By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Cloud Formation - EC2 did not stabilise

0

Hello, I am a college student and with my student account I am trying to deploy a Cloud Formation template for a project. Everytime it stops the deploy on any EC2 instance that is inside the private networks. Could someone help? Is it because of some networking misconfiguration? * The Ma-ster is not there in the original script, the word is delisted here on forum

Sample error:

Resource handler returned message: "Resource of type 'AWS::EC2::Instance' with identifier 'i-01fa181786120ab6b' did not stabilize." (RequestToken: fc3b2c83-ca66-f369-ccd4-ffe66d344b1d, HandlerErrorCode: NotStabilized)

My template:

Parameters:
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: Must be the name of an existing EC2 KeyPair.
Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
  InternetGateway:
    Type: AWS::EC2::InternetGateway
  VPCGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
  PUBLIC:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.1.0/24
      AvailabilityZone: us-east-1a
      MapPublicIpOnLaunch: true
  PRIVATE:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.3.0/24
      AvailabilityZone: us-east-1a
      MapPublicIpOnLaunch: false
  PRIVATE2:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.4.0/24
      AvailabilityZone: us-east-1b
      MapPublicIpOnLaunch: false
  DMZ:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.2.0/24
      AvailabilityZone: us-east-1a
      MapPublicIpOnLaunch: false
  RouteTablePublic:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  RouteTableDMZ:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  RouteTablePrivate:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  RoutePublic:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref RouteTablePublic
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
  RouteDMZ:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref RouteTableDMZ
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NatGateway
  RoutePrivate:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref RouteTablePrivate
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NatGateway
  SubnetRouteTableAssociationPrivate:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref RouteTablePrivate
      SubnetId: !Ref PRIVATE
  SubnetRouteTableAssociationPublic:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref RouteTablePublic
      SubnetId: !Ref PUBLIC
  SubnetRouteTableAssociationDMZ:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref RouteTableDMZ
      SubnetId: !Ref DMZ
  NatGateway:
    Type: AWS::EC2::NatGateway
    Properties:
      SubnetId: !Ref PUBLIC
      AllocationId: !GetAtt EIP.AllocationId
  EIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: !Ref VPC
  BastionSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0

  AdminBastionSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 10.0.1.0/24
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 10.0.1.0/24
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref BastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref AdminBastionSecurityGroup
  InternalSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for Internal EC2 instances
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref BastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref AdminBastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 3000
          ToPort: 3000
          CidrIp: 10.0.2.0/24
  WazuhSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for Wazuh Server
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref BastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref AdminBastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          SourceSecurityGroupId: !Ref AdminBastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 1514
          ToPort: 1515
          CidrIp: 10.0.0.0/16
        - IpProtocol: tcp
          FromPort: 1516
          ToPort: 1516
          CidrIp: 10.0.0.0/16
        - IpProtocol: tcp
          FromPort: 55000
          ToPort: 55000
          SourceSecurityGroupId: !Ref AdminBastionSecurityGroup
  RDSSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for RDS Database
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 3306
          ToPort: 3306
          SourceSecurityGroupId: !Ref InternalSecurityGroup
        - IpProtocol: tcp
          FromPort: 3306
          ToPort: 3306
          SourceSecurityGroupId: !Ref WebServerSecurityGroup
  AdminBH:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref AdminBastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH1:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH2:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH3:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH4:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH5:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH7:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  WebServer:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref WebServerSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref DMZ
  DMZEC2:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref InternalSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref DMZ
  PrivateEC2:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref InternalSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PRIVATE
  BH6:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  WazuhServer:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref WazuhSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref DMZ
      PrivateIpAddress: 10.0.2.10
  DBInstance:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: 20
      DBInstanceClass: db.t4g.micro
      Engine: mysql
      Ma-sterUsername: admin
      Ma-sterUserPassword: Password123!
      VPCSecurityGroups:
        - !Ref RDSSecurityGroup
      DBSubnetGroupName: !Ref DBSubnetGroup
      PubliclyAccessible: false

  DBSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      DBSubnetGroupDescription: Subnet for RDS
      SubnetIds:
        - !Ref PRIVATE
        - !Ref PRIVATE2
  wiaderko:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub ${AWS::StackName}-wiaderko-${AWS::AccountId}
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: aws:kms
              KMSMa-sterKeyID: alias/aws/s3
      PublicAccessBlockConfiguration:
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
        BlockPublicPolicy: true
        BlockPublicAcls: true
  wiaderkoBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref wiaderko
      PolicyDocument:
        Id: RequireEncryptionInTransit
        Version: '2012-10-17'
        Statement:
          - Principal: '*'
            Action: '*'
            Effect: Deny
            Resource:
              - !GetAtt wiaderko.Arn
              - !Sub ${wiaderko.Arn}/*
            Condition:
              Bool:
                aws:SecureTransport: 'false'

Outputs:
  AdminBastionPublicIP:
    Description: Public IP of the Admin Bastion Host
    Value: !GetAtt AdminBH.PublicIp

  BastionHost1PublicIP:
    Description: Public IP of Bastion Host 1
    Value: !GetAtt BH1.PublicIp

  BastionHost2PublicIP:
    Description: Public IP of Bastion Host 2
    Value: !GetAtt BH2.PublicIp

  BastionHost3PublicIP:
    Description: Public IP of Bastion Host 3
    Value: !GetAtt BH3.PublicIp

  BastionHost4PublicIP:
    Description: Public IP of Bastion Host 4
    Value: !GetAtt BH4.PublicIp

  BastionHost5PublicIP:
    Description: Public IP of Bastion Host 5
    Value: !GetAtt BH5.PublicIp

  BastionHost6PublicIP:
    Description: Public IP of Bastion Host 6
    Value: !GetAtt BH6.PublicIp

  BastionHost7PublicIP:
    Description: Public IP of Bastion Host 7
    Value: !GetAtt BH7.PublicIp

  WazuhServerPrivateIP:
    Description: Private IP of the Wazuh Server
    Value: !GetAtt WazuhServer.PrivateIp

  WebServerPrivateIP:
    Description: Private IP of the Web Server
    Value: !GetAtt WebServer.PrivateIp

  RDSDatabaseEndpoint:
    Description: Endpoint of the RDS Database
    Value: !GetAtt DBInstance.Endpoint.Address

  S3BucketName:
    Description: S3 Bucket Name
    Value: !Ref wiaderko
Topics
Management & GovernanceComputeNetworking & Content Delivery
Tags
AWS CloudFormationAmazon EC2Security Group
Language
English
Jakub
asked 10 days ago56 views
2 Answers
0
Accepted Answer

Hello.

In addition to the answer in re:Post Agent, check the EC2 instance quotas for your AWS account.
If your AWS account was recently created, your EC2 instance type quota may be low, which may be causing your EC2 launch to fail.
I made some small changes to the encryption settings for the S3 bucket, but didn't make any other edits. I deployed the CloudFormation template in my AWS account and it was created successfully.
By default, the quota is probably set to 5, so even if you are using t2.micro, you can only launch up to 5 instances, so the number of instances set in the CloudFormation template will not be able to be launched and the process will fail.
https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-instance-quotas.html

Please check the quotas for us-east-1 from the following URL.
https://us-east-1.console.aws.amazon.com/servicequotas/home/services/ec2/quotas/L-1216C47A

AWSTemplateFormatVersion: "2010-09-09"

Parameters:
  KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access
    Type: AWS::EC2::KeyPair::KeyName
    ConstraintDescription: Must be the name of an existing EC2 KeyPair.
Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
  InternetGateway:
    Type: AWS::EC2::InternetGateway
  VPCGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway
  PUBLIC:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.1.0/24
      AvailabilityZone: us-east-1a
      MapPublicIpOnLaunch: true
  PRIVATE:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.3.0/24
      AvailabilityZone: us-east-1a
      MapPublicIpOnLaunch: false
  PRIVATE2:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.4.0/24
      AvailabilityZone: us-east-1b
      MapPublicIpOnLaunch: false
  DMZ:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      CidrBlock: 10.0.2.0/24
      AvailabilityZone: us-east-1a
      MapPublicIpOnLaunch: false
  RouteTablePublic:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  RouteTableDMZ:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  RouteTablePrivate:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC
  RoutePublic:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref RouteTablePublic
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
  RouteDMZ:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref RouteTableDMZ
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NatGateway
  RoutePrivate:
    Type: AWS::EC2::Route
    Properties:
      RouteTableId: !Ref RouteTablePrivate
      DestinationCidrBlock: 0.0.0.0/0
      NatGatewayId: !Ref NatGateway
  SubnetRouteTableAssociationPrivate:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref RouteTablePrivate
      SubnetId: !Ref PRIVATE
  SubnetRouteTableAssociationPublic:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref RouteTablePublic
      SubnetId: !Ref PUBLIC
  SubnetRouteTableAssociationDMZ:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref RouteTableDMZ
      SubnetId: !Ref DMZ
  NatGateway:
    Type: AWS::EC2::NatGateway
    Properties:
      SubnetId: !Ref PUBLIC
      AllocationId: !GetAtt EIP.AllocationId
  EIP:
    Type: AWS::EC2::EIP
    Properties:
      Domain: !Ref VPC
  BastionSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0

  AdminBastionSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 10.0.1.0/24
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 10.0.1.0/24
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref BastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref AdminBastionSecurityGroup
  InternalSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for Internal EC2 instances
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref BastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref AdminBastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 3000
          ToPort: 3000
          CidrIp: 10.0.2.0/24
  WazuhSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for Wazuh Server
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref BastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref AdminBastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          SourceSecurityGroupId: !Ref AdminBastionSecurityGroup
        - IpProtocol: tcp
          FromPort: 1514
          ToPort: 1515
          CidrIp: 10.0.0.0/16
        - IpProtocol: tcp
          FromPort: 1516
          ToPort: 1516
          CidrIp: 10.0.0.0/16
        - IpProtocol: tcp
          FromPort: 55000
          ToPort: 55000
          SourceSecurityGroupId: !Ref AdminBastionSecurityGroup
  RDSSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Security group for RDS Database
      VpcId: !Ref VPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 3306
          ToPort: 3306
          SourceSecurityGroupId: !Ref InternalSecurityGroup
        - IpProtocol: tcp
          FromPort: 3306
          ToPort: 3306
          SourceSecurityGroupId: !Ref WebServerSecurityGroup
  AdminBH:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref AdminBastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH1:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH2:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH3:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH4:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH5:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  BH7:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  WebServer:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref WebServerSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref DMZ
  DMZEC2:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref InternalSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref DMZ
  PrivateEC2:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref InternalSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PRIVATE
  BH6:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref BastionSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref PUBLIC
  WazuhServer:
    Type: AWS::EC2::Instance
    DependsOn: VPCGatewayAttachment
    Properties:
      InstanceType: t2.micro
      SecurityGroupIds:
        - !Ref WazuhSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-07a6f770277670015
      SubnetId: !Ref DMZ
      PrivateIpAddress: 10.0.2.10
  DBInstance:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: 20
      DBInstanceClass: db.t4g.micro
      Engine: mysql
      MasterUsername: admin
      MasterUserPassword: Password123!
      VPCSecurityGroups:
        - !Ref RDSSecurityGroup
      DBSubnetGroupName: !Ref DBSubnetGroup
      PubliclyAccessible: false

  DBSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      DBSubnetGroupDescription: Subnet for RDS
      SubnetIds:
        - !Ref PRIVATE
        - !Ref PRIVATE2
  wiaderko:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub ${AWS::StackName}-wiaderko-${AWS::AccountId}
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256 # Edit
      PublicAccessBlockConfiguration:
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
        BlockPublicPolicy: true
        BlockPublicAcls: true
  wiaderkoBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref wiaderko
      PolicyDocument:
        Id: RequireEncryptionInTransit
        Version: '2012-10-17'
        Statement:
          - Principal: '*'
            Action: '*'
            Effect: Deny
            Resource:
              - !GetAtt wiaderko.Arn
              - !Sub ${wiaderko.Arn}/*
            Condition:
              Bool:
                aws:SecureTransport: 'false'

Outputs:
  AdminBastionPublicIP:
    Description: Public IP of the Admin Bastion Host
    Value: !GetAtt AdminBH.PublicIp

  BastionHost1PublicIP:
    Description: Public IP of Bastion Host 1
    Value: !GetAtt BH1.PublicIp

  BastionHost2PublicIP:
    Description: Public IP of Bastion Host 2
    Value: !GetAtt BH2.PublicIp

  BastionHost3PublicIP:
    Description: Public IP of Bastion Host 3
    Value: !GetAtt BH3.PublicIp

  BastionHost4PublicIP:
    Description: Public IP of Bastion Host 4
    Value: !GetAtt BH4.PublicIp

  BastionHost5PublicIP:
    Description: Public IP of Bastion Host 5
    Value: !GetAtt BH5.PublicIp

  BastionHost6PublicIP:
    Description: Public IP of Bastion Host 6
    Value: !GetAtt BH6.PublicIp

  BastionHost7PublicIP:
    Description: Public IP of Bastion Host 7
    Value: !GetAtt BH7.PublicIp

  WazuhServerPrivateIP:
    Description: Private IP of the Wazuh Server
    Value: !GetAtt WazuhServer.PrivateIp

  WebServerPrivateIP:
    Description: Private IP of the Web Server
    Value: !GetAtt WebServer.PrivateIp

  RDSDatabaseEndpoint:
    Description: Endpoint of the RDS Database
    Value: !GetAtt DBInstance.Endpoint.Address

  S3BucketName:
    Description: S3 Bucket Name
    Value: !Ref wiaderko
profile picture
EXPERT
Riku_Kobayashi
answered 10 days ago
profile picture
EXPERT
Adeleke Adebowale Julius
reviewed 10 days ago
  • Jakub
    10 days ago

    Yes I didn't know that my Lab Learner account was so limited. It correctly deployed with less EC2 instances declared in the template. Thank you for your support Mr Kobayashi

0

The issue you're experiencing with EC2 instances not stabilizing in private networks is likely related to networking configuration. When an EC2 instance fails to stabilize, it means the instance is unable to communicate with the AWS CloudFormation service to signal completion, resulting in a WaitCondition error.

There are a few potential causes and solutions to consider:

  1. NAT Gateway: Ensure that your NAT Gateway is properly configured and associated with the private subnets. Private instances need the NAT Gateway to communicate with external services, including AWS services.

  2. Route Tables: Verify that the route tables for your private subnets are correctly configured to route internet-bound traffic through the NAT Gateway.

  3. Security Groups: Check that the security groups allow necessary outbound traffic from the private instances to AWS services.

  4. VPC Endpoints: Consider using VPC endpoints for AWS services to allow private instances to communicate with these services without requiring internet access.

  5. Instance Type: Ensure that the chosen instance type (t2.micro in your case) is supported in the region and availability zone you're using.

  6. AMI Compatibility: Verify that the AMI you're using (ami-07a6f770277670015) is compatible with the instance type and region.

  7. IAM Permissions: Make sure the IAM role associated with the instances has the necessary permissions to communicate with AWS services.

If the issue persists after checking these points, you may want to try the following:

  • Retry the deployment, as these errors can sometimes be transient.
  • Enable "Deactivate rollback on failed deployment" in your CloudFormation settings to keep the failed resources for investigation.
  • Check the EC2 instance logs for more detailed error information.

If you continue to face issues, you may need to contact AWS support for further assistance.
Sources
EC2 instance did not stabilize | AWS re:Post
Troubleshoot AWS Launch Wizard for Amazon EKS - AWS Launch Wizard
Troubleshoot AWS Launch Wizard for Remote Desktop Gateway - AWS Launch Wizard

profile picture
re:Post Agent
answered 10 days ago
profile picture
EXPERT
Riku_Kobayashi
reviewed 10 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content