Parameter referencing in AWS - amazon-web-services

In my code below I'm trying to reference a parameter which I created for creating subnets\cidr block for EC2 instance.
I guess, since I created CFCidrVPC1 as string and the actual IP address is not a string.
Something I am missing here.
Can someone guide me here. The reason I'm trying to do this is reuse the code in the future. I also tried to use Ref function within Fn::Cidr funtion but that didn't work either. so replace it with cidr block.
The error I'm getting is "Value of property SubnetId must be of type String".
Please find my full script:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Creating template to deploy 3 ec2 instances in 3 different AZs",
"Parameters": {
"CFCidrVPC1": {
"Type": "String",
"Default": "10.10.0.0/16"
},
"CFCidrVPC2": {
"Type": "String",
"Default": "10.20.0.0/16"
},
"CFEC2Instancetype": {
"Type": "String",
"Default": "t2.micro",
"Description": " Only t2.micro is available in the free tier account hence no any other options"
}
},
"Resources": {
"VPC1": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": {
"Ref": "CFCidrVPC1"
},
"EnableDnsHostnames": "False",
"EnableDnsSupport": "False",
"InstanceTenancy": "default"
}
},
"VPC2": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": {
"Ref": "CFCidrVPC2"
},
"EnableDnsHostnames": "False",
"EnableDnsSupport": "False",
"InstanceTenancy": "default"
}
},
"CFsubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
"CidrBlock": {
"Fn::Select": [
"0",
{
"Fn::Cidr": [
"10.10.0.0/16",
"2",
"8"
]
}
]
},
"VpcId": {
"Ref": "CFCidrVPC1"
}
}
},
"CFsubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
"CidrBlock": {
"Fn::Select": [
"1",
{
"Fn::Cidr": [
"10.10.0.0/16",
"2",
"8"
]
}
]
},
"VpcId": {
"Ref": "CFCidrVPC1"
}
}
},
"CFsubnet3": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
"CidrBlock": {
"Fn::Select": [
"0",
{
"Fn::Cidr": [
"10.20.0.0/16",
"2",
"8"
]
}
]
},
"VpcId": {
"Ref": "CFCidrVPC2"
}
}
},
"CFsubnet4": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
"CidrBlock": {
"Fn::Select": [
"1",
{
"Fn::Cidr": [
"10.10.0.0/16",
"2",
"8"
]
}
]
},
"VpcId": {
"Ref": "CFCidrVPC2"
}
}
},
"FirstECSinVPC1AZ1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
"ImageId": "ami-005bdb005fb00e791",
"InstanceType": {
"Ref": "CFEC2Instancetype"
},
"SubnetId": {
"ref": "CFsubnet1"
}
}
},
"FirstECSinVPC1AZ2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
"1",
{
"Fn::GetAZs": ""
}
]
},
"ImageId": "ami-005bdb005fb00e791",
"InstanceType": {
"Ref": "CFEC2Instancetype"
},
"SubnetId": {
"ref": "CFsubnet2"
}
}
},
"FirstECSinVPC2AZ1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
"0",
{
"Fn::GetAZs": ""
}
]
},
"ImageId": "ami-005bdb005fb00e791",
"InstanceType": {
"Ref": "CFEC2Instancetype"
},
"SubnetId": {
"ref": "CFsubnet3"
}
}
},
"FirstECSinVPC2AZ2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"AvailabilityZone": {
"Fn::Select": [
"1",
{
"Fn::GetAZs": ""
}
]
},
"ImageId": "ami-005bdb005fb00e791",
"InstanceType": {
"Ref": "CFEC2Instancetype"
},
"SubnetId": {
"ref": "CFsubnet4"
}
}
}
}
}


Everything in cloudformation is case sensitive.
You have:
"SubnetId": {
"ref": "CFsubnet2"
}
Try:
"SubnetId": {
"Ref": "CFsubnet2"
}
For all occurrences .

Related

How to solve JSON error on AWS Bad String?

Don't know where is the bad string here, someone can help me?
It appears like a bad error message on the AWS Console, but i can't find what am i missing here.
This script is to create VPCs, Routes, IGW and a Palo Alto Firewall, think that the problem is some ] or } that i am missing.
Do we have a tool to analyze it, instead of searching manually?
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "PANW Firewall (sample-cft).",
"Parameters": {
"BootstrapBucketName":{
"Description": "Bucket name for FW bootstrap configuration",
"Type": "String"
},
"ServerKeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the FW (Hint: You MUST have its private key)",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings": {
"PANFWRegionMap" : {
"us-west-2" : { "AMI": "ami-d28992ab"},
"ap-northeast-1" : { "AMI": "ami-ab04e7cd"},
"us-west-1" : { "AMI": "ami-0f88a16f"},
"ap-northeast-2" : { "AMI": "ami-6cbd6402"},
"ap-southeast-1" : { "AMI": "ami-1897057b"},
"ap-southeast-2" : { "AMI": "ami-8ed3cced"},
"eu-central-1" : { "AMI": "ami-6df35f02"},
"eu-west-1" : { "AMI": "ami-86d63eff"},
"eu-west-2" : { "AMI": "ami-3c170658"},
"sa-east-1" : { "AMI": "ami-15651279"},
"us-east-1" : { "AMI": "ami-0d7ef242edccdad95"},
"us-east-2" : { "AMI": "ami-f1200094"},
"ca-central-1" : { "AMI": "ami-0f08b76b"},
"ap-south-1" : { "AMI": "ami-1ffc8470"}
},
"Resources": {
"BootstrapRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
} ]
},
"Path":"/",
"Policies": [ {
"PolicyName" : "BootstrapRolePolicy",
"PolicyDocument": {
"Version" : "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": { "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "BootstrapBucketName" }]]}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": { "Fn::Join" : ["", [ "arn:aws:s3:::", { "Ref" : "BootstrapBucketName" } , "/*" ]]}
}]
}
}]
}
},
"BootstrapInstanceProfile":{
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [ {
"Ref": "BootstrapRole"
}]
}
},
"NewVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
}
},
"PublicElasticIP": {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
},
"DependsOn": [ "NewVPC" ]
},
"ManagementElasticIP": {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
},
"DependsOn": [ "NewVPC" ]
},
"NewDBSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.2.0/24",
"VpcId": {"Ref": "NewVPC"},
"AvailabilityZone": "" ,
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn": "NewVPC"
},
"NewPublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"VpcId": {"Ref": "NewVPC"},
"AvailabilityZone": { "Fn::GetAtt" : [ "NewDBSubnet", "AvailabilityZone" ] },
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn": [ "NewVPC", "NewDBSubnet" ]
},
"NewWebSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": { "Fn::GetAtt" : [ "NewDBSubnet", "AvailabilityZone" ] },
"VpcId": {"Ref": "NewVPC"},
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
},
"DependsOn":[ "NewVPC", "NewDBSubnet" ]
},
"igweb3def8e": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{ "Key": "Name", "Value": "PAN Sample CFT" }]
}
},
"dopt21c7d043": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "us-west-2.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
]
}
},
"aclb765d6d2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"rtb059a2460": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"rtb049a2461": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {"Ref": "NewVPC"}
}
},
"FWManagementNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 MGMT",
"SubnetId": {"Ref": "NewPublicSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.0.99",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 MGMT"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPublicNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/1",
"SubnetId": {"Ref": "NewPublicSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.0.100",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 E1/1"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPrivate12NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/2",
"SubnetId": {"Ref": "NewWebSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.1.11",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name","Value": "WP AWS FW1 E1/2"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWPrivate13NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/3",
"SubnetId": {"Ref": "NewDBSubnet"},
"SourceDestCheck": "false",
"PrivateIpAddresses": [
{
"PrivateIpAddress": "10.0.2.11",
"Primary": "true"
}
],
"GroupSet": [{"Ref": "sgWideOpen"}],
"Tags": [{"Key": "Name", "Value": "WP AWS FW1 E1/3"}]
},
"DependsOn": [ "sgWideOpen" ]
},
"FWEIPMAnagementAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": { "Fn::GetAtt": [ "ManagementElasticIP", "AllocationId" ] },
"NetworkInterfaceId": { "Ref": "FWManagementNetworkInterface" }
},
"DependsOn": [ "FWManagementNetworkInterface", "ManagementElasticIP" ]
},
"FWEIPPublicAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": { "Fn::GetAtt": [ "PublicElasticIP", "AllocationId" ] },
"NetworkInterfaceId": { "Ref": "FWPublicNetworkInterface" }
},
"DependsOn": [ "FWPublicNetworkInterface", "PublicElasticIP" ]
},
"sgWideOpen": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Wide open security group",
"VpcId": {"Ref": "NewVPC"},
"Tags": [{"Key": "Name","Value": "Lab External SG"}],
"SecurityGroupIngress" : [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupEgress" : [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewDBSubnet"}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewPublicSubnet"}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {"Ref": "aclb765d6d2"},
"SubnetId": {"Ref": "NewWebSubnet"}
}
},
"gw1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {"Ref": "NewVPC"},
"InternetGatewayId": {"Ref": "igweb3def8e"}
}
},
"subnetroute2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {"Ref": "rtb049a2461"},
"SubnetId": {"Ref": "NewPublicSubnet"}
}
},
"route1": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {"Ref": "rtb059a2460"},
"GatewayId": {"Ref": "igweb3def8e"}
},
"DependsOn": "gw1"
},
"route2": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {"Ref": "rtb049a2461"},
"GatewayId": {"Ref": "igweb3def8e"}
},
"DependsOn": "gw1"
},
"dchpassoc1": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {"Ref": "NewVPC"},
"DhcpOptionsId": {"Ref": "dopt21c7d043"}
}
},
"FWInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"IamInstanceProfile": {"Ref": "BootstrapInstanceProfile"},
"InstanceInitiatedShutdownBehavior": "stop",
"EbsOptimized": "true",
"ImageId": { "Fn::FindInMap" : [ "PANFWRegionMap", { "Ref" : "AWS::Region" }, "AMI" ] },
"InstanceType": "m4.xlarge",
"BlockDeviceMappings" :
[
{
"DeviceName" : "/dev/xvda",
"Ebs" :
{
"VolumeType" : "gp2",
"DeleteOnTermination" : "true",
"VolumeSize" : "60"
}
}
],
"KeyName": { "Ref" : "ServerKeyName" },
"Monitoring": "false",
"Tags": [{ "Key": "Name", "Value": "WP VM-Series Firewall" }],
"NetworkInterfaces": [
{
"NetworkInterfaceId": { "Ref": "FWManagementNetworkInterface"},
"DeviceIndex": 0
},
{
"NetworkInterfaceId": { "Ref": "FWPublicNetworkInterface"},
"DeviceIndex": 1
},
{
"NetworkInterfaceId": { "Ref": "FWPrivate12NetworkInterface"},
"DeviceIndex": 2
},
{
"NetworkInterfaceId": { "Ref": "FWPrivate13NetworkInterface"},
"DeviceIndex": 3
}
],
"UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
"vmseries-bootstrap-aws-s3bucket=", { "Ref" : "BootstrapBucketName" }
]]}}
},
"DependsOn": [ "FWPublicNetworkInterface", "FWPrivate12NetworkInterface", "FWPrivate13NetworkInterface", "NewPublicSubnet" ]
},
"Outputs": {
"FirewallManagementURL": {
"Description": "VM-Series management interface URL",
"Value": { "Fn::Join" : ["", [
"https://",
{ "Ref": "ManagementElasticIP"}
]]}}
},
}]]
}
}
}

Yes, you had missing } and some extra ,. Below is valid json. The template may have other issues, but your current error is about invalid json, so I fixed only that. For new issues, please make new question.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "PANW Firewall (sample-cft).",
"Parameters": {
"BootstrapBucketName": {
"Description": "Bucket name for FW bootstrap configuration",
"Type": "String"
},
"ServerKeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the FW (Hint: You MUST have its private key)",
"Type": "AWS::EC2::KeyPair::KeyName"
}
},
"Mappings": {
"PANFWRegionMap": {
"us-west-2": {
"AMI": "ami-d28992ab"
},
"ap-northeast-1": {
"AMI": "ami-ab04e7cd"
},
"us-west-1": {
"AMI": "ami-0f88a16f"
},
"ap-northeast-2": {
"AMI": "ami-6cbd6402"
},
"ap-southeast-1": {
"AMI": "ami-1897057b"
},
"ap-southeast-2": {
"AMI": "ami-8ed3cced"
},
"eu-central-1": {
"AMI": "ami-6df35f02"
},
"eu-west-1": {
"AMI": "ami-86d63eff"
},
"eu-west-2": {
"AMI": "ami-3c170658"
},
"sa-east-1": {
"AMI": "ami-15651279"
},
"us-east-1": {
"AMI": "ami-0d7ef242edccdad95"
},
"us-east-2": {
"AMI": "ami-f1200094"
},
"ca-central-1": {
"AMI": "ami-0f08b76b"
},
"ap-south-1": {
"AMI": "ami-1ffc8470"
}
}
},
"Resources": {
"BootstrapRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}]
},
"Path": "/",
"Policies": [{
"PolicyName": "BootstrapRolePolicy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": {
"Fn::Join": ["", ["arn:aws:s3:::", {
"Ref": "BootstrapBucketName"
}]]
}
},
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": {
"Fn::Join": ["", ["arn:aws:s3:::", {
"Ref": "BootstrapBucketName"
}, "/*"]]
}
}
]
}
}]
}
},
"BootstrapInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [{
"Ref": "BootstrapRole"
}]
}
},
"NewVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"InstanceTenancy": "default",
"EnableDnsSupport": "true",
"EnableDnsHostnames": "true",
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
}
},
"PublicElasticIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
},
"DependsOn": ["NewVPC"]
},
"ManagementElasticIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
},
"DependsOn": ["NewVPC"]
},
"NewDBSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.2.0/24",
"VpcId": {
"Ref": "NewVPC"
},
"AvailabilityZone": "",
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": "NewVPC"
},
"NewPublicSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"VpcId": {
"Ref": "NewVPC"
},
"AvailabilityZone": {
"Fn::GetAtt": ["NewDBSubnet", "AvailabilityZone"]
},
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": ["NewVPC", "NewDBSubnet"]
},
"NewWebSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": {
"Fn::GetAtt": ["NewDBSubnet", "AvailabilityZone"]
},
"VpcId": {
"Ref": "NewVPC"
},
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
},
"DependsOn": ["NewVPC", "NewDBSubnet"]
},
"igweb3def8e": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{
"Key": "Name",
"Value": "PAN Sample CFT"
}]
}
},
"dopt21c7d043": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "us-west-2.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
]
}
},
"aclb765d6d2": {
"Type": "AWS::EC2::NetworkAcl",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"rtb059a2460": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"rtb049a2461": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
}
}
},
"FWManagementNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 MGMT",
"SubnetId": {
"Ref": "NewPublicSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.0.99",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 MGMT"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPublicNetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/1",
"SubnetId": {
"Ref": "NewPublicSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.0.100",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/1"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPrivate12NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/2",
"SubnetId": {
"Ref": "NewWebSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.1.11",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/2"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWPrivate13NetworkInterface": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "AWS FW1 E1/3",
"SubnetId": {
"Ref": "NewDBSubnet"
},
"SourceDestCheck": "false",
"PrivateIpAddresses": [{
"PrivateIpAddress": "10.0.2.11",
"Primary": "true"
}],
"GroupSet": [{
"Ref": "sgWideOpen"
}],
"Tags": [{
"Key": "Name",
"Value": "WP AWS FW1 E1/3"
}]
},
"DependsOn": ["sgWideOpen"]
},
"FWEIPMAnagementAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["ManagementElasticIP", "AllocationId"]
},
"NetworkInterfaceId": {
"Ref": "FWManagementNetworkInterface"
}
},
"DependsOn": ["FWManagementNetworkInterface", "ManagementElasticIP"]
},
"FWEIPPublicAssociation": {
"Type": "AWS::EC2::EIPAssociation",
"Properties": {
"AllocationId": {
"Fn::GetAtt": ["PublicElasticIP", "AllocationId"]
},
"NetworkInterfaceId": {
"Ref": "FWPublicNetworkInterface"
}
},
"DependsOn": ["FWPublicNetworkInterface", "PublicElasticIP"]
},
"sgWideOpen": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Wide open security group",
"VpcId": {
"Ref": "NewVPC"
},
"Tags": [{
"Key": "Name",
"Value": "Lab External SG"
}],
"SecurityGroupIngress": [{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}],
"SecurityGroupEgress": [{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}]
}
},
"acl1": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Egress": "true",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"acl2": {
"Type": "AWS::EC2::NetworkAclEntry",
"Properties": {
"CidrBlock": "0.0.0.0/0",
"Protocol": "-1",
"RuleAction": "allow",
"RuleNumber": "100",
"NetworkAclId": {
"Ref": "aclb765d6d2"
}
}
},
"subnetacl1": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewDBSubnet"
}
}
},
"subnetacl2": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewPublicSubnet"
}
}
},
"subnetacl3": {
"Type": "AWS::EC2::SubnetNetworkAclAssociation",
"Properties": {
"NetworkAclId": {
"Ref": "aclb765d6d2"
},
"SubnetId": {
"Ref": "NewWebSubnet"
}
}
},
"gw1": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
},
"InternetGatewayId": {
"Ref": "igweb3def8e"
}
}
},
"subnetroute2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "rtb049a2461"
},
"SubnetId": {
"Ref": "NewPublicSubnet"
}
}
},
"route1": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtb059a2460"
},
"GatewayId": {
"Ref": "igweb3def8e"
}
},
"DependsOn": "gw1"
},
"route2": {
"Type": "AWS::EC2::Route",
"Properties": {
"DestinationCidrBlock": "0.0.0.0/0",
"RouteTableId": {
"Ref": "rtb049a2461"
},
"GatewayId": {
"Ref": "igweb3def8e"
}
},
"DependsOn": "gw1"
},
"dchpassoc1": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "NewVPC"
},
"DhcpOptionsId": {
"Ref": "dopt21c7d043"
}
}
},
"FWInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"DisableApiTermination": "false",
"IamInstanceProfile": {
"Ref": "BootstrapInstanceProfile"
},
"InstanceInitiatedShutdownBehavior": "stop",
"EbsOptimized": "true",
"ImageId": {
"Fn::FindInMap": ["PANFWRegionMap", {
"Ref": "AWS::Region"
}, "AMI"]
},
"InstanceType": "m4.xlarge",
"BlockDeviceMappings": [{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp2",
"DeleteOnTermination": "true",
"VolumeSize": "60"
}
}],
"KeyName": {
"Ref": "ServerKeyName"
},
"Monitoring": "false",
"Tags": [{
"Key": "Name",
"Value": "WP VM-Series Firewall"
}],
"NetworkInterfaces": [{
"NetworkInterfaceId": {
"Ref": "FWManagementNetworkInterface"
},
"DeviceIndex": 0
},
{
"NetworkInterfaceId": {
"Ref": "FWPublicNetworkInterface"
},
"DeviceIndex": 1
},
{
"NetworkInterfaceId": {
"Ref": "FWPrivate12NetworkInterface"
},
"DeviceIndex": 2
},
{
"NetworkInterfaceId": {
"Ref": "FWPrivate13NetworkInterface"
},
"DeviceIndex": 3
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": ["", [
"vmseries-bootstrap-aws-s3bucket=", {
"Ref": "BootstrapBucketName"
}
]]
}
}
},
"DependsOn": ["FWPublicNetworkInterface", "FWPrivate12NetworkInterface", "FWPrivate13NetworkInterface", "NewPublicSubnet"]
},
"Outputs": {
"FirewallManagementURL": {
"Description": "VM-Series management interface URL",
"Value": {
"Fn::Join": ["", [
"https://",
{
"Ref": "ManagementElasticIP"
}
]]
}
}
}
}
}

aws cloudformation - Encountered unsupported property RequestValidatorId

I was trying to create a requestValidator and use it in my request by
"RequestValidatorId": {
"Ref": "PostRequestValidator"
}
.
It should return the id of the requestValidator according to the doc.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-requestvalidator.html
But below error occurs.
Logical ID: postBannerMethod
Encountered unsupported property RequestValidatorId
resources.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"RolesStack": {
"Type": "String",
"Default": "admin-iam-roles"
},
"HandlerCodeS3Bucket": {
"Type": "String",
"Default": "admin-lambda-sourcecode"
},
"HandlerCodeS3BucketLayer": {
"Type": "String",
"Default": "admin-lambda-sourcecode/layers"
},
"HandlerCodeS3Key": {
"Type": "String",
"Default": "helloWorld.zip"
}
},
"Resources": {
"MyLayer": {
"Type": "AWS::Lambda::LayerVersion",
"Properties": {
"CompatibleRuntimes": [
"nodejs12.x"
],
"Content": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key": "imageUploadLayer.zip"
},
"Description": "My layer",
"LayerName": "imageLayer",
"LicenseInfo": "MIT"
}
},
"createBannerHandler": {
"Type": "AWS::Lambda::Function",
"Properties": {
"FunctionName": "createBanner",
"Handler": "createBanner.handler",
"Role": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-LambdaRoleArn"
}
},
"Code": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key":"createBanner.zip"
},
"Layers": [
{
"Ref": "MyLayer"
}
],
"Runtime": "nodejs12.x"
}
},
"HelloWorldApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "hello-api",
"Description": "API used for practice",
"FailOnWarnings": true
}
},
"PostRequestValidator": {
"Type" : "AWS::ApiGateway::RequestValidator",
"Properties" : {
"Name" : "PostRequestValidator",
"RestApiId" : {
"Ref": "HelloWorldApi"
},
"ValidateRequestBody" : true,
"ValidateRequestParameters" : false
}
},
"BannerResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ParentId": {
"Fn::GetAtt": [
"HelloWorldApi",
"RootResourceId"
]
},
"PathPart": "banner"
}
},
"postBannerMethod": {
"Type": "AWS::ApiGateway::Method",
"DependsOn": ["HelloWorldApi"],
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ResourceId": {
"Ref": "BannerResource"
},
"HttpMethod": "POST",
"AuthorizationType": "NONE",
"Integration": {
"Credentials": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-ApiGatewayRoleArn"
}
},
"IntegrationHttpMethod": "POST",
"Type": "AWS_PROXY",
"RequestValidatorId": {
"Ref": "PostRequestValidator"
},
"Uri": {
"Fn::Join": ["",
[
"arn:aws:apigateway:",
{
"Ref": "AWS::Region"
},
":lambda:path/2015-03-31/functions/",
{
"Fn::GetAtt": ["createBannerHandler", "Arn"]
},
"/invocations"
]
]
}
}
}
}
}
}

Your RequestValidatorId is one level to deep. It should be in AWS::ApiGateway::Method, not in Integration:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"RolesStack": {
"Type": "String",
"Default": "admin-iam-roles"
},
"HandlerCodeS3Bucket": {
"Type": "String",
"Default": "admin-lambda-sourcecode"
},
"HandlerCodeS3BucketLayer": {
"Type": "String",
"Default": "admin-lambda-sourcecode/layers"
},
"HandlerCodeS3Key": {
"Type": "String",
"Default": "helloWorld.zip"
}
},
"Resources": {
"MyLayer": {
"Type": "AWS::Lambda::LayerVersion",
"Properties": {
"CompatibleRuntimes": [
"nodejs12.x"
],
"Content": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key": "imageUploadLayer.zip"
},
"Description": "My layer",
"LayerName": "imageLayer",
"LicenseInfo": "MIT"
}
},
"createBannerHandler": {
"Type": "AWS::Lambda::Function",
"Properties": {
"FunctionName": "createBanner",
"Handler": "createBanner.handler",
"Role": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-LambdaRoleArn"
}
},
"Code": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key": "createBanner.zip"
},
"Layers": [
{
"Ref": "MyLayer"
}
],
"Runtime": "nodejs12.x"
}
},
"HelloWorldApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "hello-api",
"Description": "API used for practice",
"FailOnWarnings": true
}
},
"PostRequestValidator": {
"Type": "AWS::ApiGateway::RequestValidator",
"Properties": {
"Name": "PostRequestValidator",
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ValidateRequestBody": true,
"ValidateRequestParameters": false
}
},
"BannerResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ParentId": {
"Fn::GetAtt": [
"HelloWorldApi",
"RootResourceId"
]
},
"PathPart": "banner"
}
},
"postBannerMethod": {
"Type": "AWS::ApiGateway::Method",
"DependsOn": [
"HelloWorldApi"
],
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ResourceId": {
"Ref": "BannerResource"
},
"HttpMethod": "POST",
"AuthorizationType": "NONE",
"RequestValidatorId": {
"Ref": "PostRequestValidator"
},
"Integration": {
"Credentials": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-ApiGatewayRoleArn"
}
},
"IntegrationHttpMethod": "POST",
"Type": "AWS_PROXY",
"Uri": {
"Fn::Join": [
"",
[
"arn:aws:apigateway:",
{
"Ref": "AWS::Region"
},
":lambda:path/2015-03-31/functions/",
{
"Fn::GetAtt": [
"createBannerHandler",
"Arn"
]
},
"/invocations"
]
]
}
}
}
}
}
}

Recommend trying the CloudFormation Linter in VSCode to see some of these errors inline while authoring templates along with autocompletion and documentation links:
[cfn-lint] E3002: Invalid Property Resources/postBannerMethod/Properties/Integration/RequestValidatorId

How can i ensure NAT is up before instances

My instances when created by my cloudformation template do not run yum update or install aws-cfn-bootstrap. I see a timeout in the logs however it works after I login and they have fully booted.
Logs show me they are unable to connect at boot, I think because the natgw hasn't been built yet. It was working yesterday i have been tweaking since but cannot seem to get it to load anymore.
"Parameters": {
"ONtestenv": {
"Description": "env name",
"Type": "String"
},
"ONcidr": {
"Description": "subs for vpc",
"Type": "String",
"Default": "10.0.0.0/16"
},
"pubONsubnet": {
"Description": "pub sub block",
"Type": "String",
"Default": "10.0.0.0/24"
},
"privONsubnet": {
"Description": "priv subn clok",
"Type": "String",
"Default": "10.0.1.0/24"
},
"KeyName": {
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
},
"SSHLocation": {
"Description": "The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
},
"InstanceType": {
"Description": "WebServer EC2 instance type",
"Type": "String",
"Default": "t2.micro",
"AllowedValues": [
"t2.micro",
"m1.small",
"m1.medium",
"m1.large",
"m1.xlarge",
"m2.xlarge",
"m2.2xlarge",
"m2.4xlarge"
],
"ConstraintDescription": "must be a valid EC2 instance type."
}
},
"Mappings": {
"Region2Examples": {
"us-east-1": {
"Examples": "https://s3.amazonaws.com/cloudformation-examples-us-east-1"
},
"ca-central-1": {
"Examples": "https://s3.amazonaws.com/cloudformation-examples-us-east-1"
},
"us-west-2": {
"Examples": "https://s3-us-west-2.amazonaws.com/cloudformation-examples-us-west-2"
},
"us-west-1": {
"Examples": "https://s3-us-west-1.amazonaws.com/cloudformation-examples-us-west-1"
},
"eu-west-1": {
"Examples": "https://s3-eu-west-1.amazonaws.com/cloudformation-examples-eu-west-1"
},
"eu-central-1": {
"Examples": "https://s3-eu-central-1.amazonaws.com/cloudformation-examples-eu-central-1"
},
"ap-southeast-1": {
"Examples": "https://s3-ap-southeast-1.amazonaws.com/cloudformation-examples-ap-southeast-1"
},
"us-east-2": {
"Examples": "https://s3-us-east-2.amazonaws.com/cloudformation-examples-us-east-2"
},
"sa-east-1": {
"Examples": "https://s3-sa-east-1.amazonaws.com/cloudformation-examples-sa-east-1"
},
"cn-north-1": {
"Examples": "https://s3.cn-north-1.amazonaws.com.cn/cloudformation-examples-cn-north-1"
}
},
"AWSInstanceType2Arch": {
"t2.micro": {
"Arch": "64"
},
"m1.small": {
"Arch": "64"
},
"m1.medium": {
"Arch": "64"
},
"m1.large": {
"Arch": "64"
},
"m1.xlarge": {
"Arch": "64"
},
"m2.xlarge": {
"Arch": "64"
},
"m2.2xlarge": {
"Arch": "64"
},
"m2.4xlarge": {
"Arch": "64"
},
"c1.medium": {
"Arch": "64"
},
"c1.xlarge": {
"Arch": "64"
},
"cc1.4xlarge": {
"Arch": "64HVM"
},
"cc2.8xlarge": {
"Arch": "64HVM"
},
"cg1.4xlarge": {
"Arch": "64HVM"
}
},
"AWSRegionArch2AMI": {
"us-east-1": {
"32": "ami-31814f58",
"64": "ami-1b814f72",
"64HVM": "ami-0da96764"
},
"ca-central-1": {
"32": "ami-31814f58",
"64": "ami-b61b96d2",
"64HVM": "ami-b61b96d2"
},
"us-west-2": {
"32": "ami-38fe7308",
"64": "ami-30fe7300",
"64HVM": "NOT_YET_SUPPORTED"
},
"us-west-1": {
"32": "ami-11d68a54",
"64": "ami-1bd68a5e",
"64HVM": "NOT_YET_SUPPORTED"
},
"eu-west-1": {
"32": "ami-973b06e3",
"64": "ami-953b06e1",
"64HVM": "NOT_YET_SUPPORTED"
},
"ap-southeast-1": {
"32": "ami-b4b0cae6",
"64": "ami-beb0caec",
"64HVM": "NOT_YET_SUPPORTED"
},
"ap-northeast-1": {
"32": "ami-0644f007",
"64": "ami-0a44f00b",
"64HVM": "NOT_YET_SUPPORTED"
},
"sa-east-1": {
"32": "ami-3e3be423",
"64": "ami-3c3be421",
"64HVM": "NOT_YET_SUPPORTED"
}
}
},
"Resources": {
"ONtestVPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": {
"Ref": "ONcidr"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Ref": "ONtestenv"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "3321d2b3-88cd-4e8f-bef1-b5d0b853ca46"
}
}
},
"ONIG": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": {
"Ref": "ONtestenv"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "d5878b9e-87f5-4088-8401-1a60d827a01a"
}
}
},
"ONgatewayattach": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"InternetGatewayId": {
"Ref": "ONIG"
},
"VpcId": {
"Ref": "ONtestVPC"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "b654db30-aa3f-4ffe-ab5c-27b9a14be28e"
}
}
},
"natGW": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"natEIP",
"AllocationId"
]
},
"SubnetId": {
"Ref": "pubsub"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "b030b414-e088-4733-8d0a-bbe426610828"
}
}
},
"pubsub": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "ONtestVPC"
},
"AvailabilityZone": {
"Fn::Select": [
0,
{
"Fn::GetAZs": ""
}
]
},
"CidrBlock": {
"Ref": "pubONsubnet"
},
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${ONtestenv} pub sub"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "dd0e3e42-3b94-4ffe-a8e3-85690934c839"
}
}
},
"privsub": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "ONtestVPC"
},
"AvailabilityZone": {
"Fn::Select": [
0,
{
"Fn::GetAZs": ""
}
]
},
"CidrBlock": {
"Ref": "privONsubnet"
},
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${ONtestenv} priv sub"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "4cfc646e-acb2-45ea-a075-596b7453e7d7"
}
}
},
"natEIP": {
"Type": "AWS::EC2::EIP",
"DependsOn": "ONgatewayattach",
"Properties": {
"Domain": "vpc"
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "c3501a25-dec8-4d5b-a8af-4c8ddc2b8c48"
}
}
},
"pubroutes": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ONtestVPC"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${ONtestenv} pub routes"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "15610e2e-2838-4b07-9ed0-3339a8ee2c6b"
}
}
},
"defaultpubroute": {
"Type": "AWS::EC2::Route",
"DependsOn": "ONgatewayattach",
"Properties": {
"RouteTableId": {
"Ref": "pubroutes"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "ONIG"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "2ccd0372-a83b-42cf-8d24-4bf2937f9db2"
}
}
},
"pubsubrtassoc": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "pubroutes"
},
"SubnetId": {
"Ref": "pubsub"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "871f2e97-ff70-4bcf-a707-07cd7629a070"
}
}
},
"privroutetable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "ONtestVPC"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Sub": "${ONtestenv} priv routes"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "e3959861-54ef-41eb-8732-644b3302f1a2"
}
}
},
"defaultprivroute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "privroutetable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "natGW"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "0bd7af21-8d8c-4bcb-ac8d-b7a0c1bcc7f1"
}
}
},
"privsubrtassoc": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"RouteTableId": {
"Ref": "privroutetable"
},
"SubnetId": {
"Ref": "privsub"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "e4a0e22d-b70f-498f-8269-7569a2a260cc"
}
}
},
"SG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable ping and ssh access via port 22 and ALL from VPC CIDR",
"VpcId": {
"Ref": "ONtestVPC"
},
"SecurityGroupIngress": [
{
"IpProtocol": "icmp",
"FromPort": "8",
"ToPort": "-1",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "udp",
"FromPort": "1",
"ToPort": "65535",
"CidrIp": "10.0.0.0/16"
},
{
"IpProtocol": "tcp",
"FromPort": "1",
"ToPort": "65535",
"CidrIp": "10.0.0.0/16"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "64176529-142e-41de-a97d-b4306dd2c445"
}
}
},
"webAutoscalingGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
},
"LoadBalancerNames": [
{
"Ref": "ElasticLoadBalancer"
}
],
"MaxSize": 4,
"MinSize": 2,
"VPCZoneIdentifier": [
{
"Ref": "pubsub"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "a331154a-b1ca-416c-80d3-651425c8ad8e"
}
}
},
"webAutoscalePolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Description": "A policy to expand the size of the pool by 1 instance",
"Properties": {
"AutoScalingGroupName": {
"Ref": "webAutoscalingGroup"
},
"AdjustmentType": "ChangeInCapacity",
"Cooldown": 300,
"ScalingAdjustment": 1
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "77ce9e6f-f50d-4f96-a229-76ffe3bfc32a"
}
}
},
"webAutoScaleAlarm": {
"Type": "AWS::CloudWatch::Alarm",
"Description": "When average bandwidth for the instances exceeds a threshold trigger\nthe policy (increasing instance count by 1)\n",
"Properties": {
"AlarmName": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"bytes out alarm"
]
]
},
"AlarmDescription": "This metric monitors network utilization",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"EvaluationPeriods": 2,
"MetricName": "NetworkIn",
"Namespace": "AWS/EC2",
"Period": 60,
"Statistic": "Average",
"Threshold": 5000,
"Dimensions": [
{
"Name": "AutoScalingGroupName",
"Value": {
"Ref": "webAutoscalingGroup"
}
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "e04f759b-93b9-4072-8966-484a4e953230"
}
}
},
"LBSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SSH and HTTP inbound, egress to VPC",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "SSHLocation"
}
}
],
"SecurityGroupEgress": [
{
"IpProtocol": "tcp",
"FromPort": 0,
"ToPort": 65535,
"CidrIp": "0.0.0.0/0"
}
],
"VpcId": {
"Ref": "ONtestVPC"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "f6b443e1-6c3f-4e3c-bcc4-fbccb527b1f1"
}
}
},
"ElasticLoadBalancer": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Subnets": [
{
"Ref": "pubsub"
}
],
"CrossZone": "true",
"Listeners": [
{
"LoadBalancerPort": "80",
"InstancePort": "80",
"Protocol": "HTTP"
}
],
"HealthCheck": {
"Target": "HTTP:80/",
"HealthyThreshold": "3",
"UnhealthyThreshold": "5",
"Interval": "30",
"Timeout": "5"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "33772321-0e4d-4a0e-bfc6-e4196b7cdead"
}
}
},
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SSH inbound, port 80 inbound from the load balancer",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "SSHLocation"
}
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "SSHLocation"
}
}
],
"VpcId": {
"Ref": "ONtestVPC"
}
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "9bed003f-7101-4f65-a41c-175bfa579c08"
}
}
},
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Metadata": {
"Comment": "Install a simple application",
"AWS::CloudFormation::Init": {
"config": {
"packages": {
"yum": {
"httpd": []
}
},
"files": {
"/var/www/html/index.html": {
"content": {
"Fn::Join": [
"\n",
[
"<img src=\"",
{
"Fn::FindInMap": [
"Region2Examples",
{
"Ref": "AWS::Region"
},
"Examples"
]
},
"/cloudformation_graphic.png\" alt=\"AWS CloudFormation Logo\"/>",
"<h1>Congratulations, you have successfully launched the AWS CloudFormation sample.</h1>"
]
]
},
"mode": "000644",
"owner": "root",
"group": "root"
},
"/etc/cfn/cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
},
"mode": "000400",
"owner": "root",
"group": "root"
},
"/etc/cfn/hooks.d/cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.LaunchConfig.Metadata.AWS::CloudFormation::Init\n",
"action=/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource LaunchConfig ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"runas=root\n"
]
]
}
}
},
"services": {
"sysvinit": {
"httpd": {
"enabled": "true",
"ensureRunning": "true"
},
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"/etc/cfn/cfn-hup.conf",
"/etc/cfn/hooks.d/cfn-auto-reloader.conf"
]
}
}
}
}
},
"AWS::CloudFormation::Designer": {
"id": "fb6eab98-3a1b-426a-945f-14c25bb99862"
}
},
"Properties": {
"KeyName": {
"Ref": "KeyName"
},
"ImageId": {
"Fn::FindInMap": [
"AWSRegionArch2AMI",
{
"Ref": "AWS::Region"
},
{
"Fn::FindInMap": [
"AWSInstanceType2Arch",
{
"Ref": "InstanceType"
},
"Arch"
]
}
]
},
"SecurityGroups": [
{
"Ref": "InstanceSecurityGroup"
}
],
"InstanceType": {
"Ref": "InstanceType"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -xe\n",
"yum update -y aws-cfn-bootstrap\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource LaunchConfig ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource WebServerGroup ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
}
}
},
"Outputs": {
"VPC": {
"Description": "A reference to the created VPC",
"Value": {
"Ref": "ONtestVPC"
}
},
"PublicSubnet": {
"Description": "public subnet",
"Value": {
"Fn::Join": [
",",
[
{
"Ref": "pubsub"
}
]
]
}
},
"PrivateSubnet": {
"Description": "private subnet",
"Value": {
"Fn::Join": [
",",
[
{
"Ref": "privsub"
}
]
]
}
}
}
}```
I am hoping it will install the simple httpd server but it does not. I am able to run the exact same command ```yum update -y``` after it's booted and I login to it.

You can put a DependsOn condition on the Auto Scaling group referencing the natGW, so that it won't launch instances until the NAT Gateway is ready.
See: DependsOn Attribute - AWS CloudFormation
CloudFormation normally figures out "depends on" linkages automatically, based on references from one resource to another (eg a Subnet references a VPC, so CloudFormation waits for the VPC to be ready before creating the Subnet).
However, not all relationships are obvious such as between your Auto Scaling group and the NAT Gateway. For these situations, you can manually add a DependsOn.

It can also be beneficial to use multiple stacks. This reduces the number of resource dependencies that need to be specified.
Key things like a NAT Gateway should be in one of the first stacks and then if you put things like an autoscaling group in a stack added later the dependency doesn't have to be specified as the NAT Gateway will already be up from the earlier stack.

AWS Cloudformation Random Build Fail

I'm using Cloudformation to automate instance creation. I'm using an auto scaling group to build a variable number dependent on what i need. However there is a reoccurring issue where at least 1 instance fails to run when i build 2+ instances from this script.
For Example: I state 7 instances for cloudformation to build, 6 will work perfectly but there is always 1 that will not work. There is no error, it just seems to ignore commands. In the userdata section of this script i launch dockers to run in the instance.
I get this error: rpc error code = 13 desc = transport is closing
Can someone take a look to see if doing something wrong or I'm missing a step?
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Test",
"Parameters": {
"InstanceType": {
"Type": "String",
"Default": "t2.large"
},
"NoOfInstances": {
"Type": "String",
"ConstraintDescription": ""
},
"RoleName": {
"Type": "String",
"Default": "**",
"ConstraintDescription": ""
},
"VPCParameter": {
"Type": "AWS::EC2::VPC::Id",
"Default": "**"
},
"SubnetsParameter": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Default": "**"
},
"KeyName": {
"Type": "AWS::EC2::KeyPair::KeyName",
"Default": "**",
"ConstraintDescription": ""
}
},
"Mappings": {
"AWSInstanceType2Arch": {
"t2.large": {
"Arch": "HVM64"
}
},
"AWSRegionArch2AMI": {
"**": {
"HVM64": "**"
}
}
},
"Resources": {
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"KeyName": {
"Ref": "KeyName"
},
"IamInstanceProfile": {
"Ref": "RoleName"
},
"SecurityGroups": [{
"Ref": "WebServerSecurityGroup"
}],
"ImageId": {
"Fn::FindInMap": ["AWSRegionArch2AMI",
{
"Ref": "AWS::Region"
}, {
"Fn::FindInMap": ["AWSInstanceType2Arch", {
"Ref": "InstanceType"
}, "Arch"]
}
]
},
"InstanceType": {
"Ref": "InstanceType"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": ["", [ ** ]]
}
}
}
},
"AutoScalingServerGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
},
"MinSize": "1",
"MaxSize": "30",
"Cooldown": "300",
"VPCZoneIdentifier": {
"Ref": "SubnetsParameter"
},
"DesiredCapacity": {
"Ref": "NoOfInstances"
},
"Tags": [ ** ]
}
},
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "**",
"VpcId": {
"Ref": "VPCParameter"
},
"SecurityGroupIngress": [{
"IpProtocol": "tcp",
"CidrIp": "**",
"FromPort": "**",
"ToPort": "**"
}, ]
}
},
"WebServerScaleUpPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "AutoScalingServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": "1"
}
},
"WebServerScaleDownPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "AutoScalingServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": "-1"
}
}
}
}

You could be hitting EC2 instance limits - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html
You could also look at the Activity History tab for the Auto Scaling Group. See if it has any useful information.

How to get AvailabilityZone given a SubnetId Parameter, or vice versa, in a CloudFormation template?

I extracted a CloudFormation template from a stack created by cfncluster. I'm trying to simplify and group the parameters so that the mandatory parameters are grouped together and are non-redundant. The default subnet-related parameters include MasterSubnetId, AvailabilityZone, ComputeSubnetId, and ComputeSubnetCidr. The template uses these to calculate several conditions and also to set AvailabilityZone properties on several resources:
"CreateComputeSubnetForCompute": {
"Fn::And": [
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetId"
},
"NONE"
]
},
{
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetCidr"
},
"NONE"
]
}
]
}
]
},
"UseComputeSubnetForCompute": {
"Fn::And": [
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetCidr"
},
"NONE"
]
},
{
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetId"
},
"NONE"
]
}
]
}
]
},
"UseMasterSubnetForCompute": {
"Fn::And": [
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetId"
},
"NONE"
]
},
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetCidr"
},
"NONE"
]
}
]
},
I want to simplify the template to require either MasterSubnetId or AvailabilityZone, but not both. I don't need the option to provide one or the other, it's fine for me to require one or the other. The main problem is I can't figure out how to do that. The various Resources used by the template seem to require both, even though they should be related. I can't use Fn::GetAtt like I want because the first argument cannot come from functions, like this:
"Fn::GetAtt" : [ { "Ref": "MasterSubnetId" }, "AvailabilityZone" ]
Also, I want the compute fleet to always get its own subnet.
Here are the subnet-related parts of the template :
{
...snip...
"Parameters": {
"ComputeSubnetId": {
"Description": "ID of the Subnet you want to provision the Compute Servers into. Set to NONE to use the same subnet as Master Server.",
"Type": "String",
"Default": "NONE"
},
"ComputeSubnetCidr": {
"Description": "CIDR(s) for new backend subnet(s) i.e. 10.0.100.0/24. This is a comma-delimited list and can support multiple CIDR ranges for a multi-AZ cluster. The order and length of this list MUST match the AvailabilityZones parameter. Set to NONE to use the same subnet as Master Server.",
"Type": "String",
"ConstraintDescription": "must be a valid CIDR range of the form x.x.x.x/x.",
"AllowedPattern": "(NONE|(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2}))",
"Default": "NONE"
},
"MasterSubnetId": {
"Description": "ID of the Subnet you want to provision the Master server into",
"Type": "AWS::EC2::Subnet::Id"
},
"AvailabilityZone": {
"Description": "Availability Zone the cluster will launch into. THIS IS REQUIRED",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"VPCId": {
"Description": "ID of the VPC you want to provision cluster into. Only used with UseVPCBase=false",
"Type": "AWS::EC2::VPC::Id"
},
"UsePublicIps": {
"Description": "Boolean flag to use public IP's for instances. If false, the VPC must be correctly setup to use NAT for all traffic.",
"Type": "String",
"Default": "true",
"ConstraintDescription": "true/false",
"AllowedValues": [
"true",
"false"
]
}
},
"Conditions": {
"CreateComputeSubnetForCompute": {
"Fn::And": [
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetId"
},
"NONE"
]
},
{
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetCidr"
},
"NONE"
]
}
]
}
]
},
"UseComputeSubnetForCompute": {
"Fn::And": [
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetCidr"
},
"NONE"
]
},
{
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetId"
},
"NONE"
]
}
]
}
]
},
"UseMasterSubnetForCompute": {
"Fn::And": [
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetId"
},
"NONE"
]
},
{
"Fn::Equals": [
{
"Ref": "ComputeSubnetCidr"
},
"NONE"
]
}
]
}
},
"Mappings": {
"AWSInstanceType2Capabilites": {
...snip...
},
"AWSRegionOS2AMI": {
...snip...
},
"OSFeatures": {
...snip...
},
"CfnClusterVersions": {
"default": {
"cfncluster": "cfncluster-1.1.0",
"cookbook": "cfncluster-cookbook-1.1.0",
"chef": "12.4.3",
"ridley": "4.3.2",
"berkshelf": "4.0.1",
"ami": "201602192042"
}
},
"AWSRegion2Capabilites": {
...snip...
}
},
"Resources": {
...snip...
"CfnClusterPolicies": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "cfncluster",
"PolicyDocument": {
"Statement": [
{
"Sid": "EC2",
"Action": [
"ec2:AttachVolume",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
...snip...
]
},
"Roles": [
{
"Ref": "RootRole"
}
]
},
"Condition": "CreateEC2IAMRole",
},
"MasterEIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
},
"Condition": "MasterPublicIp",
},
"MasterServer": {
"Type": "AWS::EC2::Instance",
"Properties": {
"InstanceType": {
"Ref": "MasterInstanceType"
},
"BlockDeviceMappings": [
...snip...
],
"KeyName": {
"Ref": "KeyName"
},
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Name",
"Value": "Master"
}
],
"NetworkInterfaces": [
{
"NetworkInterfaceId": {
"Ref": "MasterENI"
},
"DeviceIndex": "0"
}
],
"ImageId": {
"Fn::If": [
"UseCustomAMI",
{
"Ref": "CustomAMI"
},
{
"Fn::FindInMap": [
"AWSRegionOS2AMI",
{
"Ref": "AWS::Region"
},
{
"Ref": "BaseOS"
}
]
}
]
},
"UserData": {
...snip...
}
}
},
"Metadata": {
"Comment": "cfncluster Master server",
"AWS::CloudFormation::Init": {
"configSets": {
"default": [
"deployConfigFiles",
"getCookbooks",
"chefPrepEnv",
"shellRunPreInstall",
"chefConfig",
"shellRunPostInstall",
"shellForkClusterReadyInstall"
]
},
"deployConfigFiles": {
"files": {
"/tmp/dna.json": {
"mode": "000644",
"owner": "root",
"group": "root",
"content": {
"cfncluster": {
"stack_name": {
"Ref": "AWS::StackName"
},
"cfn_preinstall": {
"Ref": "PreInstallScript"
},
"cfn_preinstall_args": {
"Ref": "PreInstallArgs"
},
"cfn_postinstall": {
"Ref": "PostInstallScript"
},
"cfn_postinstall_args": {
"Ref": "PostInstallArgs"
},
"cfn_region": {
"Ref": "AWS::Region"
},
"cfn_volume": {
"Fn::If": [
"UseExistingEBSVolume",
{
"Ref": "EBSVolumeId"
},
{
"Ref": "SharedVolume"
}
]
},
"cfn_scheduler": {
"Ref": "Scheduler"
},
"cfn_encrypted_ephemeral": {
"Ref": "EncryptedEphemeral"
},
"cfn_ephemeral_dir": {
"Ref": "EphemeralDir"
},
"cfn_shared_dir": {
"Ref": "SharedDir"
},
"cfn_proxy": {
"Ref": "ProxyServer"
},
"cfn_node_type": "MasterServer",
"cfn_cluster_user": {
"Fn::FindInMap": [
"OSFeatures",
{
"Ref": "BaseOS"
},
"User"
]
},
"cfn_ddb_table": {
"Ref": "DynamoDBTable"
},
"cfn_sqs_queue": {
"Fn::GetAtt": [
"SQS",
"QueueName"
]
}
},
"run_list": {
"Fn::If": [
"UseCustomRunList",
{
"Ref": "CustomChefRunList"
},
{
"Fn::Join": [
"",
[
"recipe[cfncluster::",
{
"Ref": "Scheduler"
},
"_config]"
]
]
}
]
}
}
},
...snip...
},
"commands": {
...snip...
}
},
...snip...
},
},
"CreationPolicy": {
"ResourceSignal": {
"Count": "1",
"Timeout": "PT30M"
}
}
},
"ComputeFleet": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"MaxSize": {
"Ref": "MaxQueueSize"
},
"AvailabilityZones": [
{
"Ref": "AvailabilityZone"
}
],
"VPCZoneIdentifier": [
{
"Fn::If": [
"UseMasterSubnetForCompute",
{
"Ref": "MasterSubnetId"
},
{
"Fn::If": [
"CreateComputeSubnetForCompute",
{
"Ref": "ComputeSubnet"
},
{
"Ref": "ComputeSubnetId"
}
]
}
]
}
],
...snip...
},
"DependsOn": "MasterServer",
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT30M",
"Count": {
"Ref": "ComputeWaitConditionCount"
}
}
},
},
"ComputeServerLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"SecurityGroups": [
{
"Fn::If": [
"CreateSecurityGroups",
{
"Ref": "ComputeSecurityGroup"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"AddAdditionalSG",
{
"Ref": "AdditionalSG"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"UseExistingSecurityGroup",
{
"Ref": "VPCSecurityGroupId"
},
{
"Ref": "AWS::NoValue"
}
]
}
],
...snip...
},
"Metadata": {
"Comment": "cfncluster Compute server",
"AWS::CloudFormation::Init": {
"configSets": {
"default": [
"deployConfigFiles",
"getCookbooks",
"chefPrepEnv",
"shellRunPreInstall",
"chefConfig",
"shellRunPostInstall",
"shellForkClusterReadyInstall",
"signalComputeReady"
]
},
"deployConfigFiles": {
"files": {
"/tmp/dna.json": {
"mode": "000644",
"owner": "root",
"group": "root",
"content": {
"cfncluster": {
"stack_name": {
"Ref": "AWS::StackName"
},
"cfn_preinstall": {
"Ref": "PreInstallScript"
},
"cfn_preinstall_args": {
"Ref": "PreInstallArgs"
},
"cfn_postinstall": {
"Ref": "PostInstallScript"
},
"cfn_postinstall_args": {
"Ref": "PostInstallArgs"
},
"cfn_region": {
"Ref": "AWS::Region"
},
"cfn_scheduler": {
"Ref": "Scheduler"
},
"cfn_encrypted_ephemeral": {
"Ref": "EncryptedEphemeral"
},
"cfn_ephemeral_dir": {
"Ref": "EphemeralDir"
},
"cfn_shared_dir": {
"Ref": "SharedDir"
},
"cfn_proxy": {
"Ref": "ProxyServer"
},
"cfn_sqs_queue": {
"Ref": "SQS"
},
"cfn_master": {
"Fn::GetAtt": [
"MasterServer",
"PrivateDnsName"
]
},
"cfn_node_type": "ComputeFleet",
"cfn_cluster_user": {
"Fn::FindInMap": [
"OSFeatures",
{
"Ref": "BaseOS"
},
"User"
]
}
},
"run_list": {
"Fn::If": [
"UseCustomRunList",
{
"Ref": "CustomChefRunList"
},
{
"Fn::Join": [
"",
[
"recipe[cfncluster::",
{
"Ref": "Scheduler"
},
"_config]"
]
]
}
]
}
}
},
...snip...
},
"commands": {
...snip...
}
},
...snip...
}
},
...snip...
"ComputeSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPCId"
},
"CidrBlock": {
"Ref": "ComputeSubnetCidr"
},
"Tags": [
{
"Key": "Network",
"Value": "ComputeSubnet"
}
],
"AvailabilityZone": {
"Ref": "AvailabilityZone"
}
},
"Condition": "CreateComputeSubnetForCompute",
},
"ComputeRouteTable": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "VPCId"
},
"Tags": [
{
"Key": "Application",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "Network",
"Value": "ComputeSubnet"
}
]
},
"Condition": "CreateComputeSubnetForCompute",
},
"ComputeRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "ComputeRouteTable"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NetworkInterfaceId": {
"Ref": "MasterENI"
}
},
"Condition": "CreateComputeSubnetForCompute",
},
"ComputeSubnetRouteTableAssociation": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "ComputeSubnet"
},
"RouteTableId": {
"Ref": "ComputeRouteTable"
}
},
"Condition": "CreateComputeSubnetForCompute",
},
"MasterSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable access to the Master host",
"VpcId": {
"Ref": "VPCId"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "AccessFrom"
}
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "AccessFrom"
}
}
]
},
"Condition": "CreateSecurityGroups",
},
"MasterSecurityGroupIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"IpProtocol": "-1",
"FromPort": "0",
"ToPort": "65535",
"SourceSecurityGroupId": {
"Ref": "ComputeSecurityGroup"
},
"GroupId": {
"Ref": "MasterSecurityGroup"
}
},
"Condition": "CreateSecurityGroups",
},
"ComputeSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Allow access to resources in subnets behind front",
"VpcId": {
"Ref": "VPCId"
},
"SecurityGroupIngress": [
{
"SourceSecurityGroupId": {
"Ref": "MasterSecurityGroup"
},
"IpProtocol": "-1",
"FromPort": "0",
"ToPort": "65535"
}
]
},
"Condition": "CreateSecurityGroups",
},
"ComputeSecurityGroupIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"IpProtocol": "-1",
"FromPort": "0",
"ToPort": "65535",
"SourceSecurityGroupId": {
"Ref": "ComputeSecurityGroup"
},
"GroupId": {
"Ref": "ComputeSecurityGroup"
}
},
"Condition": "CreateSecurityGroups"
},
"MasterENI": {
"Type": "AWS::EC2::NetworkInterface",
"Properties": {
"Description": "cfncluster Master Server",
"SubnetId": {
"Ref" : "MasterSubnetId"
},
"SourceDestCheck": "false",
"GroupSet": [
{
"Fn::If": [
"CreateSecurityGroups",
{
"Ref": "MasterSecurityGroup"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"AddAdditionalSG",
{
"Ref": "AdditionalSG"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"UseExistingSecurityGroup",
{
"Ref": "VPCSecurityGroupId"
},
{
"Ref": "AWS::NoValue"
}
]
}
]
},
},
"SharedVolume": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": {
"Ref": "AvailabilityZone"
},
"VolumeType": {
"Ref": "VolumeType"
},
"Size": {
"Fn::If": [
"UseEBSSnapshot",
{
"Ref": "AWS::NoValue"
},
{
"Ref": "VolumeSize"
}
]
},
...snip...
},
...snip...
},
...snip...