EC2 Instance Status Check fails when created by CloudFormation template

Question

I have created a CloudFormation Stack using the below template in the **us-east-1** and **ap-south-1** region

AWSTemplateFormatVersion: "2010-09-09"
    Description: Template for node-aws-ec2-github-actions tutorial
    Resources:
      InstanceSecurityGroup:
        Type: AWS::EC2::SecurityGroup
        Properties:
          GroupDescription: Sample Security Group
          SecurityGroupIngress:
          - IpProtocol: tcp
            FromPort: 80
            ToPort: 80
            CidrIp: 0.0.0.0/0
          - IpProtocol: tcp
            FromPort: 443
            ToPort: 443
            CidrIp: 0.0.0.0/0
          - IpProtocol: tcp
            FromPort: 22
            ToPort: 22
            CidrIp: 0.0.0.0/0
      EC2Instance: 
        Type: "AWS::EC2::Instance"
        Properties: 
          ImageId: "ami-0d2986f2e8c0f7d01" #Another comment -- This is a Linux AMI
          InstanceType: t2.micro
          KeyName: node-ec2-github-actions-key
          SecurityGroups:
          - Ref: InstanceSecurityGroup
          BlockDeviceMappings:
          - DeviceName: /dev/sda1
            Ebs:
              VolumeSize: 8
              DeleteOnTermination: true
          Tags:
            - Key: Name
              Value: Node-Ec2-Github-Actions
    
      EIP:
          Type: AWS::EC2::EIP
          Properties:
            InstanceId: !Ref EC2Instance
    Outputs:
      InstanceId:
        Description: InstanceId of the newly created EC2 instance
        Value:
          Ref: EC2Instance
      PublicIP:
        Description: Elastic IP 
        Value:
          Ref: EIP
The Stack is executed successfully and all the resources are created. But unfortunately, once the EC2 status checks are initialized the Instance status check fails and I am not able to reach the instance using SSH.

I have tried creating an Instance manually by the same IAM user, and that works perfectly.

These are the Policies I have attached to the IAM user.

Managed Policies
* AmazonEC2FullAccess
* AWSCloudFormationFullAccess

InLine Policy

{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "iam:CreateInstanceProfile",
                    "iam:DeleteInstanceProfile",
                    "iam:GetRole",
                    "iam:GetInstanceProfile",
                    "iam:DeleteRolePolicy",
                    "iam:RemoveRoleFromInstanceProfile",
                    "iam:CreateRole",
                    "iam:DeleteRole",
                    "iam:UpdateRole",
                    "iam:PutRolePolicy",
                    "iam:AddRoleToInstanceProfile"
                ],
                "Resource": "*"
            },
            {
                "Sid": "VisualEditor1",
                "Effect": "Allow",
                "Action": [
                    "s3:PutObject",
                    "s3:GetObject",
                    "s3:ListAllMyBuckets",
                    "s3:CreateBucket",
                    "s3:DeleteObject",
                    "s3:DeleteBucket"
                ],
                "Resource": "*"
            }
        ]
    }

Thanks in advance for helping out. Have a good day

Accepted Answer

Hi.

AMI: ami-0d2986f2e8c0f7d01 is an Amazon Linux 2 (HVM) virtual machine for ap-south-1.  
For HVM virtual machines, specify xvda as the root device.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html#available-ec2-device-names

You should change BlockDeviceMappings.DeviceName to:

```
       BlockDeviceMappings:
       - DeviceName: /dev/xvda
         Ebs:
           VolumeSize: 8
           DeleteOnTermination: true
```

EC2 Instance Status Check fails when created by CloudFormation template

Relevanter Inhalt