By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

EC2 Instance Status Check fails when created by CloudFormation template

0

I have created a CloudFormation Stack using the below template in the us-east-1 and ap-south-1 region

AWSTemplateFormatVersion: "2010-09-09"
Description: Template for node-aws-ec2-github-actions tutorial
Resources:
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Sample Security Group
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 443
        ToPort: 443
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0
  EC2Instance: 
    Type: "AWS::EC2::Instance"
    Properties: 
      ImageId: "ami-0d2986f2e8c0f7d01" #Another comment -- This is a Linux AMI
      InstanceType: t2.micro
      KeyName: node-ec2-github-actions-key
      SecurityGroups:
      - Ref: InstanceSecurityGroup
      BlockDeviceMappings:
      - DeviceName: /dev/sda1
        Ebs:
          VolumeSize: 8
          DeleteOnTermination: true
      Tags:
        - Key: Name
          Value: Node-Ec2-Github-Actions

  EIP:
      Type: AWS::EC2::EIP
      Properties:
        InstanceId: !Ref EC2Instance
Outputs:
  InstanceId:
    Description: InstanceId of the newly created EC2 instance
    Value:
      Ref: EC2Instance
  PublicIP:
    Description: Elastic IP 
    Value:
      Ref: EIP

The Stack is executed successfully and all the resources are created. But unfortunately, once the EC2 status checks are initialized the Instance status check fails and I am not able to reach the instance using SSH.

I have tried creating an Instance manually by the same IAM user, and that works perfectly.

These are the Policies I have attached to the IAM user.

Managed Policies

  • AmazonEC2FullAccess
  • AWSCloudFormationFullAccess

InLine Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:CreateInstanceProfile",
                "iam:DeleteInstanceProfile",
                "iam:GetRole",
                "iam:GetInstanceProfile",
                "iam:DeleteRolePolicy",
                "iam:RemoveRoleFromInstanceProfile",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:UpdateRole",
                "iam:PutRolePolicy",
                "iam:AddRoleToInstanceProfile"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListAllMyBuckets",
                "s3:CreateBucket",
                "s3:DeleteObject",
                "s3:DeleteBucket"
            ],
            "Resource": "*"
        }
    ]
}

Thanks in advance for helping out. Have a good day

Topics
Security, Identity, & ComplianceManagement & GovernanceComputeNetworking & Content Delivery
Tags
AWS Identity and Access ManagementAWS CloudFormationAmazon EC2ComputeSecurity Group
Language
English
Code Panthers
asked 2 years ago384 views
1 Answer
0
Accepted Answer

Hi.

AMI: ami-0d2986f2e8c0f7d01 is an Amazon Linux 2 (HVM) virtual machine for ap-south-1.
For HVM virtual machines, specify xvda as the root device.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html#available-ec2-device-names

You should change BlockDeviceMappings.DeviceName to:

       BlockDeviceMappings:
       - DeviceName: /dev/xvda
         Ebs:
           VolumeSize: 8
           DeleteOnTermination: true
profile picture
EXPERT
iwasa
answered 2 years ago
  • Code Panthers
    2 years ago

    Thanks mate. This solved the issue. Happy coding.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content