We Keep Coding

AWS CDK: A load balancer cannot be attached to multiple subnets in the same Availability Zone

I'm using AWS CDK and it is failing at App-Load-Balancer level and surprisingly it works for Web-Load-balancer. Looking at generated CloudFormation, it is clear that all "Private Subnets" are getting created in separated AZ and associated Auto-Scaling Group too is creating the instance across multiple-AZs. However, when the CDK is executed, it is failing with the error message - A load balancer cannot be attached to multiple subnets in the same Availability Zone (Service: AmazonElasticLoadBalancing; Status Co
de: 400; Error Code: InvalidConfigurationRequest; Request ID: 62c554cb-34ab-43ef-bac0-be2f0d6fc742; Proxy: null)
APP Server characteristics
AUTOSCALING CF Snippet:
"InstaLendaappASGapp1appsvrASG950CF7C4": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"MaxSize": "3",
"MinSize": "1",
"DesiredCapacity": "2",
"LaunchConfigurationName": {
"Ref": "InstaLendaappASGapp1appsvrLaunchConfig18DAF6BB"
},
"Tags": [
{
"Key": "Name",
"PropagateAtLaunch": true,
"Value": "webapp-dc-3-tier-ha/InstaLend-a-appASG-app-1-appsvr-"
}
],
"TargetGroupARNs": [
{
"Ref": "InstaLendaapplbInstaLendalstnrPrivate80InstaLendatgtprivateGroup8D2C8D01"
}
],
"VPCZoneIdentifier": [
{
"Ref": "InstaLendavpcInstaLendaprivateSNSubnet1Subnet35AF6769"
},
{
"Ref": "InstaLendavpcInstaLendaprivateSNSubnet2SubnetD8513C5D"
},
{
"Ref": "InstaLendavpcInstaLendaprivateSNSubnet3SubnetB7B2D12C"
}
]
}
LOADBALANCER CF Snippet:
"InstaLendaapplbCC4F6682": {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Properties": {
"LoadBalancerAttributes": [
{
"Key": "deletion_protection.enabled",
"Value": "false"
}
],
"Name": "InstaLend-a-app-lb",
"Scheme": "internal",
"SecurityGroups": [
{
"Fn::GetAtt": [
"InstaLendasginternal8649CE7C",
"GroupId"
]
}
],
"Subnets": [
{
"Ref": "InstaLendavpcInstaLendaprivateSNSubnet1Subnet35AF6769"
},
{
"Ref": "InstaLendavpcInstaLendaprivateSNSubnet2SubnetD8513C5D"
},
{
"Ref": "InstaLendavpcInstaLendaprivateSNSubnet3SubnetB7B2D12C"
},
{
"Ref": "InstaLendavpcInstaLendaprivateSNDBSubnet1Subnet2DD722D8"
},
{
"Ref": "InstaLendavpcInstaLendaprivateSNDBSubnet2Subnet59278CD3"
},
{
"Ref": "InstaLendavpcInstaLendaprivateSNDBSubnet3SubnetCC805230"
}
],
"Type": "application"
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "webapp-dc-3-tier-ha/InstaLend-a-app-lb/Resource"
}
}
While LB is selecting 6 subnets, ASG associated is selecting only 3 subnets. The details of 3 ASG Subnets (i.e. Private Subnets) had been pasted below:
1st SUBNET
"InstaLendavpcInstaLendaprivateSNSubnet1Subnet35AF6769": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.2.3.0/24",
"VpcId": {
"Ref": "InstaLendavpcE5C8A638"
},
"AvailabilityZone": "us-east-2a",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "InstaLend-a-privateSN"
....
2nd SUBNET
"InstaLendavpcInstaLendaprivateSNSubnet2SubnetD8513C5D": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.2.4.0/24",
"VpcId": {
"Ref": "InstaLendavpcE5C8A638"
},
"AvailabilityZone": "us-east-2b",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "InstaLend-a-privateSN"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
},
....
3rd SUBNET
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.2.5.0/24",
"VpcId": {
"Ref": "InstaLendavpcE5C8A638"
},
"AvailabilityZone": "us-east-2c",
"MapPublicIpOnLaunch": false,
"Tags": [
{
"Key": "aws-cdk:subnet-name",
"Value": "InstaLend-a-privateSN"
},
{
"Key": "aws-cdk:subnet-type",
"Value": "Private"
},

AWS Cloudfromation and autoscaling : The requested configuration is currently not supported. Launching EC2 instance failed

I want to replicate the infrastructure from one region(us-east-1) to another(us-east-2). so,I have generated a cloudfromation template of an existing infrastructure with the help of cloudformer tool.
"asgamazonecsclisetupapijoulebugprodEcsInstanceAsg1EIBNOXSXJ7HD": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": [
"us-east-2b",
"us-east-2c"
],
"Cooldown": "300",
"DesiredCapacity": "3",
"HealthCheckGracePeriod": "300",
"HealthCheckType": "ELB",
"MaxSize": "16",
"MinSize": "3",
"VPCZoneIdentifier": [
{
"Ref": "subnet81c8ebab"
},
{
"Ref": "subnet5df40214"
}
],
"LaunchConfigurationName": {
"Ref": "lcamazonecsclisetupapijoulebugprodAMI2017d"
},
"LoadBalancerNames": [
{
"Ref": "elbJBAPILiveCleanbit2016"
}
],
"Tags": [
{
"Key": "Name",
"Value": "Live - Cleanbit2016 - joulebug-api",
"PropagateAtLaunch": true
}
],
"TerminationPolicies": [
"Default"
]
}
},
"lcamazonecsclisetupapijoulebugprodAMI2017d": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": true,
"ImageId": "ami-0e6d83442546978bc",
"InstanceType": "c3.large",
"KeyName": "cleanbit2016_vpc",
"IamInstanceProfile": "amazon-ecs-cli-setup-api-joulebug-prod-EcsInstanceProfile-1M4GOHBP3FP5L",
"InstanceMonitoring": "true",
"SecurityGroups": [
{
"Ref": "sgCleanbit2016WebServerSG"
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"SnapshotId": "snap-0b2477be9c863d014",
"VolumeSize": 8
}
},
{
"DeviceName": "/dev/xvdcz",
"Ebs": {
"VolumeSize": 22
}
}
]
}
},
"elbJBAPILiveCleanbit2016": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"Policies": [
{
"PolicyName": "AWSConsole-SSLNegotiationPolicy-JB-API-Live-Cleanbit2016-1467998170471",
"PolicyType": "SSLNegotiationPolicyType",
}
],
}
}
"subnet81c8ebab": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.3.0/24",
"AvailabilityZone": "us-east-2b",
"VpcId": {
"Ref": "vpcdcbd08bb"
},
"Tags": [
{
"Key": "Name",
"Value": "Cleanbit2016 - Public 1b"
}
]
}
},
"sgCleanbit2016WebServerSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Web server security group for public subnet in vpc.",
"VpcId": {
"Ref": "vpcdcbd08bb"
},
"Tags": [
{
"Key": "Name",
"Value": "Cleanbit2016_ WebServerSG"
}
]
}
},
While launching the template in other region(us-east-2), it is throwing following error:
The requested configuration is currently not supported. Please check the documentation for supported configurations. Launching EC2 instance failed.

You don't have details of the regions you're using, but if you are trying to do this outside of us-east-1 the Availablility Zones won't work. It also looks like you have a number of other parts of the stack hard-coded, which may not work in another region.
And if you are trying to do this in us-east-1, there is the possibility that one of the AZs is unavailable to you - see this question for more details.

You have not provided enough information to be able to diagnose the situation.
I took your template, removed the portions that were incomplete (eg removed the Load Balancer because it was missing Listeners), simplified a few things and it works fine:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"Tags": [
{
"Key": "Name",
"Value": "Lab VPC"
}
]
}
},
"ASG": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": [
"us-east-2b",
"us-east-2c"
],
"Cooldown": "300",
"DesiredCapacity": "1",
"HealthCheckGracePeriod": "300",
"MaxSize": "16",
"MinSize": "1",
"VPCZoneIdentifier": [
{
"Ref": "Subnet1"
},
{
"Ref": "Subnet2"
}
],
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
}
}
},
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": true,
"ImageId": "ami-0b59bfac6be064b78",
"InstanceType": "t2.micro",
"InstanceMonitoring": "true",
"SecurityGroups": [
{
"Ref": "WebServerSG"
}
]
}
},
"Subnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.0.0/24",
"AvailabilityZone": "us-east-2b",
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "Public 1"
}
]
}
},
"Subnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": "us-east-2c",
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "Public 2"
}
]
}
},
"WebServerSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Web server security group for public subnet in vpc.",
"VpcId": {
"Ref": "VPC"
},
"Tags": [
{
"Key": "Name",
"Value": "WebServerSG"
}
]
}
}
}
}
Therefore, your problem lies in part of the template you did not provide.
You could start with this version, then progressively add back parts of your template until you discover what is causing the error.

If you wish to create a CloudFormation template that can run in multiple regions, you should not refer to specific Availability Zones (eg us-east-2b).
You can use Fn::GetAZs - AWS CloudFormation to obtain a list of AZs in region.

After a lot of debugging, when I started launching the things manually, I found the same error and I got to know that c3.large is causing the error. When I launch the template with c4.large it successfully launched the template from us-east-1 to us-east-2.

AWS - Merge cloudformation stack with a VPC

I am trying to create a stack in AWS CloudFormation, My template basically consists of Ec2 instance, RDS instance for DB (MySQL engine) and a S3 bucket. but, its throwing error stating (db.t2.micro) this DB instance class cannot be created without a VPC, then I changed the DB instance class to (db.m1.small) again am getting same error. I even created a VPC too, but not sure how do I create my stack within the VPC which I created. I work in my company's AWS account. where already few other VPCs are available.
Thanks in advance :)
Modified the JSON script after getting answers. This script is in working condition and could create stack. TESTED!
Updated Code
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"DBSubnetGroup": {
"Type": "AWS::RDS::DBSubnetGroup",
"Properties": {
"DBSubnetGroupDescription": "This subnet belongs to Abdul's VPC",
"DBSubnetGroupName": "somename",
"SubnetIds": [
"subnet-f6b15491",
"subnet-b154569e"
]
}
},
"DB": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
"AllocatedStorage": "5",
"StorageType": "gp2",
"DBInstanceClass": "db.m1.small",
"DBName": "wordpress",
"Engine": "MySQL",
"MasterUsername": "wordpress",
"MasterUserPassword": "Word12345",
"DBSubnetGroupName": {
"Ref": "DBSubnetGroup"
}
}
},
"EC2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-c481fad3",
"InstanceType": "t2.micro",
"SubnetId": "subnet-b154569e"
}
},
"S3": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": "wp-abdultestbuck"
}
}
}
}

You need to create an AWS::RDS::DBSubnetGroup and then reference in the AWS::RDS::DBInstance
{
"Resources": {
"DBSubnetGroup": {
"Type": "AWS::RDS::DBSubnetGroup",
"Properties": {
"DBSubnetGroupDescription": "",
"SubnetIds": [ "<Subnet ID 1","<Subnet ID 2>" ],
}
},
"DB": {
"Type": "AWS::RDS::DBInstance",
"Properties": {
....
"DBSubnetGroupName": { "Ref": "DBSubnetGroup" }
}
},
"EC2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-c481fad3",
"InstanceType": "t2.micro",
"SubnetId": "<SubnetID>"
}
}
}
}

Cloudformation - ElastiCache::SubnetGroup not honouring resource name

I have a weird issue with CloudFormation that seems either to be a bug, or more likely - i've missed something pretty basic.
I have the following template (a snippet) defining two subnets and a subnet group as follow:
...
"redissubnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.8.0/24",
"AvailabilityZone": "us-east-1c",
"VpcId": {
"Ref": "myVPC"
},
"Tags": [
{
"Key": "Name",
"Value": "redissubnet1"
}
]
}
},
"redissubnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.9.0/24",
"AvailabilityZone": "us-east-1c",
"VpcId": {
"Ref": "myVPC"
},
"Tags": [
{
"Key": "Name",
"Value": "redissubnet2"
}
]
}
},
"SubnetGroupName": {
"Type": "AWS::ElastiCache::SubnetGroup",
"Properties": {
"Description": "Subnet group for main application redis elastic cache",
"SubnetIds": [
{
"Ref": "redissubnet1"
},
{
"Ref": "redissubnet2"
}
]
}
}
...
All resources are created, yet the SubnetGroup name - "SubnetGroupName" - is not honoured. AWS auto-assigns a name in the format [a-z]-[a-z]-[a-z0-9]
Has anyone encountered this?
What I'm actually trying to do is reference this subnet group by name in the creation of an ElastiCache::Cluster - however because the resource name is not honoured I can't do so.
Anyone have any ideas? All help gratefully received :)

Answer was to reference the subnet group name in the elastic cache resource, as follows:
{
"subnet1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.8.0/24",
"AvailabilityZone": "us-east-1c",
"VpcId": {
"Ref": "myVPC"
},
"Tags": [{
"Key": "Name",
"Value": "subnet1"
}]
}
},
"subnet2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"CidrBlock": "10.0.9.0/24",
"AvailabilityZone": "us-east-1c",
"VpcId": {
"Ref": "myVPC"
},
"Tags": [{
"Key": "Name",
"Value": "subnet2"
}]
}
},
"redis1": {
"Type": "AWS::ElastiCache::SubnetGroup",
"Properties": {
"Description": "Subnet group for main application redis elastic cache",
"SubnetIds": [{
"Ref": "subnet1"
}, {
"Ref": "subnet2"
}]
}
},
"mainredis": {
"Type": "AWS::ElastiCache::CacheCluster",
"Properties": {
"AutoMinorVersionUpgrade": "true",
"CacheNodeType": "cache.t2.small",
"CacheSubnetGroupName": {
"Ref": "redis1"
},
"ClusterName": "mainredis",
"Engine": "redis",
"NumCacheNodes": "1",
"Port": "6379",
"Tags": [{
"Key": "Name",
"Value": "mainredis"
}, {
"Key": "Function",
"Value": "Main redis store"
}],
"VpcSecurityGroupIds": [
"redissecuritygroup"
]
}
}
}

Cloudformation: Reference Created Subnets in ElastiCache SubnetGroup

I'm having a challenge creating an ElastiCache SubnetGroup which dynamically references the correct subnets. I'd like to use the same template in both the east and west region so I'm specifying the subnets for the subnet group in mappings. However, when I attempt to run update my stack, I get the following error:
Value of property SubnetIds must be of type List of String
Here's a gist showing roughly what i am trying to do: https://gist.github.com/brockhaywood/b71ed34c6a554a0a0fec
This unanswered question on the AWS forums appears to be a very similar problem: https://forums.aws.amazon.com/message.jspa?messageID=532454

I think SubnetIds should be an array, where you have a single object.
"ElastiCacheSubnetGroup": {
"Type": "AWS::ElastiCache::SubnetGroup",
"Properties": {
"SubnetIds": [
{
"Fn::FindInMap":["RegionMap", { "Ref":"AWS::Region" }, AppSubnets" ]
}
]
}
}

The specific issue is that you can't use Ref within a Mappings value, as noted in the Mappings documentation:
You cannot include parameters, pseudo parameters, or intrinsic functions in the Mappings section.
As an alternative, you can use Conditions to accomplish what your template is attempting. Here's a complete working example:
{
"Description": "Create an ElastiCache SubnetGroup with different subnet depending on the current AWS region."
"Conditions": {
"us-east-1": {"Fn::Equals": [{"Ref":"AWS::Region"}, "us-east-1"]},
"us-west-2": {"Fn::Equals": [{"Ref":"AWS::Region"}, "us-west-2"]}
},
"Resources": {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16"
}
},
"AppSubnetA": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {"Ref": "VPC"},
"CidrBlock": "10.0.0.0/24",
"AvailabilityZone": {"Fn::Select": [1, {"Fn::GetAZs": ""}]}
}
},
"AppSubnetB": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {"Ref": "VPC"},
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": {"Fn::Select": [1, {"Fn::GetAZs": ""}]}
}
},
"ElastiCacheSubnetGroup": {
"Type": "AWS::ElastiCache::SubnetGroup",
"Properties": {
"Description": "SubnetGroup",
"SubnetIds": {"Fn::If": ["us-east-1", [
{"Ref": "AppSubnetA"}
],
{"Fn::If": ["us-west-2",
[
{"Ref": "AppSubnetB"}
],
{"Ref":"AWS::NoValue"}
]}
]}
}
}
}
}