I have a web application on AWS and I am trying to configure my autoscaling based on the requests.
My AppLoadBalancer resource is as below:
"AppLoadBalancer": {
"Properties": {
"LoadBalancerAttributes": [
{
"Key": "idle_timeout.timeout_seconds",
"Value": "60"
}
],
"Name": "sample-app-v1",
"Scheme": "internet-facing",
"SecurityGroups": [
"sg-1abcd234"
],
"Subnets": {
"Fn::FindInMap": [
"LoadBalancerSubnets",
{
"Ref": "AWS::Region"
},
"Subnets"
]
},
"Tags": [
{
"Key": "Name",
"Value": "sample-app-v1"
},
{
"Key": "StackName",
"Value": "sample-app"
},
{
"Key": "StackVersion",
"Value": "v1"
}
]
},
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer"
}
I am trying to configure a CloudWatch Alarm like this:
"RequestCountTooHighAlarm": {
"Properties": {
"AlarmActions": [
{
"Ref": "ScaleUp"
}
],
"AlarmDescription": "Scale-up if request count >= 8000 for last 5 minute",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"Dimensions": [
{
"Name": "LoadBalancer",
"Value": [
{
"Fn::GetAtt": [
"AppLoadBalancer",
"LoadBalancerFullName"
]
}
]
}
],
"EvaluationPeriods": 1,
"MetricName": "RequestCount",
"Namespace": "AWS/ApplicationELB",
"OKActions": [
{
"Ref": "ScaleDown"
}
],
"Period": 300,
"Statistic": "SampleCount",
"Threshold": 8000
},
"Type": "AWS::CloudWatch::Alarm"
}
However, my stack continues to fail and I don't know what is wrong here. Here is the error which I am getting.
ERROR: RequestCountTooHighAlarm CREATE_FAILED: Value of property Value must be of type String
ERROR: sample-app-v1 CREATE_FAILED: The following resource(s) failed to create: [RequestCountTooHighAlarm].
Can somebody suggest?
The property mentioned requires a string. You have it defined as a list:
"Value": [
{
"Fn::GetAtt": [
"AppLoadBalancer",
"LoadBalancerFullName"
]
} ]
The [] brackets defines a list in JSON. Remove the outside brackets in the Value value, and use only the Fn::GetAt portion. That call will return a string.
Related
I'm creating a CloudFormation template to deploy an autoscaling group that should only use spot instances. The Cloudformation throws an error with this template. What's wrong here?
Error:
CREATE_FAILED Encountered unsupported property InstancesDistribution
{
"Resources": {
"testasg": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"LaunchTemplate": {
"LaunchTemplateId": "lt-0c8090cd4510eb25e",
"Version": "1"
},
"MaxSize": "10",
"MinSize": "2",
"DesiredCapacity": "2",
"VPCZoneIdentifier": [
"subnet1",
"subnet2"
],
"MaxInstanceLifetime": 86400,
"InstancesDistribution": {
"OnDemandAllocationStrategy": "lowest-price",
"OnDemandBaseCapacity": 0,
"OnDemandPercentageAboveBaseCapacity": 0,
"SpotAllocationStrategy": "lowest-price",
"SpotInstancePools": 2
},
"NewInstancesProtectedFromScaleIn": false,
"TerminationPolicies": [
"OldestInstance"
],
"Tags": [
{
"Key": "Cluster",
"Value": "Production",
"PropagateAtLaunch": "true"
},
]
}
}
}
}
InstancesDistribution should be inside MixedInstancesPolicy block, which you do not have.
I'm designing a cloudformation to deploy ALB and i got an error that says:
At least two subnets in two different Availability Zones must be specified (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: ValidationError;
These network was created by other Cloudformation. And now, i go to VPC / SUbnets and i see both created.
The part of code where im defining the subnets in ELB creation is this:
"Subnets": [
{
"Fn::ImportValue": {
"Fn::Join": [
"-",
[
{
"Ref": "ParentSubnetStackName"
},
"PublicSubnet1ID"
]
]
},
"Fn::ImportValue": {
"Fn::Join": [
"-",
[
{
"Ref": "ParentSubnetStackName"
},
"PrivateSubnet2ID"
]
]
}
}
],
The only thing that i think that could be a problem is than im importing by other stack than i dont executing at the same time of this cloudformation.. I don't know if there could be a problem, because the Subnets are created at this moment for sure and they belong to differents AZ.
EDIT:
#jogold The CF is too long. I attach here a piece of the code
"PublicSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Fn::ImportValue": {
"Fn::Join": [
"-",
[
{
"Ref": "ParentStackName"
},
"VPCID"
]
]
}
},
"CidrBlock": {
"Ref": "PublicSubnet1CIDR"
},
"AvailabilityZone": {
"Ref": "AZ1"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"PublicSubnet1"
]
]
}
}
]
}
And after in the outputs i export it:
"PublicSubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Fn::ImportValue": {
"Fn::Join": [
"-",
[
{
"Ref": "ParentStackName"
},
"VPCID"
]
]
}
},
"CidrBlock": {
"Ref": "PublicSubnet1CIDR"
},
"AvailabilityZone": {
"Ref": "AZ1"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Fn::Join": [
"-",
[
{
"Ref": "AWS::StackName"
},
"PublicSubnet1"
]
]
}
}
]
}
All the subnets are created bye the same way.
I am trying to create 2 listeners for the load balancer.
1st - HTTP for redirecting and 2nd - HTTPS for forwarding.
I am trying to achieve this via cf template. Everytime I execute the stack in console via design template, it is validated successfully. But when I try the same stack with aws cli, I get the following error.
An error occurred (ValidationError) when calling the CreateStack operation: Template format error: Unresolved resource dependencies [ApplicationLoadBalancer] in the Resources block of the template
Following is the code sample for listener and LB.
"ApplicationLoadBalancer": {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Condition": "NeedELB",
"Properties": {
"Subnets": [
{
"Fn::GetAtt": [
"VpcStack",
"Outputs.PublicSubnet1"
]
},
{
"Fn::GetAtt": [
"VpcStack",
"Outputs.PublicSubnet2"
]
}
],
"SecurityGroups": [
{
"Fn::GetAtt": [
"VpcStack",
"Outputs.ELBSecurityGroup"
]
}
],
"Tags": [
{
"Key": "Stack",
"Value": {
"Ref": "AWS::StackName"
}
},
{
"Key": "FargateCluster",
"Value": {
"Ref": "FargateECSCluster"
}
}
]
}
},
"LoadBalancerHTTPListener": {
"Type": "AWS::ElasticLoadBalancingV2::Listener",
"Properties": {
"DefaultActions": [
{
"Type": "redirect",
"RedirectConfig": {
"Host": "#{host}",
"Path": "/#{path}",
"Port": "443",
"Protocol": "HTTPS",
"Query": "#{query}",
"StatusCode": "HTTP_302"
}
}
],
"LoadBalancerArn": {
"Ref": "ApplicationLoadBalancer"
},
"Port": "80",
"Protocol": "HTTP"
},
"DependsOn": [
"ApplicationLoadBalancer"
]
},
"LoadBalancerListener": {
"Type": "AWS::ElasticLoadBalancingV2::Listener",
"Condition": "NeedELB",
"Properties": {
"DefaultActions": [
{
"Type": "forward",
"TargetGroupArn": {
"Ref": "DefaultTargetGroup"
}
}
],
"LoadBalancerArn": {
"Ref": "ApplicationLoadBalancer"
},
"Port": "443",
"Protocol": "HTTPS",
"Certificates": [
{
"CertificateArn": {
"Fn::If": [
"NeedTLSEndPoint",
{
"Ref": "SSLCertificateArn"
},
{
"Ref": "AWS::NoValue"
}
]
}
}
]
},
"DependsOn": [
"DefaultTargetGroup",
"ApplicationLoadBalancer"
]
}
Please help me out with the validation error. Thanks in advance.
Is there a change in condition NeedELB when you create from CLI? I see that resource LoadBalancerHTTPListener depends on ApplicationLoadBalancer which is created conditionally. If NeedELB is false, stack might still try to create LoadBalancerHTTPListener. Either way you should add that condition for LoadBalancerHTTPListener.
PS: Try updating your CLI. Older CLI version can cause this. Case in point resource-type-error-while-trying-to-use-cloudformation
I want to replicate the infrastructure from one region(us-east-1) to another(us-east-2). so,I have generated a cloudfromation template of an existing infrastructure with the help of cloudformer tool.
"asgamazonecsclisetupapijoulebugprodEcsInstanceAsg1EIBNOXSXJ7HD": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": [
"us-east-2b",
"us-east-2c"
],
"Cooldown": "300",
"DesiredCapacity": "3",
"HealthCheckGracePeriod": "300",
"HealthCheckType": "ELB",
"MaxSize": "16",
"MinSize": "3",
"VPCZoneIdentifier": [
{
"Ref": "subnet81c8ebab"
},
{
"Ref": "subnet5df40214"
}
],
"LaunchConfigurationName": {
"Ref": "lcamazonecsclisetupapijoulebugprodAMI2017d"
},
"LoadBalancerNames": [
{
"Ref": "elbJBAPILiveCleanbit2016"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Live - Cleanbit2016 - joulebug-api",
"PropagateAtLaunch": true
}
],
"TerminationPolicies": [
"Default"
]
}
},
"lcamazonecsclisetupapijoulebugprodAMI2017d": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": true,
"ImageId": "ami-0e6d83442546978bc",
"InstanceType": "c3.large",
"KeyName": "cleanbit2016_vpc",
"IamInstanceProfile": "amazon-ecs-cli-setup-api-joulebug-prod-EcsInstanceProfile-1M4GOHBP3FP5L",
"InstanceMonitoring": "true",
"SecurityGroups": [
{
"Ref": "sgCleanbit2016WebServerSG"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"SnapshotId": "snap-0b2477be9c863d014",
"VolumeSize": 8
}
},
{
"DeviceName": "/dev/xvdcz",
"Ebs": {
"VolumeSize": 22
}
}
]
}
},
"elbJBAPILiveCleanbit2016": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Policies": [
{
"PolicyName": "AWSConsole-SSLNegotiationPolicy-JB-API-Live-Cleanbit2016-1467998170471",
"PolicyType": "SSLNegotiationPolicyType",
}
],
}
}
"subnet81c8ebab": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.3.0/24",
"AvailabilityZone": "us-east-2b",
"VpcId": {
"Ref": "vpcdcbd08bb"
},
"Tags": [
{
"Key": "Name",
"Value": "Cleanbit2016 - Public 1b"
}
]
}
},
"sgCleanbit2016WebServerSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Web server security group for public subnet in vpc.",
"VpcId": {
"Ref": "vpcdcbd08bb"
},
"Tags": [
{
"Key": "Name",
"Value": "Cleanbit2016_ WebServerSG"
}
]
}
},
While launching the template in other region(us-east-2), it is throwing following error:
The requested configuration is currently not supported. Please check the documentation for supported configurations. Launching EC2 instance failed.
You don't have details of the regions you're using, but if you are trying to do this outside of us-east-1 the Availablility Zones won't work. It also looks like you have a number of other parts of the stack hard-coded, which may not work in another region.
And if you are trying to do this in us-east-1, there is the possibility that one of the AZs is unavailable to you - see this question for more details.
You have not provided enough information to be able to diagnose the situation.
I took your template, removed the portions that were incomplete (eg removed the Load Balancer because it was missing Listeners), simplified a few things and it works fine:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"Tags": [
{
"Key": "Name",
"Value": "Lab VPC"
}
]
}
},
"ASG": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": [
"us-east-2b",
"us-east-2c"
],
"Cooldown": "300",
"DesiredCapacity": "1",
"HealthCheckGracePeriod": "300",
"MaxSize": "16",
"MinSize": "1",
"VPCZoneIdentifier": [
{
"Ref": "Subnet1"
},
{
"Ref": "Subnet2"
}
],
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
}
}
},
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": true,
"ImageId": "ami-0b59bfac6be064b78",
"InstanceType": "t2.micro",
"InstanceMonitoring": "true",
"SecurityGroups": [
{
"Ref": "WebServerSG"
}
]
}
},
"Subnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"AvailabilityZone": "us-east-2b",
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "Public 1"
}
]
}
},
"Subnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": "us-east-2c",
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "Public 2"
}
]
}
},
"WebServerSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Web server security group for public subnet in vpc.",
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "WebServerSG"
}
]
}
}
}
}
Therefore, your problem lies in part of the template you did not provide.
You could start with this version, then progressively add back parts of your template until you discover what is causing the error.
If you wish to create a CloudFormation template that can run in multiple regions, you should not refer to specific Availability Zones (eg us-east-2b).
You can use Fn::GetAZs - AWS CloudFormation to obtain a list of AZs in region.
After a lot of debugging, when I started launching the things manually, I found the same error and I got to know that c3.large is causing the error. When I launch the template with c4.large it successfully launched the template from us-east-1 to us-east-2.
I want to use CloudFormation to trigger Lambda when my CloudWatch function is called. I have the below, but it does not work.
CloudWatch rule created fine
"CloudWatchNewEc2": {
"Type": "AWS::Events::Rule",
"DependsOn": ["LambdaNewEc2"],
"Properties": {
"Description": "Triggered on new EC2 instances",
"EventPattern": {
"source": [
"aws.ec2"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"ec2.amazonaws.com"
],
"eventName": [
"RunInstances"
]
}
},
"Targets": [
{
"Arn": {
"Fn::GetAtt": ["LambdaNewEc2", "Arn"]
},
"Id": "NewEc2AutoTag"
}
]
}
},
Lambda created but is not triggered
"LambdaNewEc2": {
"Type": "AWS::Lambda::Function",
"DependsOn": ["S3Lambda", "IAMRoleLambda"],
"Properties": {
"Code": {
"S3Bucket": {"Ref": "LambdaBucketName"},
"S3Key": "skynet-lambda.zip"
},
"Description": "When new EC2 instances are created, auto tag them",
"FunctionName": "newEc2AutoTag",
"Handler": "index.newEc2_autoTag",
"Role": {"Fn::GetAtt": ["IAMRoleLambda", "Arn"]},
"Runtime": "nodejs6.10",
"Timeout": "30"
}
}
},
It seems like CloudWatch Target is not sufficient?
UPDATE (Full CloudFormation template)
{
"Parameters": {
"Environment": {
"Type": "String",
"Default": "Staging",
"AllowedValues": [
"Testing",
"Staging",
"Production"
],
"Description": "Environment name"
},
"BucketName": {
"Type": "String",
"Default": "skynet-staging",
"Description": "Bucket Name"
},
"LambdaBucketName": {
"Type": "String",
"Default": "skynet-lambda",
"Description": "Lambda Bucket Name"
},
"Owner": {
"Type": "String",
"Description": "Owner"
}
},
"Resources": {
"S3Web": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": {
"Ref": "BucketName"
},
"WebsiteConfiguration": {
"IndexDocument": "index.html",
"RoutingRules": [
{
"RedirectRule": {
"ReplaceKeyPrefixWith": "#"
},
"RoutingRuleCondition": {
"HttpErrorCodeReturnedEquals": "404"
}
}
]
},
"AccessControl": "PublicRead",
"Tags": [
{
"Key": "Cost Center",
"Value": "Skynet"
},
{
"Key": "Environment",
"Value": {
"Ref": "Environment"
}
},
{
"Key": "Owner",
"Value": {
"Ref": "Owner"
}
}
]
}
},
"S3Lambda": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": {
"Ref": "LambdaBucketName"
},
"VersioningConfiguration": {
"Status": "Enabled"
},
"Tags": [
{
"Key": "Cost Center",
"Value": "Skynet"
},
{
"Key": "Owner",
"Value": {
"Ref": "Owner"
}
}
]
}
},
"CloudWatchNewEc2": {
"Type": "AWS::Events::Rule",
"DependsOn": ["LambdaNewEc2"],
"Properties": {
"Description": "Triggered on new EC2 instances",
"EventPattern": {
"source": [
"aws.ec2"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"ec2.amazonaws.com"
],
"eventName": [
"RunInstances"
]
}
},
"Targets": [
{
"Arn": {
"Fn::GetAtt": ["LambdaNewEc2", "Arn"]
},
"Id": "NewEc2AutoTag"
}
]
}
},
"IAMRoleLambda": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": "skynet-lambda-role",
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [ "lambda.amazonaws.com" ]
},
"Action": [ "sts:AssumeRole" ]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2FullAccess",
"arn:aws:iam::aws:policy/AWSLambdaFullAccess",
"arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess",
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
]
}
},
"LambdaNewEc2": {
"Type": "AWS::Lambda::Function",
"DependsOn": ["S3Lambda", "IAMRoleLambda"],
"Properties": {
"Code": {
"S3Bucket": {"Ref": "LambdaBucketName"},
"S3Key": "skynet-lambda.zip"
},
"Description": "When new EC2 instances are created, auto tag them",
"FunctionName": "newEc2AutoTag",
"Handler": "index.newEc2_autoTag",
"Role": {"Fn::GetAtt": ["IAMRoleLambda", "Arn"]},
"Runtime": "nodejs6.10",
"Timeout": "30"
}
}
},
"Outputs": {
"WebUrl": {
"Value": {
"Fn::GetAtt": [
"S3Web",
"WebsiteURL"
]
},
"Description": "S3 bucket for web files"
}
}
}
I managed to deploy your template into a CloudFormation stack (by removing the LambdaBucket and pointing to my own zip file). It seems to create all resource correctly.
It took about 10 minutes for the RunInstances event to appear in CloudTrail. It then successfully triggered the Rule, but the CloudWatch metrics for my rule showed a failed invocation because I faked a Lambda function for your template.
Once I edited the rule to point to a better function and re-tested, it worked fine.
Bottom line: Seems to work!