Related
I was trying to run a code and i had this error but cant identify the problem. i got the error message The CIDR '10.0.1.0/24' conflicts with another subnet (Service: AmazonEC2; Status Code: 400; Error Code: InvalidSubnet.Conflict; Request ID: e0de23a8-d921-475f-aadd-84dac3109664; Proxy: null)
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "This is a network with one Vpc, 4 Subnet; 2 private, 2 public",
"Metadata": {},
"Parameters": {
"MyVpcCidr": {
"Description": "This is the cidr for appVpc",
"Type": "String",
"Default": "10.0.0.0/16"
},
"AZ1": {
"Description": "AZ 1 for my network",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"Priv1Cidr": {
"Description": "This is the cidr for my appPriv1Subnet",
"Type": "String",
"Default": "10.0.1.0/24"
},
"Priv2Cidr": {
"Description": "This is the cidr for my appPriv2Subnet",
"Type": "String",
"Default": "10.0.3.0/24"
},
"AZ2": {
"Description": "AZ 2 for my network",
"Type": "AWS::EC2::AvailabilityZone::Name"
},
"Pub1Cidr": {
"Description": "Cidr for my appPubSN1",
"Type": "String",
"Default": "10.0.2.0/24"
},
"Pub2Cidr": {
"Description": "Cidr for appPubSN2",
"Type": "String",
"Default": "10.0.4.0/16"
}
},
"Mappings": {},
"Conditions": {},
"Resources": {
"appVpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": {
"Ref": "MyVpcCidr"
},
"Tags": [
{
"Key": "Name",
"Value": "AppVpc"
}
]
}
},
"appPriv1Subnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "AZ1"
},
"VpcId": {
"Ref": "appVpc"
},
"CidrBlock": {
"Ref": "Priv1Cidr"
},
"Tags": [
{
"Key": "Name",
"Value": "Apppriv1subnet"
}
]
}
},
"appPriv2Subnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "AZ2"
},
"VpcId": {
"Ref": "appVpc"
},
"CidrBlock": {
"Ref": "Priv2Cidr"
},
"Tags": [
{
"Key": "Name",
"Value": "AppPriv2Subnet"
}
]
}
},
"appPubSN1": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "AZ1"
},
"VpcId": {
"Ref": "appVpc"
},
"CidrBlock": {
"Ref": "Pub1Cidr"
},
"Tags": [
{
"Key": "Name",
"Value": "AppPubsn1"
}
]
}
},
"appPubSN2": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": {
"Ref": "AZ2"
},
"VpcId": {
"Ref": "appVpc"
},
"CidrBlock": {
"Ref": "Pub2Cidr"
},
"Tags": [
{
"Key": "Name",
"Value": "AppPubsn2"
}
]
}
},
"appIG": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "Name",
"Value": "AppIG"
}
]
}
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "appVpc"
},
"InternetGatewayId": {
"Ref": "appIG"
}
}
},
"appPrivRT": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "appVpc"
},
"Tags": [
{
"Key": "Name",
"Value": "AppPrivRt"
}
]
}
},
"PrivRTA1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "appPriv1Subnet"
},
"RouteTableId": {
"Ref": "appPrivRT"
}
}
},
"PrivRTA2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "appPriv2Subnet"
},
"RouteTableId": {
"Ref": "appPrivRT"
}
}
},
"appEIP": {
"Type": "AWS::EC2::EIP",
"Properties": {
"Domain": "vpc"
}
},
"appNatgw": {
"Type": "AWS::EC2::NatGateway",
"Properties": {
"AllocationId": {
"Fn::GetAtt": [
"appEIP",
"AllocationId"
]
},
"SubnetId": {
"Ref": "appPubSN1"
},
"Tags": [
{
"Key": "Name",
"Value": "Appnatgw"
}
]
}
},
"appPrivRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "appPrivRT"
},
"DestinationCidrBlock": "0.0.0.0/0",
"NatGatewayId": {
"Ref": "appNatgw"
}
}
},
"appPubRT": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "appVpc"
},
"Tags": [
{
"Key": "Name",
"Value": "AppPubRT"
}
]
}
},
"PubRTA1": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "appPubSN1"
},
"RouteTableId": {
"Ref": "appPubRT"
}
}
},
"PubRTA2": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "appPubSN2"
},
"RouteTableId": {
"Ref": "appPubRT"
}
}
},
"appPubRoute": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "appPubRT"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "appIG"
}
}
},
"appSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Allow ssh port 22 and port 80",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": "0.0.0.0/0"
}
],
"VpcId": {
"Ref": "appVpc"
},
"Tags": [
{
"Key": "Name",
"Value": "AppSG"
}
]
}
},
"internalSG": {
"DependsOn": "appSG",
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Allow traffic from appSG",
"SecurityGroupIngress": [
{
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "appSG"
}
}
],
"VpcId": {
"Ref": "appVpc"
},
"Tags": [
{
"Key": "Name",
"Value": "appinternalSG"
}
]
}
}
},
"Outputs": {
"appVpcId": {
"Description": "Id for my vpc ",
"Value": {
"Ref": "appVpc"
},
"Export": {
"Name": "appVpcid"
}
},
"appPrivSN1Id": {
"Description": "Id for my private SN1",
"Value": {
"Ref": "appPriv1Subnet"
},
"Export": {
"Name": "appPrivSNID1"
}
},
"appPrivSN2Id": {
"Description": "Id for my subnet 2 private",
"Value": {
"Ref": "appPriv2Subnet"
},
"Export": {
"Name": "appPrivSNID2"
}
},
"appPubSN1Id": {
"Description": "Id for Public subnet 1",
"Value": {
"Ref": "appPubSN1"
},
"Export": {
"Name": "appPubSNID1"
}
},
"appPubSN2Id": {
"Description": "Id for Public subnet 2",
"Value": {
"Ref": "appPubSN2"
},
"Export": {
"Name": "appPubSNID2"
}
},
"externalSgid": {
"Description": "Id for external security group",
"Value": {
"Ref": "appSG"
},
"Export": {
"Name": "appSGID"
}
},
"internalSGId": {
"Description": "Id for internal security group",
"Value": {
"Ref": "internalSG"
},
"Export": {
"Name": "internalSGID"
}
}
}
}
I suspect 10.0.4.0/16 is a typo that was meant to be 10.0.4.0/24.
The reason is that the cidr 10.0.4.0/16, which you have set for Pub2Cidr starts at 10.0.0.0 and ends at 10.0.255.255, which overlaps with 10.0.1.0/24 which starts at 10.0.1.0 and ends at 10.0.1.255.
I am trying to create EMR-5.30.1 clusters with applications such as Hadoop, livy, Spark, ZooKeeper, and Hive with the help of the CloudFormation template. But the issue is with this template is I am able the cluster with only one application from the above list of applications.
below is the CloudFormation Template
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Best Practice EMR Cluster for Spark or S3 backed Hbase",
"Parameters": {
"EMRClusterName": {
"Description": "Name of the cluster",
"Type": "String",
"Default": "emrcluster"
},
"KeyName": {
"Description": "Must be an existing Keyname",
"Type": "String",
"Default": "keyfilename"
},
"MasterInstanceType": {
"Description": "Instance type to be used for the master instance.",
"Type": "String",
"Default": "m5.xlarge"
},
"CoreInstanceType": {
"Description": "Instance type to be used for core instances.",
"Type": "String",
"Default": "m5.xlarge"
},
"NumberOfCoreInstances": {
"Description": "Must be a valid number",
"Type": "Number",
"Default": 1
},
"SubnetID": {
"Description": "Must be Valid public subnet ID",
"Default": "subnet-ee15b3e0",
"Type": "String"
},
"LogUri": {
"Description": "Must be a valid S3 URL",
"Default": "s3://aws/elasticmapreduce/",
"Type": "String"
},
"S3DataUri": {
"Description": "Must be a valid S3 bucket URL ",
"Default": "s3://aws/elasticmapreduce/",
"Type": "String"
},
"ReleaseLabel": {
"Description": "Must be a valid EMR release version",
"Default": "emr-5.30.1",
"Type": "String"
},
"Applications": {
"Description": "Please select which application will be installed on the cluster this would be either Ganglia and spark, or Ganglia and s3 backed Hbase",
"Type": "String",
"AllowedValues": [
"Spark",
"Hbase",
"Hive",
"Livy",
"ZooKeeper"
]
}
},
"Mappings": {},
"Conditions": {
"Spark": {
"Fn::Equals": [
{
"Ref": "Applications"
},
"Spark"
]
},
"Hbase": {
"Fn::Equals": [
{
"Ref": "Applications"
},
"Hbase"
]
},
"Hive": {
"Fn::Equals": [
{
"Ref": "Applications"
},
"Hive"
]
},
"Livy": {
"Fn::Equals": [
{
"Ref": "Applications"
},
"Livy"
]
},
"ZooKeeper": {
"Fn::Equals": [
{
"Ref": "Applications"
},
"ZooKeeper"
]
}
},
"Resources": {
"EMRCluster": {
"DependsOn": [
"EMRClusterServiceRole",
"EMRClusterinstanceProfileRole",
"EMRClusterinstanceProfile"
],
"Type": "AWS::EMR::Cluster",
"Properties": {
"Applications": [
{
"Name": "Ganglia"
},
{
"Fn::If": [
"Spark",
{
"Name": "Spark"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"Hbase",
{
"Name": "Hbase"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"Hive",
{
"Name": "Hive"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"Livy",
{
"Name": "Livy"
},
{
"Ref": "AWS::NoValue"
}
]
},
{
"Fn::If": [
"ZooKeeper",
{
"Name": "ZooKeeper"
},
{
"Ref": "AWS::NoValue"
}
]
}
],
"Configurations": [
{
"Classification": "hbase-site",
"ConfigurationProperties": {
"hbase.rootdir":{"Ref":"S3DataUri"}
}
},
{
"Classification": "hbase",
"ConfigurationProperties": {
"hbase.emr.storageMode": "s3"
}
}
],
"Instances": {
"Ec2KeyName": {
"Ref": "KeyName"
},
"Ec2SubnetId": {
"Ref": "SubnetID"
},
"MasterInstanceGroup": {
"InstanceCount": 1,
"InstanceType": {
"Ref": "MasterInstanceType"
},
"Market": "ON_DEMAND",
"Name": "Master"
},
"CoreInstanceGroup": {
"InstanceCount": {
"Ref": "NumberOfCoreInstances"
},
"InstanceType": {
"Ref": "CoreInstanceType"
},
"Market": "ON_DEMAND",
"Name": "Core"
},
"TerminationProtected": false
},
"VisibleToAllUsers": true,
"JobFlowRole": {
"Ref": "EMRClusterinstanceProfile"
},
"ReleaseLabel": {
"Ref": "ReleaseLabel"
},
"LogUri": {
"Ref": "LogUri"
},
"Name": {
"Ref": "EMRClusterName"
},
"AutoScalingRole": "EMR_AutoScaling_DefaultRole",
"ServiceRole": {
"Ref": "EMRClusterServiceRole"
}
}
},
"EMRClusterServiceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"elasticmapreduce.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
],
"Path": "/"
}
},
"EMRClusterinstanceProfileRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
],
"Path": "/"
}
},
"EMRClusterinstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "EMRClusterinstanceProfileRole"
}
]
}
}
},
"Outputs": {}
}
Also, I want to add a bootstrap script in this template as well, Can anyone please help me with the issue.
As per my knoweldge and understanding, Applications in your case should be an array like below, as mentioned in documentation
"Applications" : [ Application, ... ],
In you case, you can list applications like
"Applications" : [
{"Name" : "Spark"},
{"Name" : "Hbase"},
{"Name" : "Hive"},
{"Name" : "Livy"},
{"Name" : "Zookeeper"},
]
For more arguments other than Name to individual application dictionary , see detail here, you can pass Args, Additional_info etc
You can use following way:-
If you set "ReleaseLabel" then there is no need to mention versions of applications
"Applications": [{
"Name": "Hive"
},
{
"Name": "Presto"
},
{
"Name": "Spark"
}
]
For bootstrap:-
"BootstrapActions": [{
"Name": "setup",
"ScriptBootstrapAction": {
"Path": "s3://bucket/key/Bootstrap.sh"
}
}]
Define like this to create all applications at once.
{
"Type": "AWS::EMR::Cluster",
"Properties": {
"Applications": [
{
"Name": "Ganglia"
},
{
"Name": "Spark"
},
{
"Name": "Livy"
},
{
"Name": "ZooKeeper"
},
{
"Name": "JupyterHub"
}
]
}
}
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"VpcId": {
"Type": "AWS::EC2::VPC::Id",
"Description": "VpcId of your existing Virtual Private Cloud (VPC)",
"ConstraintDescription": "must be the VPC Id of an existing Virtual Private Cloud."
},
"Subnets": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Description": "The list of SubnetIds in your Virtual Private Cloud (VPC)"
},
"InstanceType": {
"Description": "WebServer EC2 instance type",
"Type": "String",
"Default": "t2.small",
"AllowedValues": [
"t1.micro",
"t2.nano",
"t2.micro",
"t2.small",
"t2.medium",
"t2.large",
"m1.small",
"m1.medium",
"cg1.4xlarge"
],
"ConstraintDescription": "must be a valid EC2 instance type."
},
"WebServerCapacity": {
"Default": "2",
"Description": "The initial number of WebServer instances",
"Type": "Number",
"MinValue": "1",
"MaxValue": "10",
"ConstraintDescription": "must be between 1 and 10 EC2 instances."
},
"KeyName": {
"Description": "The EC2 Key Pair to allow SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
},
"SSHLocation": {
"Description": "The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Resources": {
"WebServerScaleUpPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "WebServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": 1
}
},
"WebServerScaleDownPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "WebServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": -1
}
},
"CPUAlarmHigh": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "Scale-up if CPU > 70% for 5 minutes",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Statistic": "Average",
"Period": 300,
"EvaluationPeriods": 2,
"Threshold": 70,
"AlarmActions": [{
"Ref": "WebServerScaleUpPolicy"
}],
"Dimensions": [{
"Name": "AutoScalingGroupName",
"Value": {
"Ref": "WebServerGroup"
}
}],
"ComparisonOperator": "GreaterThanThreshold"
}
},
"CPUAlarmLow": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "Scale-down if CPU < 40% for 5 minutes",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Statistic": "Average",
"Period": 300,
"EvaluationPeriods": 2,
"Threshold": 40,
"AlarmActions": [{
"Ref": "WebServerScaleDownPolicy"
}],
"Dimensions": [{
"Name": "AutoScalingGroupName",
"Value": {
"Ref": "WebServerGroup"
}
}],
"ComparisonOperator": "LessThanThreshold"
}
},
"ApplicationLoadBalancer": {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Properties": {
"Name": "elb-test",
"Scheme": "internet-facing",
"IpAddressType": "ipv4",
"Type": "application",
"Subnets": {
"Ref": "Subnets"
}
}
},
"ALBListener": {
"Type": "AWS::ElasticLoadBalancingV2::Listener",
"Properties": {
"DefaultActions": [{
"Type": "forward",
"TargetGroupArn": {
"Ref": "ALBTargetGroup"
}
}],
"LoadBalancerArn": {
"Ref": "ApplicationLoadBalancer"
},
"Port": 80,
"Protocol": "HTTP"
}
},
"ALBTargetGroup": {
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
"Properties": {
"Name": "ELB-Group",
"HealthCheckIntervalSeconds": 30,
"HealthCheckTimeoutSeconds": 5,
"HealthyThresholdCount": 3,
"Port": 80,
"Protocol": "HTTP",
"TargetType": "instance",
"UnhealthyThresholdCount": 5,
"VpcId": {
"Ref": "VpcId"
}
}
},
"WebServerGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"VPCZoneIdentifier": {
"Ref": "Subnets"
},
"HealthCheckGracePeriod": 300,
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
},
"MinSize": "1",
"MaxSize": "8",
"DesiredCapacity": {
"Ref": "WebServerCapacity"
},
"TargetGroupARNs": [{
"Ref": "ALBTargetGroup"
}]
},
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT5M",
"Count": {
"Ref": "WebServerCapacity"
}
}
},
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MinInstancesInService": 1,
"MaxBatchSize": 1,
"PauseTime": "PT5M",
"WaitOnResourceSignals": true
}
}
},
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"KeyName": {
"Ref": "KeyName"
},
"ImageId": "ami-00932e4c143f3fdf0",
"SecurityGroups": [{
"Ref": "InstanceSecurityGroup"
}],
"InstanceType": {
"Ref": "InstanceType"
},
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -xe\n",
"apt-get update -y\n",
"apt-get install -y python-setuptools\n",
"mkdir -p /opt/aws/bin\n",
"python /usr/lib/python2.7/dist-packages/easy_install.py --script-dir /opt/aws/bin https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource EC2Instance ",
" --configsets full_install ",
" --region ", { "Ref" : "AWS::Region" }, "\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource EC2Instance ",
" --region ", { "Ref" : "AWS::Region" }, "\n"
]]}}}
},
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable SSH access and HTTP from the load balancer only",
"SecurityGroupIngress": [{
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIp": {
"Ref": "SSHLocation"
}
},
{
"IpProtocol": "tcp",
"FromPort": 80,
"ToPort": 80,
"SourceSecurityGroupId": {
"Fn::Select": [
0,
{
"Fn::GetAtt": [
"ApplicationLoadBalancer",
"SecurityGroups"
]
}
]
}
}
],
"VpcId": {
"Ref": "VpcId"
}
}
}
},
"Outputs": {
"URL": {
"Description": "The URL of the website",
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Fn::GetAtt": [
"ApplicationLoadBalancer",
"DNSName"
]
}
]
]
}
}
}
}
I am using this template to create auto-scaling with cloud formation and i am using ubuntu-18.04. Every time I am getting same error.
Received 0 SUCCESS signal(s) out of 1. Unable to satisfy 100% MinSuccessfulInstancesPercent requirement
Failed to receive 1 resource signal(s) for the current batch. Each resource signal timeout is counted as a FAILURE.
Please let me know where i am lacking
I have ran your template through cfn-lint and got a lot of problems reported:
W2030 You must specify a valid allowed value for InstanceType (cg1.4xlarge).
Valid values are ['a1.2xlarge', 'a1.4xlarge', 'a1.large', 'a1.medium', 'a1.metal', 'a1.xlarge', 'c1.medium', 'c1.xlarge', 'c3.2xlarge', 'c3.4xlarge', 'c3.8xlarge', 'c3.large', 'c3.xlarge', 'c4.2xlarge', 'c4.4xlarge', 'c4.8xlarge', 'c4.large', 'c4.xlarge', 'c5.12xlarge', 'c5.18xlarge', 'c5.24xlarge', 'c5.2xlarge', 'c5.4xlarge', 'c5.9xlarge', 'c5.large', 'c5.metal', 'c5.xlarge', 'c5d.12xlarge', 'c5d.18xlarge', 'c5d.24xlarge', 'c5d.2xlarge', 'c5d.4xlarge', 'c5d.9xlarge', 'c5d.large', 'c5d.metal', 'c5d.xlarge', 'c5n.18xlarge', 'c5n.2xlarge', 'c5n.4xlarge', 'c5n.9xlarge', 'c5n.large', 'c5n.metal', 'c5n.xlarge', 'cc2.8xlarge', 'cr1.8xlarge', 'd2.2xlarge', 'd2.4xlarge', 'd2.8xlarge', 'd2.xlarge', 'f1.16xlarge', 'f1.2xlarge', 'f1.4xlarge', 'g2.2xlarge', 'g2.8xlarge', 'g3.16xlarge', 'g3.4xlarge', 'g3.8xlarge', 'g3s.xlarge', 'g4dn.12xlarge', 'g4dn.16xlarge', 'g4dn.2xlarge', 'g4dn.4xlarge', 'g4dn.8xlarge', 'g4dn.metal', 'g4dn.xlarge', 'h1.16xlarge', 'h1.2xlarge', 'h1.4xlarge', 'h1.8xlarge', 'hs1.8xlarge', 'i2.2xlarge', 'i2.4xlarge', 'i2.8xlarge', 'i2.xlarge', 'i3.16xlarge', 'i3.2xlarge', 'i3.4xlarge', 'i3.8xlarge', 'i3.large', 'i3.metal', 'i3.xlarge', 'i3en.12xlarge', 'i3en.24xlarge', 'i3en.2xlarge', 'i3en.3xlarge', 'i3en.6xlarge', 'i3en.large', 'i3en.metal', 'i3en.xlarge', 'm1.large', 'm1.medium', 'm1.small', 'm1.xlarge', 'm2.2xlarge', 'm2.4xlarge', 'm2.xlarge', 'm3.2xlarge', 'm3.large', 'm3.medium', 'm3.xlarge', 'm4.10xlarge', 'm4.16xlarge', 'm4.2xlarge', 'm4.4xlarge', 'm4.large', 'm4.xlarge', 'm5.12xlarge', 'm5.16xlarge', 'm5.24xlarge', 'm5.2xlarge', 'm5.4xlarge', 'm5.8xlarge', 'm5.large', 'm5.metal', 'm5.xlarge', 'm5a.12xlarge', 'm5a.16xlarge', 'm5a.24xlarge', 'm5a.2xlarge', 'm5a.4xlarge', 'm5a.8xlarge', 'm5a.large', 'm5a.xlarge', 'm5ad.12xlarge', 'm5ad.24xlarge', 'm5ad.2xlarge', 'm5ad.4xlarge', 'm5ad.large', 'm5ad.xlarge', 'm5d.12xlarge', 'm5d.16xlarge', 'm5d.24xlarge', 'm5d.2xlarge', 'm5d.4xlarge', 'm5d.8xlarge', 'm5d.large', 'm5d.metal', 'm5d.xlarge', 'm5dn.12xlarge', 'm5dn.16xlarge', 'm5dn.24xlarge', 'm5dn.2xlarge', 'm5dn.4xlarge', 'm5dn.8xlarge', 'm5dn.large', 'm5dn.metal', 'm5dn.xlarge', 'm5n.12xlarge', 'm5n.16xlarge', 'm5n.24xlarge', 'm5n.2xlarge', 'm5n.4xlarge', 'm5n.8xlarge', 'm5n.large', 'm5n.metal', 'm5n.xlarge', 'p2.16xlarge', 'p2.8xlarge', 'p2.xlarge', 'p3.16xlarge', 'p3.2xlarge', 'p3.8xlarge', 'p3dn.24xlarge', 'r3.2xlarge', 'r3.4xlarge', 'r3.8xlarge', 'r3.large', 'r3.xlarge', 'r4.16xlarge', 'r4.2xlarge', 'r4.4xlarge', 'r4.8xlarge', 'r4.large', 'r4.xlarge', 'r5.12xlarge', 'r5.16xlarge', 'r5.24xlarge', 'r5.2xlarge', 'r5.4xlarge', 'r5.8xlarge', 'r5.large', 'r5.metal', 'r5.xlarge', 'r5a.12xlarge', 'r5a.16xlarge', 'r5a.24xlarge', 'r5a.2xlarge', 'r5a.4xlarge', 'r5a.8xlarge', 'r5a.large', 'r5a.xlarge', 'r5ad.12xlarge', 'r5ad.24xlarge', 'r5ad.2xlarge', 'r5ad.4xlarge', 'r5ad.large', 'r5ad.xlarge', 'r5d.12xlarge', 'r5d.16xlarge', 'r5d.24xlarge', 'r5d.2xlarge', 'r5d.4xlarge', 'r5d.8xlarge', 'r5d.large', 'r5d.metal', 'r5d.xlarge', 'r5dn.12xlarge', 'r5dn.16xlarge', 'r5dn.24xlarge', 'r5dn.2xlarge', 'r5dn.4xlarge', 'r5dn.8xlarge', 'r5dn.large', 'r5dn.metal', 'r5dn.xlarge', 'r5n.12xlarge', 'r5n.16xlarge', 'r5n.24xlarge', 'r5n.2xlarge', 'r5n.4xlarge', 'r5n.8xlarge', 'r5n.large', 'r5n.metal', 'r5n.xlarge', 't1.micro', 't2.2xlarge', 't2.large', 't2.medium', 't2.micro', 't2.nano', 't2.small', 't2.xlarge', 't3.2xlarge', 't3.large', 't3.medium', 't3.micro', 't3.nano', 't3.small', 't3.xlarge', 't3a.2xlarge', 't3a.large', 't3a.medium', 't3a.micro', 't3a.nano', 't3a.small', 't3a.xlarge', 'u-18tb1.metal', 'u-24tb1.metal', 'x1.16xlarge', 'x1.32xlarge', 'x1e.16xlarge', 'x1e.2xlarge', 'x1e.32xlarge', 'x1e.4xlarge', 'x1e.8xlarge', 'x1e.xlarge', 'z1d.12xlarge', 'z1d.2xlarge', 'z1d.3xlarge', 'z1d.6xlarge', 'z1d.large', 'z1d.metal', 'z1d.xlarge']
so.template:27:17
W7001 Mapping 'AWSInstanceType2Arch' is defined but not used
so.template:55:9
W7001 Mapping 'AWSInstanceType2NATArch' is defined but not used
so.template:87:9
E3012 Property Resources/WebServerScaleUpPolicy/Properties/ScalingAdjustment should be of type Integer
so.template:120:17
E3012 Property Resources/WebServerScaleDownPolicy/Properties/ScalingAdjustment should be of type Integer
so.template:131:17
E3012 Property Resources/CPUAlarmHigh/Properties/Period should be of type Integer
so.template:141:17
E3012 Property Resources/CPUAlarmHigh/Properties/EvaluationPeriods should be of type Integer
so.template:142:17
E3012 Property Resources/CPUAlarmHigh/Properties/Threshold should be of type Double
so.template:143:17
E3012 Property Resources/CPUAlarmLow/Properties/Period should be of type Integer
so.template:163:17
E3012 Property Resources/CPUAlarmLow/Properties/EvaluationPeriods should be of type Integer
so.template:164:17
E3012 Property Resources/CPUAlarmLow/Properties/Threshold should be of type Double
so.template:165:17
E3012 Property Resources/ALBListener/Properties/Port should be of type Integer
so.template:202:17
E3002 Invalid Property Resources/ALBTargetGroup/Properties/HealthCheckType
so.template:217:17
E3016 Value for MinInstancesInService must be of type Integer
so.template:251:11
E3016 Value for MaxBatchSize must be of type Integer
so.template:252:11
E3016 Value for WaitOnResourceSignals must be of type Boolean
so.template:254:11
E3012 Property Resources/InstanceSecurityGroup/Properties/SecurityGroupIngress/0/FromPort should be of type Integer
so.template:280:25
E3012 Property Resources/InstanceSecurityGroup/Properties/SecurityGroupIngress/0/ToPort should be of type Integer
so.template:281:25
E3012 Property Resources/InstanceSecurityGroup/Properties/SecurityGroupIngress/1/FromPort should be of type Integer
so.template:288:25
E3012 Property Resources/InstanceSecurityGroup/Properties/SecurityGroupIngress/1/ToPort should be of type Integer
so.template:289:25
I'd suggest you fix these issues first.
This is coming down to HealthCheckType being in the target group resource, it should instead be attached to your autoscaling group.
The fixed template for this error is below
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"VpcId": {
"Type": "AWS::EC2::VPC::Id",
"Description": "VpcId of your existing Virtual Private Cloud (VPC)",
"ConstraintDescription": "must be the VPC Id of an existing Virtual Private Cloud."
},
"Subnets": {
"Type": "List<AWS::EC2::Subnet::Id>",
"Description": "The list of SubnetIds in your Virtual Private Cloud (VPC)"
},
"InstanceType": {
"Description": "WebServer EC2 instance type",
"Type": "String",
"Default": "t2.small",
"AllowedValues": [
"t1.micro",
"t2.nano",
"t2.micro",
"t2.small",
"t2.medium",
"t2.large",
"m1.small",
"m1.medium",
"cg1.4xlarge"
],
"ConstraintDescription": "must be a valid EC2 instance type."
},
"WebServerCapacity": {
"Default": "2",
"Description": "The initial number of WebServer instances",
"Type": "Number",
"MinValue": "1",
"MaxValue": "10",
"ConstraintDescription": "must be between 1 and 10 EC2 instances."
},
"KeyName": {
"Description": "The EC2 Key Pair to allow SSH access to the instances",
"Type": "AWS::EC2::KeyPair::KeyName",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair."
},
"SSHLocation": {
"Description": "The IP address range that can be used to SSH to the EC2 instances",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Mappings": {
"AWSInstanceType2Arch": {
"t1.micro": {
"Arch": "HVM64"
},
"t2.nano": {
"Arch": "HVM64"
},
"t2.micro": {
"Arch": "HVM64"
},
"t2.small": {
"Arch": "HVM64"
},
"t2.medium": {
"Arch": "HVM64"
},
"t2.large": {
"Arch": "HVM64"
},
"m1.small": {
"Arch": "HVM64"
},
"m1.medium": {
"Arch": "HVM64"
},
"m1.large": {
"Arch": "HVM64"
},
"d2.xlarge": {
"Arch": "HVM64"
}
},
"AWSInstanceType2NATArch": {
"t1.micro": {
"Arch": "NATHVM64"
},
"t2.nano": {
"Arch": "NATHVM64"
},
"t2.micro": {
"Arch": "NATHVM64"
},
"t2.small": {
"Arch": "NATHVM64"
},
"t2.medium": {
"Arch": "NATHVM64"
},
"t2.large": {
"Arch": "NATHVM64"
},
"m1.small": {
"Arch": "NATHVM64"
}
}
},
"Resources": {
"WebServerScaleUpPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "WebServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": "1"
}
},
"WebServerScaleDownPolicy": {
"Type": "AWS::AutoScaling::ScalingPolicy",
"Properties": {
"AdjustmentType": "ChangeInCapacity",
"AutoScalingGroupName": {
"Ref": "WebServerGroup"
},
"Cooldown": "60",
"ScalingAdjustment": "-1"
}
},
"CPUAlarmHigh": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "Scale-up if CPU > 70% for 5 minutes",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Statistic": "Average",
"Period": "300",
"EvaluationPeriods": "2",
"Threshold": "70",
"AlarmActions": [{
"Ref": "WebServerScaleUpPolicy"
}],
"Dimensions": [{
"Name": "AutoScalingGroupName",
"Value": {
"Ref": "WebServerGroup"
}
}],
"ComparisonOperator": "GreaterThanThreshold"
}
},
"CPUAlarmLow": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "Scale-down if CPU < 40% for 5 minutes",
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"Statistic": "Average",
"Period": "300",
"EvaluationPeriods": "2",
"Threshold": "40",
"AlarmActions": [{
"Ref": "WebServerScaleDownPolicy"
}],
"Dimensions": [{
"Name": "AutoScalingGroupName",
"Value": {
"Ref": "WebServerGroup"
}
}],
"ComparisonOperator": "LessThanThreshold"
}
},
"ApplicationLoadBalancer": {
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Properties": {
"Name": "elb-test",
"Scheme": "internet-facing",
"IpAddressType": "ipv4",
"Type": "application",
"Subnets": {
"Ref": "Subnets"
}
}
},
"ALBListener": {
"Type": "AWS::ElasticLoadBalancingV2::Listener",
"Properties": {
"DefaultActions": [{
"Type": "forward",
"TargetGroupArn": {
"Ref": "ALBTargetGroup"
}
}],
"LoadBalancerArn": {
"Ref": "ApplicationLoadBalancer"
},
"Port": "80",
"Protocol": "HTTP"
}
},
"ALBTargetGroup": {
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
"Properties": {
"Name": "ELB-Group",
"HealthCheckIntervalSeconds": 30,
"HealthCheckTimeoutSeconds": 5,
"HealthyThresholdCount": 3,
"Port": 80,
"Protocol": "HTTP",
"TargetType": "instance",
"UnhealthyThresholdCount": 5,
"VpcId": {
"Ref": "VpcId"
}
}
},
"WebServerGroup": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"VPCZoneIdentifier": {
"Ref": "Subnets"
},
"HealthCheckType": "ELB",
"HealthCheckGracePeriod": 300
"LaunchConfigurationName": {
"Ref": "LaunchConfig"
},
"MinSize": "1",
"MaxSize": "8",
"DesiredCapacity": {
"Ref": "WebServerCapacity"
},
"TargetGroupARNs": [{
"Ref": "ALBTargetGroup"
}]
},
"CreationPolicy": {
"ResourceSignal": {
"Timeout": "PT5M",
"Count": {
"Ref": "WebServerCapacity"
}
}
},
"UpdatePolicy": {
"AutoScalingRollingUpdate": {
"MinInstancesInService": "1",
"MaxBatchSize": "1",
"PauseTime": "PT5M",
"WaitOnResourceSignals": "true"
}
}
},
"LaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"KeyName": {
"Ref": "KeyName"
},
"ImageId": "ami-00932e4c143f3fdf0",
"SecurityGroups": [{
"Ref": "InstanceSecurityGroup"
}],
"InstanceType": {
"Ref": "InstanceType"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash -x\n",
"# Install the files and packages from the metadata\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource MyInstance ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"# Signal the status from cfn-init\n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ",
{
"Ref": "AWS::StackName"
},
" --resource MyInstance ",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
}
},
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable SSH access and HTTP from the load balancer only",
"SecurityGroupIngress": [{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": {
"Ref": "SSHLocation"
}
},
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"SourceSecurityGroupId": {
"Fn::Select": [
0,
{
"Fn::GetAtt": [
"ApplicationLoadBalancer",
"SecurityGroups"
]
}
]
}
}
],
"VpcId": {
"Ref": "VpcId"
}
}
}
},
"Outputs": {
"URL": {
"Description": "The URL of the website",
"Value": {
"Fn::Join": [
"",
[
"http://",
{
"Fn::GetAtt": [
"ApplicationLoadBalancer",
"DNSName"
]
}
]
]
}
}
}
}
I am trying to create Azure Application Gateway with ssl certificate from keyvaults. But didn't find any option to add keyvaults to ARM template with .pfx and .cer files. So I have encoded the certificate contents and added as secret in existing keyvault. Now trying to pass the secrets using ARM template. Validation passed but getting error in Deployment stage. Attached the template and parameters I am using.
Getting Error while deploying the resource
Deployment template validation failed: 'Template parameter JToken type is not valid. Expected 'String, Uri'. Actual 'Object'
"additionalInfo": [
{
"type": "TemplateViolation",
"info": {
"lineNumber": 226,
"linePosition": 33,
"path": "properties.template.parameters.appgwfesslcertsecret"
}
}
]
Updated Template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"namingSettings": {
"type": "object"
},
"taggingSettings": {
"type": "object"
},
"applicationGatewaySettings": {
"type": "object"
},
"appgwfesslcertsecret": {
"type": "securestring"
},
"appgwbecertsecret": {
"type": "securestring"
}
},
"variables": {
"namePrefix": "[concat(parameters('namingSettings').name.org,'-',parameters('namingSettings').name.cloud,'-',parameters('namingSettings').name.region,'-',parameters('namingSettings').name.businessUnit,'-',parameters('namingSettings').name.account,'-',parameters('namingSettings').name.app,'-',parameters('namingSettings').name.sdlc,'-')]" },
"resources": [
{
"apiVersion": "2018-11-01",
"name": "[concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].name)]",
"type": "Microsoft.Network/applicationGateways",
"location": "[resourceGroup().location]",
"copy": {
"name": "appgwCopy",
"count": "[length(parameters('applicationGatewaySettings').settings)]"
},
"tags": "[parameters('taggingSettings').tags]",
"properties": {
"sku": {
"name": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].applicationGatewaySku]",
"tier": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].applicationGatewayTier]",
"capacity": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].applicationGatewayInstanceCount]"
},
"sslPolicy": {
"policyType": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].policyType]",
"policyName": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].policy]"
},
"copy": [
{
"name": "frontendPorts",
"count": "[length(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].frontendPorts)]",
"input": {
"name": "[concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].frontendPorts[copyIndex('frontendPorts')].name)]",
"properties": {
"port": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].frontendPorts[copyIndex('frontendPorts')].properties.port]"
}
}
},
{
"name": "gatewayIPConfigurations",
"count": "[length(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].gatewayIPConfigurations)]",
"input": {
"name": "[concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].gatewayIPConfigurations[copyIndex('gatewayIPConfigurations')].name)]",
"properties": {
"subnet": {
"id": "[resourceId(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].gatewayIPConfigurations[copyIndex('gatewayIPConfigurations')].properties.subnet.vnetRGName,'microsoft.network/virtualnetworks/subnets', parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].gatewayIPConfigurations[copyIndex('gatewayIPConfigurations')].properties.subnet.vnetName, parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].gatewayIPConfigurations[copyIndex('gatewayIPConfigurations')].properties.subnet.subnetName)]"
}
}
}
},
{
"name": "frontendIPConfigurations",
"count": "[length(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].frontendIPConfigurations)]",
"input": {
"name": "[concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].frontendIPConfigurations[copyIndex('frontendIPConfigurations')].name)]",
"properties": {
"subnet": {
"id": "[resourceId(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].gatewayIPConfigurations[copyIndex('frontendIPConfigurations')].properties.subnet.vnetRGName,'microsoft.network/virtualnetworks/subnets', parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].frontendIPConfigurations[copyIndex('frontendIPConfigurations')].properties.subnet.vnetName, parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].frontendIPConfigurations[copyIndex('frontendIPConfigurations')].properties.subnet.subnetName)]"
}
}
}
},
{
"name": "backendHttpSettingsCollection",
"count": "[length(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].backendHttpSettingsCollection)]",
"input": {
"name": "[concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].backendHttpSettingsCollection[copyIndex('backendHttpSettingsCollection')].name)]",
"properties": {
"port": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].backendHttpSettingsCollection[copyIndex('backendHttpSettingsCollection')].properties.port]",
"protocol": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].backendHttpSettingsCollection[copyIndex('backendHttpSettingsCollection')].properties.protocol]",
"authenticationCertificates": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].backendHttpSettingsCollection[copyIndex('backendHttpSettingsCollection')].properties.authenticationCertificates]"
}
}
},
{
"name": "backendAddressPools",
"count": "[length(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].backendAddressPools)]",
"input": {
"name": "[concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].backendAddressPools[copyIndex('backendAddressPools')].name)]"
}
},
{
"name": "httpListeners",
"count": "[length(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].httpListeners)]",
"input": {
"name": "[concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].httpListeners[copyIndex('httpListeners')].name)]",
"properties": {
"frontendIPConfiguration": {
"id": "[resourceId(resourceGroup().name, 'microsoft.network/applicationGateways/frontendIPConfigurations', concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].name),concat(variables('namePrefix'), parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].httpListeners[copyIndex('httpListeners')].properties.frontendIPConfiguration))]"
},
"frontendPort": {
"id": "[resourceId(resourceGroup().name, 'microsoft.network/applicationGateways/frontendPorts', concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].name),concat(variables('namePrefix'), parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].httpListeners[copyIndex('httpListeners')].properties.frontendPort))]"
},
"protocol": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].httpListeners[copyIndex('httpListeners')].properties.protocol]",
"sslCertificate": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].httpListeners[copyIndex('httpListeners')].properties.sslCertificate]"
}
}
},
{
"name": "requestRoutingRules",
"count": "[length(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].requestRoutingRules)]",
"input": {
"name": "[concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].requestRoutingRules[copyIndex('requestRoutingRules')].name)]",
"properties": {
"httpListener": {
"id": "[resourceId(resourceGroup().name, 'microsoft.network/applicationGateways/httpListeners', concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].name),concat(variables('namePrefix'), parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].requestRoutingRules[copyIndex('requestRoutingRules')].properties.httpListener))]"
},
"backendAddressPool": {
"id": "[resourceId(resourceGroup().name, 'microsoft.network/applicationGateways/backendAddressPools', concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].name),concat(variables('namePrefix'), parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].requestRoutingRules[copyIndex('requestRoutingRules')].properties.backendAddressPool))]"
},
"backendHttpSettings": {
"id": "[resourceId(resourceGroup().name, 'microsoft.network/applicationGateways/backendHttpSettingsCollection', concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].name),concat(variables('namePrefix'), parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].requestRoutingRules[copyIndex('requestRoutingRules')].properties.backendHttpSettings))]"
}
}
}
},
{
"name": "sslCertificates",
"count": "[length(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].sslCertificates)]",
"input": {
"name": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].sslCertificates[copyIndex('sslCertificates')].name]",
"properties": {
"data": "[parameters('appgwfesslcertsecret')]",
"password": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].sslCertificates[copyIndex('sslCertificates')].properties.password]"
}
}
},
{
"name": "authenticationCertificates",
"count": "[length(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].authenticationCertificates)]",
"input": {
"name": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].authenticationCertificates[copyIndex('authenticationCertificates')].name]",
"properties": {
"data": "[parameters('appgwbecertsecret')]"
}
}
}
],
"probes": [],
"webApplicationFirewallConfiguration": {
"enabled": true,
"firewallMode": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].firewallMode]",
"ruleSetType": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].ruleSetType]",
"ruleSetVersion": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].ruleSetVersion]",
"requestBodyCheck": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].requestBodyCheck]",
"maxRequestBodySizeInKb": "[if(parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].requestBodyCheck, parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].maxReqBodySize, json('null'))]",
"fileUploadLimitInMb": "[int(100)]"
},
"enableHttp2": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].enableHTTP2]"
},
"resources": [
{
"type": "providers/diagnosticSettings",
"name": "[concat('Microsoft.Insights/', parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].diagname)]",
"dependsOn": [
"[concat(variables('namePrefix'),parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].name)]"
],
"apiVersion": "2017-05-01-preview",
"properties": {
"name": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].diagname]",
"logs": [
{
"category": "ApplicationGatewayAccessLog",
"enabled": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].enableApplicationGatewayAccessLog]",
"retentionPolicy": {
"days": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].applicationGatewayAccessLogRetentionDays]",
"enabled": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].enableApplicationGatewayAccessLogRetention]"
}
},
{
"category": "ApplicationGatewayPerformanceLog",
"enabled": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].enableApplicationGatewayPerformanceLog]",
"retentionPolicy": {
"days": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].applicationGatewayPerformanceLogRetentionDays]",
"enabled": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].enableApplicationGatewayPerformanceLogRetention]"
}
},
{
"category": "ApplicationGatewayFirewallLog",
"enabled": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].enableApplicationGatewayFirewallLog]",
"retentionPolicy": {
"days": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].applicationGatewayFirewallLogRetentionDays]",
"enabled": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].enableApplicationGatewayFirewallLogRetention]"
}
}
],
"metrics": [
{
"category": "AllMetrics",
"enabled": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].enableAllMetrics]",
"retentionPolicy": {
"enabled": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].enableAllMetricsRetentionPolicy]",
"days": "[parameters('applicationGatewaySettings').settings[copyIndex('appgwCopy')].allMetricsRetentionDays]"
}
}
]
}
}
]
}
],
"outputs": {}
}
Updated Parameter File:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"namingSettings": {
"value": {
"name": {
"app": "demo",
"cloud": "azu",
"region": "eus2",
}
}
},
"taggingSettings": {
"value": {
"tags": {
"AppID": "demo",
"Environment": "nonprod",
}
}
},
"applicationGatewaySettings": {
"value": {
"settings": [
{
"name": "appgw-pcs01",
"applicationGatewaySku": "WAF_Medium",
"applicationGatewayTier": "WAF",
"applicationGatewayInstanceCount": 2,
"policyType": "Predefined",
"policy": "AppGwSslPolicy20170401S",
"publicIP": null,
"firewallMode": "Prevention",
"diagname": "Demo-Appgw",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0",
"requestBodyCheck": true,
"maxReqBodySize": 10,
"enableHTTP2": false,
"enableApplicationGatewayAccessLog": true,
"applicationGatewayAccessLogRetentionDays": 30,
"enableApplicationGatewayAccessLogRetention": true,
"enableApplicationGatewayPerformanceLog": true,
"applicationGatewayPerformanceLogRetentionDays": 30,
"enableApplicationGatewayPerformanceLogRetention": true,
"enableApplicationGatewayFirewallLog": true,
"applicationGatewayFirewallLogRetentionDays": 30,
"enableApplicationGatewayFirewallLogRetention": true,
"enableAllMetrics": true,
"enableAllMetricsRetentionPolicy": true,
"allMetricsRetentionDays": 30,
"frontendPorts": [
{
"name": "feport-80",
"properties": {
"port": 80
}
},
{
"name": "feport-443",
"properties": {
"port": 443
}
}
],
"gatewayIPConfigurations": [
{
"name": "gwipconfig-pcs01",
"properties": {
"subnet": {
"vnetName": "demo-vnet",
"vnetRGName": "demo",
"subnetName": "demo-subgw"
}
}
}
],
"sslCertificates": [
{
"name": "appgwfesslcert",
"properties": {
"data": null,
"password": "password"
}
}
],
"authenticationCertificates": [
{
"name": "appgwbecert",
"properties": {
"data": null
}
}
],
"frontEndIPConfigurations": [
{
"name": "feipcfg-pcs01",
"properties": {
"subnet": {
"vnetName": "demo-vnet",
"vnetRGName": "demo",
"subnetName": "demo-subgw"
}
}
}
],
"httpListeners": [
{
"name": "httplistener-pcs01",
"properties": {
"frontendIPConfiguration": "feipcfg-pcs01",
"frontendPort": "feport-80",
"protocol": "Http",
"sslCertificate": {}
}
},
{
"name": "httpslistener-pcs01",
"properties": {
"frontendIPConfiguration": "feipcfg-pcs01",
"frontendPort": "feport-443",
"protocol": "Https",
"sslCertificate": {
"id": "/subscriptions/105dcee5-gy46-48e3-9046-265c7379e647/resourceGroups/demo/providers/Microsoft.Network/applicationGateways/azu-eus2-nonprod-appgw-pcs01/sslCertificates/appgwfesslcert"
}
}
}
],
"backendHttpSettingsCollection": [
{
"name": "httpsetcol-default",
"properties": {
"protocol": "Http",
"port": 80,
"authenticationCertificates": []
}
},
{
"name": "httpssetcol-default",
"properties": {
"protocol": "Https",
"port": 443,
"authenticationCertificates": [
{
"id": "/subscriptions/105dcee5-gy46-48e3-9046-265c7379e647/resourceGroups/demo/providers/Microsoft.Network/applicationGateways/azu-eus2-nonprod-appgw-pcs01/authenticationCertificates/appgwbecert"
}
]
}
}
],
"backendAddressPools": [
{
"name": "beap-pcs01"
}
],
"requestRoutingRules": [
{
"name": "httpreqrtrule-pcs01",
"properties": {
"httpListener": "httplistener-pcs01",
"backendAddressPool": "beap-pcs01",
"backendHttpSettings": "httpsetcol-default"
}
},
{
"name": "httpsreqrtrule-pcs01",
"properties": {
"httpListener": "httpslistener-pcs01",
"backendAddressPool": "beap-pcs01",
"backendHttpSettings": "httpssetcol-default"
}
}
]
}
]
}
},
"appgwfesslcertsecret": {
"value": {
"reference": {
"keyVault": {
"id": "/subscriptions/105dcee5-gy46-48e3-9046-265c7379e647/resourceGroups/demo/providers/Microsoft.KeyVault/vaults/demo-kv-new"
},
"secretName": "appgwfesslcert"
}
}
},
"appgwbecertsecret": {
"value": {
"reference": {
"keyVault": {
"id": "/subscriptions/105dcee5-gy46-48e3-9046-265c7379e647/resourceGroups/demo/providers/Microsoft.KeyVault/vaults/demo-kv-new"
},
"secretName": "appgwbecert"
}
}
}
}
}
you can only reference KV secrets in the parameters section of the template (or parameters file). You cannot use it in a random place in the template
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-tutorial-use-key-vault
I have been trying to get two instances to join a domain and one be the dc. The code is from one of the templates however it doesnt let me run it with my modification.
I am getting the error DeviceIndex cannot be empty when the DC01 instance initiates.
This is the code for DC01
{
"Resources": {
"DC1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "40"
}
}
],
"ImageId": {
"Ref": "BaseAmiId"
},
"InstanceType": "t2.micro",
"KeyName": {
"Ref": "KeyName"
},
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": "false",
"DeleteOnTermination": "true",
"DeviceIndex": "0",
"GroupSet": [
{
"Ref": "PrivateSecurityGroup"
}
],
"PrivateIpAddress": "10.1.3.100"
},
{
"SubnetId": {
"Ref": "PrivateSubnetAZ1"
}
}
],
"Tags": [
{
"Key": "Name",
"Value": "DC1"
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"<script>\n",
"cfn-init.exe -v -c config -s ",
{
"Ref": "AWS::StackId"
},
" -r DC1",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"</script>\n"
]
]
}
}
}
}
}
}
You have created json formats in Network-Interface. So, it is considering the second one. Please try the below code snippet.
{
"Resources": {
"DC1": {
"Type": "AWS::EC2::Instance",
"Properties": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "40"
}
}
],
"ImageId": {
"Ref": "BaseAmiId"
},
"InstanceType": "t2.micro",
"KeyName": {
"Ref": "KeyName"
},
"NetworkInterfaces": [
{
"SubnetId": {
"Ref": "PrivateSubnetAZ1"
},
"AssociatePublicIpAddress": "false",
"DeleteOnTermination": "true",
"DeviceIndex": "0",
"GroupSet": [
{
"Ref": "PrivateSecurityGroup"
}
],
"PrivateIpAddress": "10.1.3.100"
}
],
"Tags": [
{
"Key": "Name",
"Value": "DC1"
}
],
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"<script>\n",
"cfn-init.exe -v -c config -s ",
{
"Ref": "AWS::StackId"
},
" -r DC1",
" --region ",
{
"Ref": "AWS::Region"
},
"\n",
"</script>\n"
]
]
}
}
}
}
}
}
It will resolve the issue