EC2 Instance Status Check fails when created by CloudFormation template
I have created a CloudFormation Stack using the below template in the us-east-1 and ap-south-1 region
AWSTemplateFormatVersion: "2010-09-09"
Description: Template for node-aws-ec2-github-actions tutorial
Resources:
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Sample Security Group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
EC2Instance:
Type: "AWS::EC2::Instance"
Properties:
ImageId: "ami-0d2986f2e8c0f7d01" #Another comment -- This is a Linux AMI
InstanceType: t2.micro
KeyName: node-ec2-github-actions-key
SecurityGroups:
- Ref: InstanceSecurityGroup
BlockDeviceMappings:
- DeviceName: /dev/sda1
Ebs:
VolumeSize: 8
DeleteOnTermination: true
Tags:
- Key: Name
Value: Node-Ec2-Github-Actions
EIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref EC2Instance
Outputs:
InstanceId:
Description: InstanceId of the newly created EC2 instance
Value:
Ref: EC2Instance
PublicIP:
Description: Elastic IP
Value:
Ref: EIPThe Stack is executed successfully and all the resources are created. But unfortunately, once the EC2 status checks are initialized the Instance status check fails and I am not able to reach the instance using SSH.
I have tried creating an Instance manually by the same IAM user, and that works perfectly.
These are the Policies I have attached to the IAM user.
Managed Policies
- AmazonEC2FullAccess
- AWSCloudFormationFullAccess
InLine Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:GetRole",
"iam:GetInstanceProfile",
"iam:DeleteRolePolicy",
"iam:RemoveRoleFromInstanceProfile",
"iam:CreateRole",
"iam:DeleteRole",
"iam:UpdateRole",
"iam:PutRolePolicy",
"iam:AddRoleToInstanceProfile"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:CreateBucket",
"s3:DeleteObject",
"s3:DeleteBucket"
],
"Resource": "*"
}
]
}Thanks in advance for helping out. Have a good day
Hi.
AMI: ami-0d2986f2e8c0f7d01 is an Amazon Linux 2 (HVM) virtual machine for ap-south-1.
For HVM virtual machines, specify xvda as the root device.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html#available-ec2-device-names
You should change BlockDeviceMappings.DeviceName to:
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: 8
DeleteOnTermination: trueRelevant questions
Did not have IAM permissions to process tags on AWS::EC2::Instance resource
asked a year agoEC2 Instance Status Check fails when created by CloudFormation template
Accepted Answerasked a month agoTemplate format error: Unrecognized resource types: [AWS::SES::Template] bug or expected behaviour?
Accepted Answerasked 4 months agoMSK instance size using CDK
Accepted Answerasked 13 days agoHow to provision CloudFront distribution with ACM certificate in CloudFormation?
asked 3 months agoHow to detect drifts of Cloudformation Custom Resource?
asked 2 months agoHow to create auto scaling group using CodePipeline
asked 3 years agoCloudFormation stack template failing to receive 1 resource signal during creation of EC2 instance
asked 23 days agoCloudFormation won't update CloudFrontDistribution DNS
asked a year agoCloudformation rule doesn't prevent stack creation
asked 2 months ago
Thanks mate. This solved the issue. Happy coding.