- Newest
- Most votes
- Most comments
Hello.
Is it possible for you to share the CloudFormation template you are using and the error message?
Also, are there any differences when comparing the security group that was successfully imported and the security group that was unsuccessfully imported?
I can't share the full Cloudformation template because it contains company specific information. However, here are the relevant parts:
AWSTemplateFormatVersion: 2010-09-09
Parameters:
Account:
Type: String
Default: production
AllowedValues:
- production
- staging
Resources:
VPC:
Type: AWS::EC2::VPC
DeletionPolicy: Retain
Properties:
CidrBlock: 10.0.0.0/16 # 65,536 private IPv4 addresses
EnableDnsSupport: true
EnableDnsHostnames: true
WideOpenSecurityGroup:
Type: AWS::EC2::SecurityGroup
DeletionPolicy: Retain
Properties:
VpcId: !Ref VPC
GroupDescription: wide open security group that allows all traffic through
SecurityGroupIngress:
- IpProtocol: -1
CidrIp: 0.0.0.0/0
This is the error I see in the UI:
There are no differences between the successful and unsuccessful security groups. They were both created using the same Cloudformation template, just in separate accounts (staging account and production account). I was able to successfully migrate the staging security groups from one Cloudformation stack to another. But I'm hitting this issue when I try to perform the same migration for the production security groups.
Thank you for sharing.
There seems to be no problem with the content of the CloudFormation template.
First of all, why not try troubleshooting according to the following document?
According to the following document, it is possible to see the cause of failure from CloudTrail's API history.
https://repost.aws/knowledge-center/cloudformation-internal-failure-error
You may also want to use the CloudFormation designer to check the syntax of your template.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/working-with-templates-cfn-designer.html
I attempted to troubleshoot using that document earlier. The "Deploy a test stack" section is what prompted me to try importing the resources 1 by 1, and thats how I was able to determine the Security Groups are the issue. I also looked at Cloudtrail logs and I don't see any logs for this error. It seems like the error is happening before the Cloudtrail log can even be emitted.
I just dropped my entire Cloudformation template into the designer as you suggested, and I can confirm the syntax is correct.
Relevant content
- asked 3 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago