By using AWS re:Post, you agree to the Terms of Use

Questions tagged with AWS CloudFormation

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Failed to stabilize Instance with id

I have this problem: Failed to stabilize Instance with id. My CF looks like: Resources: DocumentDBSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: 'DocumentDB SG' GroupDescription: !Sub 'Security Group for the DocumentDb' VpcId: !Ref VPC DocumentDBSubnetGroup: Type: AWS::DocDB::DBSubnetGroup Properties: DBSubnetGroupDescription: "Subnet group for Document DB cluster" DBSubnetGroupName: "document-db-subnet-group" SubnetIds: !Ref PrivateSubnetIds DocumentDBParameterGroup: Type: AWS::DocDB::DBClusterParameterGroup Properties: Description: "Parameter group for Document DB cluster" Family: docdb4.0 Name: "document-db-paramater-group" Parameters: audit_logs: "disabled" DocumentDBCluster: Type: AWS::DocDB::DBCluster Properties: BackupRetentionPeriod: 7 DBClusterIdentifier: "docdb" DBSubnetGroupName: !Ref DocumentDBSubnetGroup DBClusterParameterGroupName: !Ref DocumentDBParameterGroup Port: 27017 PreferredBackupWindow: "07:00-09:30" PreferredMaintenanceWindow: "tue:07:00-tue:11:00" VpcSecurityGroupIds: - !Ref DocumentDBSecurityGroup StorageEncrypted: true DocumentDBInstance: Type: AWS::DocDB::DBInstance DependsOn: - DocumentDBCluster Properties: DBClusterIdentifier: !Ref DocumentDBCluster DBInstanceClass: db.t3.medium DBInstanceIdentifier: "docdb" PreferredMaintenanceWindow: "tue:07:00-tue:11:00" If i search this problem i find information about RDS (snapshot), but i don't use snapshot in this deployment..
1
answers
0
votes
20
views
asked 2 days ago

Can't create a AWS Batch JobDefinition JobRoleArn in Cloudformation using a !Ref

I'm trying to create a Batch setup in Cloudformation. I have in Resources an IAM Role: ``` SecretsAndS3AccessRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: batch.amazonaws.com Action: 'sts:AssumeRole' - Effect: Allow Principal: Service: ec2.amazonaws.com Action: 'sts:AssumeRole' - Effect: Allow Principal: Service: ecs-tasks.amazonaws.com Action: 'sts:AssumeRole' ManagedPolicyArns: - 'arn:aws:iam::aws:policy/SecretsManagerReadWrite' - 'arn:aws:iam::aws:policy/AmazonS3FullAccess' - 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy' ``` Then in my JobDefinition I have: ``` JobDefinition: Type: 'AWS::Batch::JobDefinition' Properties: Type: container ContainerProperties: Image: uri/to/my/image Vcpus: 2 Memory: 2000 Command: - /simple-test Privileged: true JobRoleArn: !Ref SecretsAndS3AccessRole ExecutionRoleArn: !Ref SecretsAndS3AccessRole Secrets: - Name: MY_SECRET ValueFrom: arn:aws:secretsmanager:us-east-1:123456789:secret:MYSECRET-abcdef RetryStrategy: Attempts: 1 ``` When I try to build the stack, I get: > An error occurred (ClientException) when calling the RegisterJobDefinition operation: Error executing request, Exception : executionRoleArn bothrefs-SecretsAndS3AccessRole-1INAOWFBH2SK2 is not an iam role arn If I remove the `ExecutionRoleArn` line and the Secrets, the stack builds fine, which is to say that `JobRoleArn` is happy with a value of `!Ref SecretsAndS3AccessRole`. (But I need the secrets, and to use secrets you need an execution role.) And if I hardcode the ARN there, it works fine. What is different about `ExecutionRoleArn` that it doesn't allow a `!Ref`? According to [the documentation for JobDefinition/ContainerProperties][1], `JobRoleArn` and `ExecutionRoleArn` seem the same sort of object. If I instead use: ``` ExecutionRoleArn: !GetAtt SecretsAndS3AccessRole.Arn ``` Then it works fine! I tested removing JobRoleArn entirely - that makes my job fail. I tested changing it to also be `JobRoleArn: GetAtt SecretsAndS3AccessRole.Arn` -- that succeeds. So the mystery is: `JobRoleArn` likes its value either in Ref or GetAtt form, but ExecutionRoleArn requires GetAtt form. Why the difference? [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-batch-jobdefinition-containerproperties.html
1
answers
0
votes
15
views
asked 3 days ago

How do I create an RDS option group then reference that group for the RDS instance in Cloud Formation?

I am creating a cloud formation script that creates a ec2 instance as a bastion host, a RDS option group to allow for S3 backup and restoring, and a RDS db instance. In that script, I want to make an option group then immediately use it on the RDS instance. However, I get this error ` "Specified OptionGroupName: rdsoptiongrouprestore not found.` The formation template looks likes this: ``` "RdsDbCcw": { "Type": "AWS::RDS::DBInstance", "Properties": { "DBInstanceClass": { "Ref": "DBInstanceClass" }, "Engine": { "Ref": "DBEngine" }, "MasterUserPassword": { "Ref": "DBAdminPassword" }, "MasterUsername": "admin", "MultiAZ": false, "PubliclyAccessible": false, "StorageType": "gp2", "DBSubnetGroupName": { "Ref": "SubnetGroupID" }, "AllocatedStorage": 20, "OptionGroupName": "RDSoptiongroupRestore" }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "e52423ae-26df-4293-b4d3-073271c85ec0" } }, "DependsOn": [ "ec2Bastion", "appServer", "RDSoptiongroupRestore" ] }, "RDSoptiongroupRestore": { "Type": "AWS::RDS::OptionGroup", "Properties": { "EngineName": { "Ref": "DBEngine" }, "MajorEngineVersion": "15.00", "OptionConfigurations": [ { "OptionName": "SQLSERVER_BACKUP_RESTORE", "OptionSettings": [ { "Name": "IAM_ROLE_ARN", "Value": "arn....." } ] } ], "OptionGroupDescription": "For Restoring bakups from s3 bucket" }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "ce0de1d7-6e19-43c0-9df9-230562178612" } } } } ``` Do I need to create a delay or way to say to cloud formation that I just made this option group, so that that?
1
answers
0
votes
10
views
asked 3 days ago