My Auto-scaling Cloud-formation template is not working - json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"VpcId": {
"Type": "AWS::EC2::VPC::Id",
"Description": "VpcId of your existing Virtual Private Cloud (VPC)",
"ConstraintDescription": "must be the VPC Id of an existing Virtual Private Cloud."
},
"Subnets": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Description": "The list of SubnetIds in your Virtual Private Cloud (VPC)"
},
"InstanceType": {
"Description": "WebServer EC2 instance type",
"Type": "String",
"Default": "t2.small",
"AllowedValues": [
"t1.micro",
"t2.nano",
"t2.micro",
"t2.small",
"t2.medium",
"t2.large",
"m1.small",
"m1.medium",
"cg1.4xlarge"
],
"ConstraintDescription": "must be a valid EC2 instance type."
},
"WebServerCapacity": {
"Default": "2",
"Description": "The initial number of WebServer instances",
"Type": "Number",
"MinValue": "1",
"MaxValue": "10",
"ConstraintDescription": "must be between 1 and 10 EC2 instances."
},
"KeyName": {
"Description": "The EC2 Key Pair to allow SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
},
"SSHLocation": {
"Description": "The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Resources": {
"WebServerScaleUpPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "WebServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": 1
}
},
"WebServerScaleDownPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "WebServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": -1
}
},
"CPUAlarmHigh": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "Scale-up if CPU > 70% for 5 minutes",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Statistic": "Average",
"Period": 300,
"EvaluationPeriods": 2,
"Threshold": 70,
"AlarmActions": [{
"Ref": "WebServerScaleUpPolicy"
}],
"Dimensions": [{
"Name": "AutoScalingGroupName",
"Value": {
"Ref": "WebServerGroup"
}
}],
"ComparisonOperator": "GreaterThanThreshold"
}
},
"CPUAlarmLow": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "Scale-down if CPU < 40% for 5 minutes",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Statistic": "Average",
"Period": 300,
"EvaluationPeriods": 2,
"Threshold": 40,
"AlarmActions": [{
"Ref": "WebServerScaleDownPolicy"
}],
"Dimensions": [{
"Name": "AutoScalingGroupName",
"Value": {
"Ref": "WebServerGroup"
}
}],
"ComparisonOperator": "LessThanThreshold"
}
},
"ApplicationLoadBalancer": {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Properties": {
"Name": "elb-test",
"Scheme": "internet-facing",
"IpAddressType": "ipv4",
"Type": "application",
"Subnets": {
"Ref": "Subnets"
}
}
},
"ALBListener": {
"Type": "AWS::ElasticLoadBalancingV2::Listener",
"Properties": {
"DefaultActions": [{
"Type": "forward",
"TargetGroupArn": {
"Ref": "ALBTargetGroup"
}
}],
"LoadBalancerArn": {
"Ref": "ApplicationLoadBalancer"
},
"Port": 80,
"Protocol": "HTTP"
}
},
"ALBTargetGroup": {
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
"Properties": {
"Name": "ELB-Group",
"HealthCheckIntervalSeconds": 30,
"HealthCheckTimeoutSeconds": 5,
"HealthyThresholdCount": 3,
"Port": 80,
"Protocol": "HTTP",
"TargetType": "instance",
"UnhealthyThresholdCount": 5,
"VpcId": {
"Ref": "VpcId"
}
}
},
"WebServerGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"VPCZoneIdentifier": {
"Ref": "Subnets"
},
"HealthCheckGracePeriod": 300,
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
},
"MinSize": "1",
"MaxSize": "8",
"DesiredCapacity": {
"Ref": "WebServerCapacity"
},
"TargetGroupARNs": [{
"Ref": "ALBTargetGroup"
}]
},
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT5M",
"Count": {
"Ref": "WebServerCapacity"
}
}
},
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MinInstancesInService": 1,
"MaxBatchSize": 1,
"PauseTime": "PT5M",
"WaitOnResourceSignals": true
}
}
},
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"KeyName": {
"Ref": "KeyName"
},
"ImageId": "ami-00932e4c143f3fdf0",
"SecurityGroups": [{
"Ref": "InstanceSecurityGroup"
}],
"InstanceType": {
"Ref": "InstanceType"
},
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -xe\n",
"apt-get update -y\n",
"apt-get install -y python-setuptools\n",
"mkdir -p /opt/aws/bin\n",
"python /usr/lib/python2.7/dist-packages/easy_install.py --script-dir /opt/aws/bin https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource EC2Instance ",
" --configsets full_install ",
" --region ", { "Ref" : "AWS::Region" }, "\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource EC2Instance ",
" --region ", { "Ref" : "AWS::Region" }, "\n"
]]}}}
},
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable SSH access and HTTP from the load balancer only",
"SecurityGroupIngress": [{
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIp": {
"Ref": "SSHLocation"
}
},
{
"IpProtocol": "tcp",
"FromPort": 80,
"ToPort": 80,
"SourceSecurityGroupId": {
"Fn::Select": [
0,
{
"Fn::GetAtt": [
"ApplicationLoadBalancer",
"SecurityGroups"
]
}
]
}
}
],
"VpcId": {
"Ref": "VpcId"
}
}
}
},
"Outputs": {
"URL": {
"Description": "The URL of the website",
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Fn::GetAtt": [
"ApplicationLoadBalancer",
"DNSName"
]
}
]
]
}
}
}
}
I am using this template to create auto-scaling with cloud formation and i am using ubuntu-18.04. Every time I am getting same error.
Received 0 SUCCESS signal(s) out of 1. Unable to satisfy 100% MinSuccessfulInstancesPercent requirement
Failed to receive 1 resource signal(s) for the current batch. Each resource signal timeout is counted as a FAILURE.
Please let me know where i am lacking
I have ran your template through cfn-lint and got a lot of problems reported:
W2030 You must specify a valid allowed value for InstanceType (cg1.4xlarge).
Valid values are ['a1.2xlarge', 'a1.4xlarge', 'a1.large', 'a1.medium', 'a1.metal', 'a1.xlarge', 'c1.medium', 'c1.xlarge', 'c3.2xlarge', 'c3.4xlarge', 'c3.8xlarge', 'c3.large', 'c3.xlarge', 'c4.2xlarge', 'c4.4xlarge', 'c4.8xlarge', 'c4.large', 'c4.xlarge', 'c5.12xlarge', 'c5.18xlarge', 'c5.24xlarge', 'c5.2xlarge', 'c5.4xlarge', 'c5.9xlarge', 'c5.large', 'c5.metal', 'c5.xlarge', 'c5d.12xlarge', 'c5d.18xlarge', 'c5d.24xlarge', 'c5d.2xlarge', 'c5d.4xlarge', 'c5d.9xlarge', 'c5d.large', 'c5d.metal', 'c5d.xlarge', 'c5n.18xlarge', 'c5n.2xlarge', 'c5n.4xlarge', 'c5n.9xlarge', 'c5n.large', 'c5n.metal', 'c5n.xlarge', 'cc2.8xlarge', 'cr1.8xlarge', 'd2.2xlarge', 'd2.4xlarge', 'd2.8xlarge', 'd2.xlarge', 'f1.16xlarge', 'f1.2xlarge', 'f1.4xlarge', 'g2.2xlarge', 'g2.8xlarge', 'g3.16xlarge', 'g3.4xlarge', 'g3.8xlarge', 'g3s.xlarge', 'g4dn.12xlarge', 'g4dn.16xlarge', 'g4dn.2xlarge', 'g4dn.4xlarge', 'g4dn.8xlarge', 'g4dn.metal', 'g4dn.xlarge', 'h1.16xlarge', 'h1.2xlarge', 'h1.4xlarge', 'h1.8xlarge', 'hs1.8xlarge', 'i2.2xlarge', 'i2.4xlarge', 'i2.8xlarge', 'i2.xlarge', 'i3.16xlarge', 'i3.2xlarge', 'i3.4xlarge', 'i3.8xlarge', 'i3.large', 'i3.metal', 'i3.xlarge', 'i3en.12xlarge', 'i3en.24xlarge', 'i3en.2xlarge', 'i3en.3xlarge', 'i3en.6xlarge', 'i3en.large', 'i3en.metal', 'i3en.xlarge', 'm1.large', 'm1.medium', 'm1.small', 'm1.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'm2.xlarge', 'm3.2xlarge', 'm3.large', 'm3.medium', 'm3.xlarge', 'm4.10xlarge', 'm4.16xlarge', 'm4.2xlarge', 'm4.4xlarge', 'm4.large', 'm4.xlarge', 'm5.12xlarge', 'm5.16xlarge', 'm5.24xlarge', 'm5.2xlarge', 'm5.4xlarge', 'm5.8xlarge', 'm5.large', 'm5.metal', 'm5.xlarge', 'm5a.12xlarge', 'm5a.16xlarge', 'm5a.24xlarge', 'm5a.2xlarge', 'm5a.4xlarge', 'm5a.8xlarge', 'm5a.large', 'm5a.xlarge', 'm5ad.12xlarge', 'm5ad.24xlarge', 'm5ad.2xlarge', 'm5ad.4xlarge', 'm5ad.large', 'm5ad.xlarge', 'm5d.12xlarge', 'm5d.16xlarge', 'm5d.24xlarge', 'm5d.2xlarge', 'm5d.4xlarge', 'm5d.8xlarge', 'm5d.large', 'm5d.metal', 'm5d.xlarge', 'm5dn.12xlarge', 'm5dn.16xlarge', 'm5dn.24xlarge', 'm5dn.2xlarge', 'm5dn.4xlarge', 'm5dn.8xlarge', 'm5dn.large', 'm5dn.metal', 'm5dn.xlarge', 'm5n.12xlarge', 'm5n.16xlarge', 'm5n.24xlarge', 'm5n.2xlarge', 'm5n.4xlarge', 'm5n.8xlarge', 'm5n.large', 'm5n.metal', 'm5n.xlarge', 'p2.16xlarge', 'p2.8xlarge', 'p2.xlarge', 'p3.16xlarge', 'p3.2xlarge', 'p3.8xlarge', 'p3dn.24xlarge', 'r3.2xlarge', 'r3.4xlarge', 'r3.8xlarge', 'r3.large', 'r3.xlarge', 'r4.16xlarge', 'r4.2xlarge', 'r4.4xlarge', 'r4.8xlarge', 'r4.large', 'r4.xlarge', 'r5.12xlarge', 'r5.16xlarge', 'r5.24xlarge', 'r5.2xlarge', 'r5.4xlarge', 'r5.8xlarge', 'r5.large', 'r5.metal', 'r5.xlarge', 'r5a.12xlarge', 'r5a.16xlarge', 'r5a.24xlarge', 'r5a.2xlarge', 'r5a.4xlarge', 'r5a.8xlarge', 'r5a.large', 'r5a.xlarge', 'r5ad.12xlarge', 'r5ad.24xlarge', 'r5ad.2xlarge', 'r5ad.4xlarge', 'r5ad.large', 'r5ad.xlarge', 'r5d.12xlarge', 'r5d.16xlarge', 'r5d.24xlarge', 'r5d.2xlarge', 'r5d.4xlarge', 'r5d.8xlarge', 'r5d.large', 'r5d.metal', 'r5d.xlarge', 'r5dn.12xlarge', 'r5dn.16xlarge', 'r5dn.24xlarge', 'r5dn.2xlarge', 'r5dn.4xlarge', 'r5dn.8xlarge', 'r5dn.large', 'r5dn.metal', 'r5dn.xlarge', 'r5n.12xlarge', 'r5n.16xlarge', 'r5n.24xlarge', 'r5n.2xlarge', 'r5n.4xlarge', 'r5n.8xlarge', 'r5n.large', 'r5n.metal', 'r5n.xlarge', 't1.micro', 't2.2xlarge', 't2.large', 't2.medium', 't2.micro', 't2.nano', 't2.small', 't2.xlarge', 't3.2xlarge', 't3.large', 't3.medium', 't3.micro', 't3.nano', 't3.small', 't3.xlarge', 't3a.2xlarge', 't3a.large', 't3a.medium', 't3a.micro', 't3a.nano', 't3a.small', 't3a.xlarge', 'u-18tb1.metal', 'u-24tb1.metal', 'x1.16xlarge', 'x1.32xlarge', 'x1e.16xlarge', 'x1e.2xlarge', 'x1e.32xlarge', 'x1e.4xlarge', 'x1e.8xlarge', 'x1e.xlarge', 'z1d.12xlarge', 'z1d.2xlarge', 'z1d.3xlarge', 'z1d.6xlarge', 'z1d.large', 'z1d.metal', 'z1d.xlarge']
so.template:27:17
W7001 Mapping 'AWSInstanceType2Arch' is defined but not used
so.template:55:9
W7001 Mapping 'AWSInstanceType2NATArch' is defined but not used
so.template:87:9
E3012 Property Resources/WebServerScaleUpPolicy/Properties/ScalingAdjustment should be of type Integer
so.template:120:17
E3012 Property Resources/WebServerScaleDownPolicy/Properties/ScalingAdjustment should be of type Integer
so.template:131:17
E3012 Property Resources/CPUAlarmHigh/Properties/Period should be of type Integer
so.template:141:17
E3012 Property Resources/CPUAlarmHigh/Properties/EvaluationPeriods should be of type Integer
so.template:142:17
E3012 Property Resources/CPUAlarmHigh/Properties/Threshold should be of type Double
so.template:143:17
E3012 Property Resources/CPUAlarmLow/Properties/Period should be of type Integer
so.template:163:17
E3012 Property Resources/CPUAlarmLow/Properties/EvaluationPeriods should be of type Integer
so.template:164:17
E3012 Property Resources/CPUAlarmLow/Properties/Threshold should be of type Double
so.template:165:17
E3012 Property Resources/ALBListener/Properties/Port should be of type Integer
so.template:202:17
E3002 Invalid Property Resources/ALBTargetGroup/Properties/HealthCheckType
so.template:217:17
E3016 Value for MinInstancesInService must be of type Integer
so.template:251:11
E3016 Value for MaxBatchSize must be of type Integer
so.template:252:11
E3016 Value for WaitOnResourceSignals must be of type Boolean
so.template:254:11
E3012 Property Resources/InstanceSecurityGroup/Properties/SecurityGroupIngress/0/FromPort should be of type Integer
so.template:280:25
E3012 Property Resources/InstanceSecurityGroup/Properties/SecurityGroupIngress/0/ToPort should be of type Integer
so.template:281:25
E3012 Property Resources/InstanceSecurityGroup/Properties/SecurityGroupIngress/1/FromPort should be of type Integer
so.template:288:25
E3012 Property Resources/InstanceSecurityGroup/Properties/SecurityGroupIngress/1/ToPort should be of type Integer
so.template:289:25
I'd suggest you fix these issues first.
This is coming down to HealthCheckType being in the target group resource, it should instead be attached to your autoscaling group.
The fixed template for this error is below
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"VpcId": {
"Type": "AWS::EC2::VPC::Id",
"Description": "VpcId of your existing Virtual Private Cloud (VPC)",
"ConstraintDescription": "must be the VPC Id of an existing Virtual Private Cloud."
},
"Subnets": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Description": "The list of SubnetIds in your Virtual Private Cloud (VPC)"
},
"InstanceType": {
"Description": "WebServer EC2 instance type",
"Type": "String",
"Default": "t2.small",
"AllowedValues": [
"t1.micro",
"t2.nano",
"t2.micro",
"t2.small",
"t2.medium",
"t2.large",
"m1.small",
"m1.medium",
"cg1.4xlarge"
],
"ConstraintDescription": "must be a valid EC2 instance type."
},
"WebServerCapacity": {
"Default": "2",
"Description": "The initial number of WebServer instances",
"Type": "Number",
"MinValue": "1",
"MaxValue": "10",
"ConstraintDescription": "must be between 1 and 10 EC2 instances."
},
"KeyName": {
"Description": "The EC2 Key Pair to allow SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
},
"SSHLocation": {
"Description": "The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Mappings": {
"AWSInstanceType2Arch": {
"t1.micro": {
"Arch": "HVM64"
},
"t2.nano": {
"Arch": "HVM64"
},
"t2.micro": {
"Arch": "HVM64"
},
"t2.small": {
"Arch": "HVM64"
},
"t2.medium": {
"Arch": "HVM64"
},
"t2.large": {
"Arch": "HVM64"
},
"m1.small": {
"Arch": "HVM64"
},
"m1.medium": {
"Arch": "HVM64"
},
"m1.large": {
"Arch": "HVM64"
},
"d2.xlarge": {
"Arch": "HVM64"
}
},
"AWSInstanceType2NATArch": {
"t1.micro": {
"Arch": "NATHVM64"
},
"t2.nano": {
"Arch": "NATHVM64"
},
"t2.micro": {
"Arch": "NATHVM64"
},
"t2.small": {
"Arch": "NATHVM64"
},
"t2.medium": {
"Arch": "NATHVM64"
},
"t2.large": {
"Arch": "NATHVM64"
},
"m1.small": {
"Arch": "NATHVM64"
}
}
},
"Resources": {
"WebServerScaleUpPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "WebServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": "1"
}
},
"WebServerScaleDownPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "WebServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": "-1"
}
},
"CPUAlarmHigh": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "Scale-up if CPU > 70% for 5 minutes",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Statistic": "Average",
"Period": "300",
"EvaluationPeriods": "2",
"Threshold": "70",
"AlarmActions": [{
"Ref": "WebServerScaleUpPolicy"
}],
"Dimensions": [{
"Name": "AutoScalingGroupName",
"Value": {
"Ref": "WebServerGroup"
}
}],
"ComparisonOperator": "GreaterThanThreshold"
}
},
"CPUAlarmLow": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "Scale-down if CPU < 40% for 5 minutes",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Statistic": "Average",
"Period": "300",
"EvaluationPeriods": "2",
"Threshold": "40",
"AlarmActions": [{
"Ref": "WebServerScaleDownPolicy"
}],
"Dimensions": [{
"Name": "AutoScalingGroupName",
"Value": {
"Ref": "WebServerGroup"
}
}],
"ComparisonOperator": "LessThanThreshold"
}
},
"ApplicationLoadBalancer": {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Properties": {
"Name": "elb-test",
"Scheme": "internet-facing",
"IpAddressType": "ipv4",
"Type": "application",
"Subnets": {
"Ref": "Subnets"
}
}
},
"ALBListener": {
"Type": "AWS::ElasticLoadBalancingV2::Listener",
"Properties": {
"DefaultActions": [{
"Type": "forward",
"TargetGroupArn": {
"Ref": "ALBTargetGroup"
}
}],
"LoadBalancerArn": {
"Ref": "ApplicationLoadBalancer"
},
"Port": "80",
"Protocol": "HTTP"
}
},
"ALBTargetGroup": {
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
"Properties": {
"Name": "ELB-Group",
"HealthCheckIntervalSeconds": 30,
"HealthCheckTimeoutSeconds": 5,
"HealthyThresholdCount": 3,
"Port": 80,
"Protocol": "HTTP",
"TargetType": "instance",
"UnhealthyThresholdCount": 5,
"VpcId": {
"Ref": "VpcId"
}
}
},
"WebServerGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"VPCZoneIdentifier": {
"Ref": "Subnets"
},
"HealthCheckType": "ELB",
"HealthCheckGracePeriod": 300
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
},
"MinSize": "1",
"MaxSize": "8",
"DesiredCapacity": {
"Ref": "WebServerCapacity"
},
"TargetGroupARNs": [{
"Ref": "ALBTargetGroup"
}]
},
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT5M",
"Count": {
"Ref": "WebServerCapacity"
}
}
},
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MinInstancesInService": "1",
"MaxBatchSize": "1",
"PauseTime": "PT5M",
"WaitOnResourceSignals": "true"
}
}
},
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"KeyName": {
"Ref": "KeyName"
},
"ImageId": "ami-00932e4c143f3fdf0",
"SecurityGroups": [{
"Ref": "InstanceSecurityGroup"
}],
"InstanceType": {
"Ref": "InstanceType"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -x\n",
"# Install the files and packages from the metadata\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource MyInstance ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"# Signal the status from cfn-init\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource MyInstance ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
}
},
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable SSH access and HTTP from the load balancer only",
"SecurityGroupIngress": [{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "SSHLocation"
}
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"SourceSecurityGroupId": {
"Fn::Select": [
0,
{
"Fn::GetAtt": [
"ApplicationLoadBalancer",
"SecurityGroups"
]
}
]
}
}
],
"VpcId": {
"Ref": "VpcId"
}
}
}
},
"Outputs": {
"URL": {
"Description": "The URL of the website",
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Fn::GetAtt": [
"ApplicationLoadBalancer",
"DNSName"
]
}
]
]
}
}
}
}
Related
cloudformation failed to create subnets
I was trying to run a code and i had this error but cant identify the problem. i got the error message The CIDR '10.0.1.0/24' conflicts with another subnet (Service: AmazonEC2; Status Code: 400; Error Code: InvalidSubnet.Conflict; Request ID: e0de23a8-d921-475f-aadd-84dac3109664; Proxy: null)
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "This is a network with one Vpc, 4 Subnet; 2 private, 2 public",
"Metadata": {},
"Parameters": {
"MyVpcCidr": {
"Description": "This is the cidr for appVpc",
"Type": "String",
"Default": "10.0.0.0/16"
},
"AZ1": {
"Description": "AZ 1 for my network",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"Priv1Cidr": {
"Description": "This is the cidr for my appPriv1Subnet",
"Type": "String",
"Default": "10.0.1.0/24"
},
"Priv2Cidr": {
"Description": "This is the cidr for my appPriv2Subnet",
"Type": "String",
"Default": "10.0.3.0/24"
},
"AZ2": {
"Description": "AZ 2 for my network",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"Pub1Cidr": {
"Description": "Cidr for my appPubSN1",
"Type": "String",
"Default": "10.0.2.0/24"
},
"Pub2Cidr": {
"Description": "Cidr for appPubSN2",
"Type": "String",
"Default": "10.0.4.0/16"
}
},
"Mappings": {},
"Conditions": {},
"Resources": {
"appVpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": {
"Ref": "MyVpcCidr"
},
"Tags": [
{
"Key": "Name",
"Value": "AppVpc"
}
]
}
},
"appPriv1Subnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "AZ1"
},
"VpcId": {
"Ref": "appVpc"
},
"CidrBlock": {
"Ref": "Priv1Cidr"
},
"Tags": [
{
"Key": "Name",
"Value": "Apppriv1subnet"
}
]
}
},
"appPriv2Subnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "AZ2"
},
"VpcId": {
"Ref": "appVpc"
},
"CidrBlock": {
"Ref": "Priv2Cidr"
},
"Tags": [
{
"Key": "Name",
"Value": "AppPriv2Subnet"
}
]
}
},
"appPubSN1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "AZ1"
},
"VpcId": {
"Ref": "appVpc"
},
"CidrBlock": {
"Ref": "Pub1Cidr"
},
"Tags": [
{
"Key": "Name",
"Value": "AppPubsn1"
}
]
}
},
"appPubSN2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "AZ2"
},
"VpcId": {
"Ref": "appVpc"
},
"CidrBlock": {
"Ref": "Pub2Cidr"
},
"Tags": [
{
"Key": "Name",
"Value": "AppPubsn2"
}
]
}
},
"appIG": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "AppIG"
}
]
}
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "appVpc"
},
"InternetGatewayId": {
"Ref": "appIG"
}
}
},
"appPrivRT": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "appVpc"
},
"Tags": [
{
"Key": "Name",
"Value": "AppPrivRt"
}
]
}
},
"PrivRTA1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "appPriv1Subnet"
},
"RouteTableId": {
"Ref": "appPrivRT"
}
}
},
"PrivRTA2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "appPriv2Subnet"
},
"RouteTableId": {
"Ref": "appPrivRT"
}
}
},
"appEIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
}
},
"appNatgw": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"appEIP",
"AllocationId"
]
},
"SubnetId": {
"Ref": "appPubSN1"
},
"Tags": [
{
"Key": "Name",
"Value": "Appnatgw"
}
]
}
},
"appPrivRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "appPrivRT"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "appNatgw"
}
}
},
"appPubRT": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "appVpc"
},
"Tags": [
{
"Key": "Name",
"Value": "AppPubRT"
}
]
}
},
"PubRTA1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "appPubSN1"
},
"RouteTableId": {
"Ref": "appPubRT"
}
}
},
"PubRTA2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "appPubSN2"
},
"RouteTableId": {
"Ref": "appPubRT"
}
}
},
"appPubRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "appPubRT"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "appIG"
}
}
},
"appSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Allow ssh port 22 and port 80",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
}
],
"VpcId": {
"Ref": "appVpc"
},
"Tags": [
{
"Key": "Name",
"Value": "AppSG"
}
]
}
},
"internalSG": {
"DependsOn": "appSG",
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Allow traffic from appSG",
"SecurityGroupIngress": [
{
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "appSG"
}
}
],
"VpcId": {
"Ref": "appVpc"
},
"Tags": [
{
"Key": "Name",
"Value": "appinternalSG"
}
]
}
}
},
"Outputs": {
"appVpcId": {
"Description": "Id for my vpc ",
"Value": {
"Ref": "appVpc"
},
"Export": {
"Name": "appVpcid"
}
},
"appPrivSN1Id": {
"Description": "Id for my private SN1",
"Value": {
"Ref": "appPriv1Subnet"
},
"Export": {
"Name": "appPrivSNID1"
}
},
"appPrivSN2Id": {
"Description": "Id for my subnet 2 private",
"Value": {
"Ref": "appPriv2Subnet"
},
"Export": {
"Name": "appPrivSNID2"
}
},
"appPubSN1Id": {
"Description": "Id for Public subnet 1",
"Value": {
"Ref": "appPubSN1"
},
"Export": {
"Name": "appPubSNID1"
}
},
"appPubSN2Id": {
"Description": "Id for Public subnet 2",
"Value": {
"Ref": "appPubSN2"
},
"Export": {
"Name": "appPubSNID2"
}
},
"externalSgid": {
"Description": "Id for external security group",
"Value": {
"Ref": "appSG"
},
"Export": {
"Name": "appSGID"
}
},
"internalSGId": {
"Description": "Id for internal security group",
"Value": {
"Ref": "internalSG"
},
"Export": {
"Name": "internalSGID"
}
}
}
}
I suspect 10.0.4.0/16 is a typo that was meant to be 10.0.4.0/24. The reason is that the cidr 10.0.4.0/16, which you have set for Pub2Cidr starts at 10.0.0.0 and ends at 10.0.255.255, which overlaps with 10.0.1.0/24 which starts at 10.0.1.0 and ends at 10.0.1.255.
Cloudformation template to create EMR cluster
I am trying to create EMR-5.30.1 clusters with applications such as Hadoop, livy, Spark, ZooKeeper, and Hive with the help of the CloudFormation template. But the issue is with this template is I am able the cluster with only one application from the above list of applications.
below is the CloudFormation Template
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Best Practice EMR Cluster for Spark or S3 backed Hbase",
"Parameters": {
"EMRClusterName": {
"Description": "Name of the cluster",
"Type": "String",
"Default": "emrcluster"
},
"KeyName": {
"Description": "Must be an existing Keyname",
"Type": "String",
"Default": "keyfilename"
},
"MasterInstanceType": {
"Description": "Instance type to be used for the master instance.",
"Type": "String",
"Default": "m5.xlarge"
},
"CoreInstanceType": {
"Description": "Instance type to be used for core instances.",
"Type": "String",
"Default": "m5.xlarge"
},
"NumberOfCoreInstances": {
"Description": "Must be a valid number",
"Type": "Number",
"Default": 1
},
"SubnetID": {
"Description": "Must be Valid public subnet ID",
"Default": "subnet-ee15b3e0",
"Type": "String"
},
"LogUri": {
"Description": "Must be a valid S3 URL",
"Default": "s3://aws/elasticmapreduce/",
"Type": "String"
},
"S3DataUri": {
"Description": "Must be a valid S3 bucket URL ",
"Default": "s3://aws/elasticmapreduce/",
"Type": "String"
},
"ReleaseLabel": {
"Description": "Must be a valid EMR release version",
"Default": "emr-5.30.1",
"Type": "String"
},
"Applications": {
"Description": "Please select which application will be installed on the cluster this would be either Ganglia and spark, or Ganglia and s3 backed Hbase",
"Type": "String",
"AllowedValues": [
"Spark",
"Hbase",
"Hive",
"Livy",
"ZooKeeper"
]
}
},
"Mappings": {},
"Conditions": {
"Spark": {
"Fn::Equals": [
{
"Ref": "Applications"
},
"Spark"
]
},
"Hbase": {
"Fn::Equals": [
{
"Ref": "Applications"
},
"Hbase"
]
},
"Hive": {
"Fn::Equals": [
{
"Ref": "Applications"
},
"Hive"
]
},
"Livy": {
"Fn::Equals": [
{
"Ref": "Applications"
},
"Livy"
]
},
"ZooKeeper": {
"Fn::Equals": [
{
"Ref": "Applications"
},
"ZooKeeper"
]
}
},
"Resources": {
"EMRCluster": {
"DependsOn": [
"EMRClusterServiceRole",
"EMRClusterinstanceProfileRole",
"EMRClusterinstanceProfile"
],
"Type": "AWS::EMR::Cluster",
"Properties": {
"Applications": [
{
"Name": "Ganglia"
},
{
"Fn::If": [
"Spark",
{
"Name": "Spark"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"Hbase",
{
"Name": "Hbase"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"Hive",
{
"Name": "Hive"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"Livy",
{
"Name": "Livy"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"ZooKeeper",
{
"Name": "ZooKeeper"
},
{
"Ref": "AWS::NoValue"
}
]
}
],
"Configurations": [
{
"Classification": "hbase-site",
"ConfigurationProperties": {
"hbase.rootdir":{"Ref":"S3DataUri"}
}
},
{
"Classification": "hbase",
"ConfigurationProperties": {
"hbase.emr.storageMode": "s3"
}
}
],
"Instances": {
"Ec2KeyName": {
"Ref": "KeyName"
},
"Ec2SubnetId": {
"Ref": "SubnetID"
},
"MasterInstanceGroup": {
"InstanceCount": 1,
"InstanceType": {
"Ref": "MasterInstanceType"
},
"Market": "ON_DEMAND",
"Name": "Master"
},
"CoreInstanceGroup": {
"InstanceCount": {
"Ref": "NumberOfCoreInstances"
},
"InstanceType": {
"Ref": "CoreInstanceType"
},
"Market": "ON_DEMAND",
"Name": "Core"
},
"TerminationProtected": false
},
"VisibleToAllUsers": true,
"JobFlowRole": {
"Ref": "EMRClusterinstanceProfile"
},
"ReleaseLabel": {
"Ref": "ReleaseLabel"
},
"LogUri": {
"Ref": "LogUri"
},
"Name": {
"Ref": "EMRClusterName"
},
"AutoScalingRole": "EMR_AutoScaling_DefaultRole",
"ServiceRole": {
"Ref": "EMRClusterServiceRole"
}
}
},
"EMRClusterServiceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"elasticmapreduce.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
],
"Path": "/"
}
},
"EMRClusterinstanceProfileRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
],
"Path": "/"
}
},
"EMRClusterinstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "EMRClusterinstanceProfileRole"
}
]
}
}
},
"Outputs": {}
}
Also, I want to add a bootstrap script in this template as well, Can anyone please help me with the issue.
As per my knoweldge and understanding, Applications in your case should be an array like below, as mentioned in documentation
"Applications" : [ Application, ... ],
In you case, you can list applications like
"Applications" : [
{"Name" : "Spark"},
{"Name" : "Hbase"},
{"Name" : "Hive"},
{"Name" : "Livy"},
{"Name" : "Zookeeper"},
]
For more arguments other than Name to individual application dictionary , see detail here, you can pass Args, Additional_info etc
You can use following way:-
If you set "ReleaseLabel" then there is no need to mention versions of applications
"Applications": [{
"Name": "Hive"
},
{
"Name": "Presto"
},
{
"Name": "Spark"
}
]
For bootstrap:-
"BootstrapActions": [{
"Name": "setup",
"ScriptBootstrapAction": {
"Path": "s3://bucket/key/Bootstrap.sh"
}
}]
Define like this to create all applications at once.
{
"Type": "AWS::EMR::Cluster",
"Properties": {
"Applications": [
{
"Name": "Ganglia"
},
{
"Name": "Spark"
},
{
"Name": "Livy"
},
{
"Name": "ZooKeeper"
},
{
"Name": "JupyterHub"
}
]
}
}
Cannot determine what property value is empty?
When running AWS CloudFormation with the below template(part of a pre-existing nested stack), I am getting a failure that "Property Value cannot be empty." for both of the lambda items I am trying to create CloudWatch alarms for. I have tried to run it as part of the nested stack as well as the template by itself to no avail. Can anyone offer any insight?
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Creation of CloudWatch Alarms",
"Resources": {
"CLFirstLambdaAlarm": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmName": "CLFirstLambdaErrors",
"AlarmDescription": "Alarms when an error occurs on the first lambda",
"AlarmActions": [{ "Ref": "AlarmNotificationTopic" }],
"MetricName": "Errors",
"Namespace": "AWS/Lambda",
"Dimensions": [{
"Name": "first-lambda"
},
{
"Value": { "Fn::ImportValue": "CLFirstLambda" }
}
],
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"EvaluationPeriods": "1",
"Period": "60",
"Unit": "Count",
"Statistic": "Sum",
"Threshold": "1",
"TreatMissingData": "notBreaching"
}
},
"CLSecondLambdaAlarm": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmName": "CLSecondLambdaErrors",
"AlarmDescription": "Alarms when an error occurs on the second lambda",
"AlarmActions": [{ "Ref": "AlarmNotificationTopic" }],
"MetricName": "Errors",
"Namespace": "AWS/Lambda",
"Dimensions": [{
"Name": "second-lambda"
},
{
"Value": { "Fn::ImportValue": "CLSecondLambda" }
}
],
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"EvaluationPeriods": "1",
"Period": "60",
"Unit": "Count",
"Statistic": "Sum",
"Threshold": "1",
"TreatMissingData": "notBreaching"
}
},
"AlarmNotificationTopic": {
"Type": "AWS::SNS::Topic",
"Properties": {
"TopicName": "cl-alarm-topic",
"Subscription": [{
"Endpoint": "me#domain.com",
"Protocol": "email"
}]
}
}
},
"Outputs": {
"AlarmNotificationTopicArn": {
"Description": "ARN of AlarmNotificationTopic",
"Value": { "Ref" : "AlarmNotificationTopic" },
"Export": { "Name" : "AlarmNotificationTopic" }
}
}
}
The CloudFormation Linter gives more detailed error messages:
E3003 Property Value missing at Resources/CLFirstLambdaAlarm/Properties/Dimensions/0
template.json:13:30
E3003 Property Name missing at Resources/CLFirstLambdaAlarm/Properties/Dimensions/1
template.json:16:19
E3003 Property Value missing at Resources/CLSecondLambdaAlarm/Properties/Dimensions/0
template.json:37:30
E3003 Property Name missing at Resources/CLSecondLambdaAlarm/Properties/Dimensions/1
template.json:40:19
AWS::CloudWatch::Alarm
AWS::CloudWatch::Alarm.Dimension
Try these AWS::CloudWatch::Alarm.Dimensions properties instead:
"Dimensions": [{
"Name": "first-lambda",
"Value": { "Fn::ImportValue": "CLFirstLambda" }
}
],
"Dimensions": [{
"Name": "second-lambda",
"Value": { "Fn::ImportValue": "CLSecondLambda" }
}
],
Unable to create VNet using JSON
I have the below script, whch is a section of a script I'm using to deploy a vnet. However it fails to create a the vnet, any idea where I might be going wrong?
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"client": {
"type": "string",
"maxLength": 3,
"metadata": {
"description": "Client name - max 3 chars"
}
},
"environment": {
"type": "string",
"maxLength": 3,
"metadata": {
"description": "Environment name - max 3 chars"
}
},
"businessUnit": {
"type": "string",
"maxLength": 3,
"metadata": {
"description": "Business Unit name - max 3 chars"
}
},
"appName": {
"type": "string",
"maxLength": 3,
"metadata": {
"description": "App name - max 3 chars"
}
},
"addressPrefix": {
"type": "string",
"metadata": {
"description": "The address space in CIDR notation for the new virtual network."
}
},
"subnetName1": {
"type": "string",
"metadata": {
"description": "The name of the first subnet in the new virtual network."
}
},
"subnetName2": {
"type": "string",
"metadata": {
"description": "The name of the first subnet in the new virtual network."
}
},
"gatewaySubnet": {
"type": "string",
"defaultValue": "GatewaySubnet",
"allowedValues": [
"GatewaySubnet"
],
"metadata": {
"description": "The name of the subnet where Gateway is to be deployed. This must always be named GatewaySubnet."
}
},
"subnetPrefix1": {
"type": "string",
"metadata": {
"description": "The address range in CIDR notation for the first subnet."
}
},
"subnetPrefix2": {
"type": "string",
"metadata": {
"description": "The address range in CIDR notation for the first subnet."
}
},
"gatewaySubnetPrefix": {
"type": "string",
"metadata": {
"description": "The address range in CIDR notation for the Gateway subnet. For ExpressRoute enabled Gateways, this must be minimum of /28."
}
},
"dnsServerAddress": {
"type": "array",
"metadata": {
"Description": "The DNS address(es) of the DNS Server(s) used by the VNET"
}
},
"dnsServerAddressUpdateDns": {
"type": "array",
"metadata": {
"Description": "The DNS address(es) of the DNS Server(s) used by the VNET"
}
},
"vpnClientAddressPoolPrefix": {
"type": "string",
"metadata": {
"description": "The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network."
}
},
"vmMfaName1privateIPAddress": {
"type": "string",
"metadata": {
"description": "The IP address of the MFA server."
}
},
"vmMfaName2privateIPAddress": {
"type": "string",
"metadata": {
"description": "The IP address of the MFA server."
}
},
"vmMfaLbIpAddress1": {
"type": "string",
"metadata": {
"description": "The IP address of the RADIUS server."
}
},
"radiusServerSecret": {
"type": "string",
"metadata": {
"description": "The secret of the RADIUS server."
}
},
"omsWorkSpaceResourceGroup": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Workspace Resource Group"
}
},
"omsWorkSpaceName": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Workspace Resource Name"
}
},
"omsWorkspaceStorageAccount": {
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Storage Account of OMS Workspace"
}
}
},
"variables": {
"apiVersion": "2015-06-15",
"vnetApiVersion": "2017-10-01",
"virtualNetworkPeeringApiVersion": "2017-10-01",
"routeTableApiVersion": "2017-10-01",
"locksApiVersion": "2017-04-01",
"virtualNetworkName": "[tolower(concat('vnet-', parameters('client'), '-', parameters('environment'), '-', parameters('businessUnit'), '-', parameters('appName')))]",
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
"gatewaySubnetRef": "[concat(variables('vnetID'),'/subnets/',parameters('gatewaySubnet'))]",
"virtualNetworkGatewayName": "[tolower(concat('vng-', parameters('client'), '-', parameters('environment'), '-', parameters('businessUnit'), '-', parameters('appName')))]",
"gatewaySku": "vpngw1",
"gatewayPublicIPName": "[tolower(concat('pip-', parameters('client'), '-', parameters('environment'), '-', parameters('businessUnit'), '-', parameters('appName')))]",
"vpnClientProtocols": "IkeV2",
"subnetName1": "[tolower(concat('sub-', parameters('client'), '-', parameters('environment'), '-', parameters('businessUnit'), '-', parameters('appName'), '-', parameters('subnetName1')))]",
"routeTable1": "[tolower(concat('udr-', variables('subnetName1')))]",
"networkSecurityGroup1": "[tolower(concat('nsg-', variables('subnetName1')))]",
"subnetName2": "[tolower(concat('sub-', parameters('client'), '-', parameters('environment'), '-', parameters('businessUnit'), '-', parameters('appName'), '-', parameters('subnetName2')))]",
"routeTable2": "[tolower(concat('udr-', variables('subnetName2')))]",
"networkSecurityGroup2": "[tolower(concat('nsg-', variables('subnetName2')))]"
},
"resources": [
{
"name": "[variables('routeTable1')]",
"type": "Microsoft.Network/routeTables",
"apiVersion": "[variables('routeTableApiVersion')]",
"location": "[resourceGroup().location]",
"properties": {
"routes": [
],
"disableBgpRoutePropagation": false
}
},
{
"name": "[variables('routeTable2')]",
"type": "Microsoft.Network/routeTables",
"apiVersion": "[variables('routeTableApiVersion')]",
"location": "[resourceGroup().location]",
"properties": {
"routes": [
],
"disableBgpRoutePropagation": false
}
},
{
"name": "[variables('networkSecurityGroup1')]",
"apiVersion": "[variables('apiVersion')]",
"type": "Microsoft.Network/networkSecurityGroups",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('routeTable1'))]"
],
"properties": {
"securityRules": [
{
"name": "AllowInboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "[parameters('addressPrefix')]",
"sourcePortRange": "*",
"destinationAddressPrefix": "*",
"destinationPortRange": "*"
}
},
{
"name": "AllowInboundHttpsMfaServer1",
"properties": {
"priority": 101,
"protocol": "Tcp",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "[parameters('vmMfaName1privateIPAddress')]",
"destinationPortRange": "443"
}
},
{
"name": "AllowInboundHttpsMfaServer2",
"properties": {
"priority": 102,
"protocol": "Tcp",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "[parameters('vmMfaName2privateIPAddress')]",
"destinationPortRange": "443"
}
},
{
"name": "AllowOutboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Outbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "[parameters('addressPrefix')]",
"destinationPortRange": "*"
}
}
]
}
},
{
"type": "microsoft.network/networksecuritygroups/providers/diagnosticSettings",
"name": "[concat(variables('networkSecurityGroup1'), '/Microsoft.Insights/service')]",
"dependsOn": [
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup1'))]"
],
"apiVersion": "2017-05-01-preview",
"properties": {
"name": "service",
"storageAccountId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('omsWorkSpaceResourceGroup'), '/providers/Microsoft.Storage/storageAccounts/', parameters('omsWorkspaceStorageAccount'))]",
"workspaceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('omsWorkSpaceResourceGroup'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('omsWorkSpaceName'))]",
"logs": [
{
"category": "NetworkSecurityGroupEvent",
"enabled": true,
"retentionPolicy": {
"days": 365,
"enabled": true
}
},
{
"category": "NetworkSecurityGroupRuleCounter",
"enabled": true,
"retentionPolicy": {
"days": 365,
"enabled": true
}
}
]
}
},
{
"name": "[variables('networkSecurityGroup2')]",
"apiVersion": "[variables('apiVersion')]",
"type": "Microsoft.Network/networkSecurityGroups",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('routeTable2'))]"
],
"properties": {
"securityRules": [
{
"name": "AllowInboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "[parameters('addressPrefix')]",
"sourcePortRange": "*",
"destinationAddressPrefix": "*",
"destinationPortRange": "*"
}
},
{
"name": "AllowOutboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Outbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "[parameters('addressPrefix')]",
"destinationPortRange": "*"
}
}
]
}
},
{
"type": "microsoft.network/networksecuritygroups/providers/diagnosticSettings",
"name": "[concat(variables('networkSecurityGroup2'), '/Microsoft.Insights/service')]",
"dependsOn": [
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup2'))]"
],
"apiVersion": "2017-05-01-preview",
"properties": {
"name": "service",
"storageAccountId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('omsWorkSpaceResourceGroup'), '/providers/Microsoft.Storage/storageAccounts/', parameters('omsWorkspaceStorageAccount'))]",
"workspaceId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('omsWorkSpaceResourceGroup'), '/providers/Microsoft.OperationalInsights/workspaces/', parameters('omsWorkSpaceName'))]",
"logs": [
{
"category": "NetworkSecurityGroupEvent",
"enabled": true,
"retentionPolicy": {
"days": 365,
"enabled": true
}
},
{
"category": "NetworkSecurityGroupRuleCounter",
"enabled": true,
"retentionPolicy": {
"days": 365,
"enabled": true
}
}
]
}
},
{
"name": "[variables('virtualNetworkName')]",
"apiVersion": "[variables('vnetApiVersion')]",
"type": "Microsoft.Network/virtualNetworks",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('routeTable1'))]",
"[concat('Microsoft.Network/routeTables/', variables('routeTable2'))]",
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup1'))]",
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup2'))]"
],
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('addressPrefix')]"
]
},
"dhcpOptions": {
"dnsServers": "[parameters('dnsServerAddress')]"
},
"subnets": [
{
"name": "[variables('subnetName1')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix1')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroup1'))]"
},
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', variables('routeTable1'))]"
},
"serviceEndpoints": [
{
"service": "Microsoft.Storage",
"locations": [
"[resourceGroup().location]"
]
},
{
"service": "Microsoft.Sql",
"locations": [
"[resourceGroup().location]"
]
}
]
}
},
{
"name": "[variables('subnetName2')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix2')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroup2'))]"
},
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', variables('routeTable2'))]"
},
"serviceEndpoints": [
{
"service": "Microsoft.Storage",
"locations": [
"[resourceGroup().location]"
]
},
{
"service": "Microsoft.Sql",
"locations": [
"[resourceGroup().location]"
]
}
]
}
},
{
"name": "[parameters('gatewaySubnet')]",
"properties": {
"addressPrefix": "[parameters('gatewaySubnetPrefix')]"
}
}
]
},
"resources": [
{
"name": "[concat(variables('virtualNetworkName'), '/Microsoft.Authorization/', variables('virtualNetworkName'), '-LockDoNotDelete')]",
"type": "Microsoft.Network/virtualNetworks/providers/locks",
"apiVersion": "[variables('locksApiVersion')]",
"dependsOn": [
"[variables('virtualNetworkName')]"
],
"properties": {
"level": "CanNotDelete",
"notes": "Resource Lock - Do Not Delete!",
"owners": [
]
}
}
]
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('gatewayPublicIPName')]",
"location": "[resourceGroup().location]",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"apiVersion": "2015-06-15",
"type": "Microsoft.Network/virtualNetworkGateways",
"name": "[variables('virtualNetworkGatewayName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('gatewayPublicIPName'))]",
"[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('gatewaySubnetRef')]"
},
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('gatewayPublicIPName'))]"
}
},
"name": "vnetGatewayConfig"
}
],
"sku": {
"name": "[variables('gatewaySku')]",
"tier": "[variables('gatewaySku')]"
},
"gatewayType": "Vpn",
"vpnType": "RouteBased",
"enableBgp": "false",
"vpnClientConfiguration": {
"vpnClientAddressPool": {
"addressPrefixes": [
"[parameters('vpnClientAddressPoolPrefix')]"
]
},
"vpnClientProtocols": [
"[variables('vpnClientProtocols')]"
],
"radiusServerAddress": "[parameters('vmMfaLbIpAddress1')]",
"radiusServerSecret": "[parameters('radiusServerSecret')]"
}
}
}
]
}
This is used to create a vnet and subnets before vm's are deployed to it.
I can't see where I'm going wrong, I'm baffled ..Any help would be appreciated Thanks
So, without you showing the exact error text, its pretty hard to tell what goes wrong exactly, i do have to admit template quality is mediocre. The most common error is wrong dependsOn property. Your typical dependsOn:
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup1'))]"
Proper dependsOn:
"[resourceId('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup1'))]"
You also have lots of places that could be improved, for example, why do you have parameter for gateway subnet name? It always is gatewaysubnet. You cannot change it. you are using prefixes for resource types instead of suffixes, you construct resource names in variables section and various other things which are used only once (for the most part) in the template (so just a waste of space). using concat() instead of resourceId() in many places:
"storageAccountId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', parameters('omsWorkSpaceResourceGroup'), '/providers/Microsoft.Storage/storageAccounts/', parameters('omsWorkspaceStorageAccount'))]",
"storageAccountId": "[resourceId(parameters('omsWorkSpaceResourceGroup'), 'Microsoft.Storage/storageAccounts', parameters('omsWorkspaceStorageAccount'))]",
second option is almost 2 times shorter...
I saw the question was marked as 'answered' this morning so i did post my yesterday finding, but since you are still having issue i will post them.
Yes, the template is not the greatest, seems it was put together by copying bit and piece from different templates.
With that been said i focused on the Network section that you mentioned you have issues with. Extract the network section, tweak a little to make up for missing parameters and variables and tried to deploy it. Noticed 2 issues
Issues
dnsserveraddress and dnsserveraddressupdatedns parameters had 'type' as array that did not really accepted any valid input.
Also got error that address space CIDR Notation you provided 10.10.2.0/22 is an invalid CIDR Notation.
Resolution
Once i correct both i was able to deploy the network section without any issues
Tweak JSON i used just to deploy VNet.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"addressPrefix": {
"type": "String",
"metadata": {
"description": "The address space in CIDR notation for the new virtual network."
}
},
"subnetName1": {
"type": "String",
"metadata": {
"description": "The name of the first subnet in the new virtual network."
}
},
"subnetName2": {
"type": "String",
"metadata": {
"description": "The name of the first subnet in the new virtual network."
}
},
"gatewaySubnet": {
"defaultValue": "GatewaySubnet",
"allowedValues": [
"GatewaySubnet"
],
"type": "String",
"metadata": {
"description": "The name of the subnet where Gateway is to be deployed. This must always be named GatewaySubnet."
}
},
"subnetPrefix1": {
"type": "String",
"metadata": {
"description": "The address range in CIDR notation for the first subnet."
}
},
"subnetPrefix2": {
"type": "String",
"metadata": {
"description": "The address range in CIDR notation for the first subnet."
}
},
"gatewaySubnetPrefix": {
"type": "String",
"metadata": {
"description": "The address range in CIDR notation for the Gateway subnet. For ExpressRoute enabled Gateways, this must be minimum of /28."
}
},
"dnsServerAddress": {
"type": "String",
"metadata": {
"Description": "The DNS address(es) of the DNS Server(s) used by the VNET"
}
},
"dnsServerAddressUpdateDns": {
"type": "String",
"metadata": {
"Description": "The DNS address(es) of the DNS Server(s) used by the VNET"
}
}
},
"variables": {
"apiVersion": "2015-06-15",
"vnetApiVersion": "2017-10-01",
"virtualNetworkPeeringApiVersion": "2017-10-01",
"routeTableApiVersion": "2017-10-01",
"locksApiVersion": "2017-04-01",
"virtualNetworkName": "[tolower(concat('vnet-Test'))]",
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
"gatewaySubnetRef": "[concat(variables('vnetID'),'/subnets/',parameters('gatewaySubnet'))]",
"subnetName1": "[tolower(concat('sub-', parameters('subnetName1')))]",
"routeTable1": "[tolower(concat('udr-', variables('subnetName1')))]",
"networkSecurityGroup1": "[tolower(concat('nsg-', variables('subnetName1')))]",
"subnetName2": "[tolower(concat('sub-', parameters('subnetName2')))]",
"routeTable2": "[tolower(concat('udr-', variables('subnetName2')))]",
"networkSecurityGroup2": "[tolower(concat('nsg-', variables('subnetName2')))]"
},
"resources": [
{
"type": "Microsoft.Network/routeTables",
"name": "[variables('routeTable1')]",
"apiVersion": "[variables('routeTableApiVersion')]",
"location": "[resourceGroup().location]",
"properties": {
"routes": [],
"disableBgpRoutePropagation": false
}
},
{
"type": "Microsoft.Network/routeTables",
"name": "[variables('routeTable2')]",
"apiVersion": "[variables('routeTableApiVersion')]",
"location": "[resourceGroup().location]",
"properties": {
"routes": [],
"disableBgpRoutePropagation": false
}
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('networkSecurityGroup1')]",
"apiVersion": "[variables('apiVersion')]",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": [
{
"name": "AllowInboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "[parameters('addressPrefix')]",
"sourcePortRange": "*",
"destinationAddressPrefix": "*",
"destinationPortRange": "*"
}
},
{
"name": "AllowOutboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Outbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "[parameters('addressPrefix')]",
"destinationPortRange": "*"
}
}
]
},
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('routeTable1'))]"
]
},
{
"type": "Microsoft.Network/networkSecurityGroups",
"name": "[variables('networkSecurityGroup2')]",
"apiVersion": "[variables('apiVersion')]",
"location": "[resourceGroup().location]",
"properties": {
"securityRules": [
{
"name": "AllowInboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Inbound",
"sourceAddressPrefix": "[parameters('addressPrefix')]",
"sourcePortRange": "*",
"destinationAddressPrefix": "*",
"destinationPortRange": "*"
}
},
{
"name": "AllowOutboundAnyAddressSpace",
"properties": {
"priority": 100,
"protocol": "*",
"access": "Allow",
"direction": "Outbound",
"sourceAddressPrefix": "*",
"sourcePortRange": "*",
"destinationAddressPrefix": "[parameters('addressPrefix')]",
"destinationPortRange": "*"
}
}
]
},
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('routeTable2'))]"
]
},
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[variables('virtualNetworkName')]",
"apiVersion": "[variables('vnetApiVersion')]",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('addressPrefix')]"
]
},
"dhcpOptions": {
"dnsServers": "[parameters('dnsServerAddress')]"
},
"subnets": [
{
"name": "[variables('subnetName1')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix1')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroup1'))]"
},
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', variables('routeTable1'))]"
},
"serviceEndpoints": [
{
"service": "Microsoft.Storage",
"locations": [
"[resourceGroup().location]"
]
},
{
"service": "Microsoft.Sql",
"locations": [
"[resourceGroup().location]"
]
}
]
}
},
{
"name": "[variables('subnetName2')]",
"properties": {
"addressPrefix": "[parameters('subnetPrefix2')]",
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('networkSecurityGroup2'))]"
},
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', variables('routeTable2'))]"
},
"serviceEndpoints": [
{
"service": "Microsoft.Storage",
"locations": [
"[resourceGroup().location]"
]
},
{
"service": "Microsoft.Sql",
"locations": [
"[resourceGroup().location]"
]
}
]
}
},
{
"name": "[parameters('gatewaySubnet')]",
"properties": {
"addressPrefix": "[parameters('gatewaySubnetPrefix')]"
}
}
]
},
"resources": [
{
"type": "Microsoft.Network/virtualNetworks/providers/locks",
"name": "[concat(variables('virtualNetworkName'), '/Microsoft.Authorization/', variables('virtualNetworkName'), '-LockDoNotDelete')]",
"apiVersion": "[variables('locksApiVersion')]",
"properties": {
"level": "CanNotDelete",
"notes": "Resource Lock - Do Not Delete!",
"owners": []
},
"dependsOn": [
"[variables('virtualNetworkName')]"
]
}
],
"dependsOn": [
"[concat('Microsoft.Network/routeTables/', variables('routeTable1'))]",
"[concat('Microsoft.Network/routeTables/', variables('routeTable2'))]",
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup1'))]",
"[concat('Microsoft.Network/networksecuritygroups/', variables('networkSecurityGroup2'))]"
]
}
]
}
Hope this helps.
WebServerInstance Encountered unsupported property VpcId
I keep getting this issue in the Webserversinstance.
*Paramaters*
VPCSelection": {
"Description": "VPC",
"Type": "String",
"Default": "vpc-xxxxxxx"
*Webserver Security group*
"Resources": {
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "VPCSelection"
},
*WebServer Instance*
{
"Resources": {
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "VPCSelection"
},
When i run this template, i get this issue:
12:45:52 UTC+0000 ROLLBACK_IN_PROGRESS AWS::CloudFormation::Stack Test13 The following resource(s) failed to create: [WebServerInstance]. . Rollback requested by user.
12:45:51 UTC+0000 CREATE_FAILED AWS::EC2::Instance WebServerInstance Encountered unsupported property VpcId
When i remove this VPCid from the webserver instance i get a different error saying: AWS::EC2::Instance WebServerInstance No default VPC for this user
I put this into Bisque and got the below. Does this help?
{
"Resources": {
"WebServerSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Metadata": {
"YadaYada::Bisque::DotnetType": {
"Type": "Bisque.EC2.Networking.SecurityGroup, Bisque.Aws, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"
}
},
"Properties": {
"GroupDescription": {
"Ref": "WebServerSecurityGroupGroupDescription"
},
"VpcId": {
"Ref": "VPCSelection"
},
"Tags": [
{
"Key": "Name",
"Value": "WebServerSecurityGroup"
}
]
}
},
"WebServerInstance": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"YadaYada::Bisque::DotnetType": {
"Type": "Bisque.EC2.Instances.Instance, Bisque.Aws, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"
},
"AWS::CloudFormation::Init": {
"configSets": {
"Bootstrap": [
"Bootstrap"
]
},
"Bootstrap": {
"services": {
"windows": {
"cfn-hup": {
"ensureRunning": true,
"enabled": true,
"files": [
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf",
"c:\\cfn\\cfn-hup.conf"
]
}
}
},
"files": {
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"\n",
[
"[cfn-auto-reloader-hook]",
"triggers=post.update",
"path=Resources.WebServerInstance.Metadata.AWS::CloudFormation::Init",
{
"Fn::Join": [
"",
[
"action=",
{
"Fn::Join": [
"",
[
"cfn-init.exe -v -c \"",
"Bootstrap",
"\" -s ",
{
"Ref": "AWS::StackId"
},
" -r WebServerInstance --region ",
{
"Ref": "AWS::Region"
}
]
]
}
]
]
}
]
]
}
},
"c:\\cfn\\cfn-hup.conf": {
"content": {
"Fn::Join": [
"\n",
[
"[main]",
{
"Fn::Join": [
"",
[
"stack=",
{
"Ref": "AWS::StackName"
}
]
]
},
{
"Fn::Join": [
"",
[
"region=",
{
"Ref": "AWS::Region"
}
]
]
},
"interval=1",
"verbose=true"
]
]
}
}
}
}
}
},
"Properties": {
"SecurityGroupIds": [
{
"Ref": "WebServerSecurityGroup"
}
],
"Tags": [
{
"Key": "Name",
"Value": "WebServerInstance"
}
],
"ImageId": {
"Ref": "WebServerInstanceImageId"
},
"InstanceType": {
"Ref": "WebServerInstanceInstanceType"
},
"KeyName": {
"Ref": "WebServerInstanceKeyName"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"<script>",
{
"Fn::Join": [
"",
[
"cfn-init.exe -v -c \"",
"Bootstrap",
"\" -s ",
{
"Ref": "AWS::StackId"
},
" -r WebServerInstance --region ",
{
"Ref": "AWS::Region"
}
]
]
},
"</script>"
]
]
}
}
}
}
},
"Parameters": {
"VPCSelection": {
"Type": "AWS::EC2::VPC::Id"
},
"WebServerSecurityGroupGroupDescription": {
"Type": "String"
},
"WebServerInstanceImageId": {
"Type": "AWS::EC2::Image::Id"
},
"WebServerInstanceInstanceType": {
"Type": "String",
"Default": "t2.micro",
"AllowedValues": [
"",
"t2.nano",
"t2.micro",
"t2.small",
"t2.medium",
"t2.large",
"t2.xlarge",
"t2.2xlarge",
"m4.large",
"m4.xlarge",
"m4.2xlarge",
"m4.4xlarge",
"m4.10xlarge",
"m3.medium",
"m3.large",
"m3.xlarge",
"m3.2xlarge",
"m1.small",
"m1.medium",
"m1.large",
"m1.xlarge",
"c4.large",
"c4.xlarge",
"c4.2xlarge",
"c4.4xlarge",
"c4.8xlarge",
"c3.large",
"c3.xlarge",
"c3.2xlarge",
"c3.4xlarge",
"c3.8xlarge",
"c1.medium",
"c1.xlarge",
"cc2.8xlarge",
"cc1.4xlarge",
"g2.2xlarge",
"g2.8xlarge",
"cg1.4xlarge",
"r3.large",
"r3.xlarge",
"r3.2xlarge",
"r3.4xlarge",
"r3.8xlarge",
"x1.32xlarge",
"m2.xlarge",
"m2.2xlarge",
"m2.4xlarge",
"cr1.8xlarge",
"d2.xlarge",
"d2.2xlarge",
"d2.4xlarge",
"d2.8xlarge",
"i2.xlarge",
"i2.2xlarge",
"i2.4xlarge",
"i2.8xlarge",
"hi1.4xlarge",
"hs1.8xlarge",
"t1.micro"
]
},
"WebServerInstanceKeyName": {
"Type": "AWS::EC2::KeyPair::KeyName",
"Default": "default"
}
},
"Metadata": {
"AWS::CloudFormation::Interface": {
"Key": "AWS::CloudFormation::Interface",
"ParameterGroups": [
{
"Label": {
"default": "WebServerSecurityGroup Properties"
},
"Parameters": [
"WebServerSecurityGroupGroupDescription"
]
},
{
"Label": {
"default": "WebServerInstance Properties"
},
"Parameters": [
"WebServerInstanceImageId",
"WebServerInstanceInstanceType",
"WebServerInstanceKeyName"
]
}
],
"ParameterLabels": {
"WebServerSecurityGroupGroupDescription": {
"default": "Description"
},
"WebServerInstanceImageId": {
"default": "Image Id (AMI)"
},
"WebServerInstanceInstanceType": {
"default": "Instance Size"
},
"WebServerInstanceKeyName": {
"default": "Key Name"
}
}
}
}
}