer
NetworkConfiguration:
AwsvpcConfiguration:
AssignPublicIp: "ENABLED"
SecurityGroups:
- !Ref SecurityApache
Subnets:
- !Ref SubnetAlpha
- !Ref SubnetBeta
- !Ref SubnetGamma
# PropagateTags: "TASK_DEFINITION"
SchedulingStrategy: "REPLICA"
ServiceName: !Sub "${AppSlug}_apache_service"
TaskDefinition: !Ref TaskApache
Tags:
- Key: Name
Value: !Sub "${AppSlug}_apache_service"
# Security Group für den Apache
SecurityApache:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Sub "${AppSlug}_apache_security"
GroupName: !Sub "${AppSlug}_apache_security"
# Inbound Rules für Apache
SecurityGroupIngress:
- Description: !Sub "${AppSlug}_apache_security_ingress"
IpProtocol: tcp
CidrIp: 0.0.0.0/0
FromPort: 80
ToPort: 80
VpcId: !Ref Vpc
Tags:
- Key: Name
Value: !Sub "${AppSlug}_apache_security"
I am trying to create Network resources using CloudFormation template but when I import the template i get following error:
The following resource types are not supported for resource import: AWS::EC2::SubnetRouteTableAssociation,AWS::EC2::VPCGatewayAttachment,AWS::EC2::Route,AWS::EC2::Route
Any idea what be the reason for the same. Below the code from my CF template:
AWSTemplateFormatVersion: 2010-09-09
Resources:
TestDevVPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 172.32.0.0/16
Tags:
- Key: Description
Value: Created for Test development
PublicSubnet:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 172.32.1.0/24
MapPublicIpOnLaunch: true
VpcId: !Ref TestDevVPC
Tags:
- Key: Description
Value: Public subnet for Test build
TestDevPublicRouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref TestDevVPC
Tags:
- Key: Description
Value: public route table
TestDevInternetGateway:
Type: 'AWS::EC2::InternetGateway'
Properties:
Tags:
- Key: Description
Value: Internet Gateway for Test Dev
TestDevIGVPCAttach:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
InternetGatewayId: !Ref TestDevInternetGateway
VpcId: !Ref TestDevVPC
TestDevSubnetRouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: TestDevPublicRouteTable
SubnetId: PublicSubnet
Route1:
Type: 'AWS::EC2::Route'
Properties:
DestinationCidrBlock: 172.32.0.0/16
RouteTableId: !Ref TestDevPublicRouteTable
Route2:
Type: 'AWS::EC2::Route'
Properties:
DestinationCidrBlock: 0.0.0.0/0
RouteTableId: !Ref TestDevPublicRouteTable
GatewayId: !Ref TestDevInternetGateway
There are few mistakes in your template.
Most importantly you don't need Route1 with local rule of 172.32.0.0/16. This is always created by default.
Also TestDevSubnetRouteTableAssociation is missing !Ref in its parameters.
I modified your template so that it deploys now. I haven't checked its functionality, only whether it deploys.
You can use it as basis for future modification. :
AWSTemplateFormatVersion: 2010-09-09
Resources:
TestDevVPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: 172.32.0.0/16
Tags:
- Key: Description
Value: Created for Test development
PublicSubnet:
Type: 'AWS::EC2::Subnet'
Properties:
CidrBlock: 172.32.1.0/24
MapPublicIpOnLaunch: true
VpcId: !Ref TestDevVPC
Tags:
- Key: Description
Value: Public subnet for Test build
TestDevPublicRouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref TestDevVPC
Tags:
- Key: Description
Value: public route table
TestDevInternetGateway:
Type: 'AWS::EC2::InternetGateway'
Properties:
Tags:
- Key: Description
Value: Internet Gateway for Test Dev
TestDevIGVPCAttach:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
InternetGatewayId: !Ref TestDevInternetGateway
VpcId: !Ref TestDevVPC
Route2:
Type: 'AWS::EC2::Route'
Properties:
DestinationCidrBlock: 0.0.0.0/0
RouteTableId: !Ref TestDevPublicRouteTable
GatewayId: !Ref TestDevInternetGateway
TestDevSubnetRouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
RouteTableId: !Ref TestDevPublicRouteTable
SubnetId: !Ref PublicSubnet
AWSTemplateFormatVersion: 2010-09-09
Parameters:
MyKeyName:
Description: Select the key name from the list
Type: AWS::EC2::KeyPair::KeyName
Instancetypes:
Type: String
AllowedValues:
- t2.micro
- t2.nano
Resources:
myEC2Instance:
Type: AWS::EC2::Instance
Properties:
KeyName: !Ref MyKeyName
ImageId: ami-0323c3dd2da7fb37d
InstanceType: !Ref Instancetypes
SecurityGroupIds:
- default
- !Ref SSHSecurityGroup
SubnetId: !Ref subnet1
Tags:
- Key: Name
Value: EC2
SSHSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: my new SSH security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
VpcId: !Ref LocalVPC
LocalVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
subnet1:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a
VpcId: !Ref LocalVPC
CidrBlock: 10.0.1.0/24
subnet2:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1b
VpcId: !Ref LocalVPC
CidrBlock: 10.0.2.0/24
subnet3:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1c
VpcId: !Ref LocalVPC
CidrBlock: 10.0.3.0/24
routeTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId:
Ref: LocalVPC
routeName:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref routeTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref igwName
routeTableAssocName:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref subnet1
RouteTableId: !Ref routeTable
igwName:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: keyname
Value: valuea
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref LocalVPC
InternetGatewayId: !Ref igwName
enter image description here
SecurityGroupIds takes a Group ID, rather then a Group Name:
SecurityGroupIds:
- !GetAtt SSHSecurityGroup.GroupId