Questions tagged with AWS CloudFormation

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

My CNF stack failed with an "Internal Failure" and now I can't rollback or update it!

So, I tried to import existing resources into my CloudFormation stack and the process failed. It looks like it might have timed out or something, but the latest message was "IMPORT_ROLLBACK_FAILED" due to an "Internal Failure". Now my stack is stuck and I can't change it at all. There is no "continue rollback" option or "update" option. The only thing I can do is delete the stack, which is something I do not want to do. I can't even ask AWS Support about it because we only have the "Basic" support plan on this account and that only covers billing questions and quota increases. What options do I have? Pay more to unwedge CFN? That should be AWS's problem, not mine! Anyway, here's what I see in CFN console. Does anyone have any thoughts on how to fix this? ``` 2022-12-04 02:18:52 UTC-0500 datastore-sg IMPORT_ROLLBACK_FAILED Internal Failure 2022-12-04 02:18:51 UTC-0500 rdssngSG UPDATE_FAILED The security token included in the request is invalid 2022-12-04 02:18:50 UTC-0500 rdssngSG UPDATE_IN_PROGRESS Remove stack-level tags from imported resource if applicable. 2022-12-04 02:18:38 UTC-0500 datastore-sg IMPORT_ROLLBACK_IN_PROGRESS The security token included in the request is invalid 2022-12-04 02:16:45 UTC-0500 rdsSG UPDATE_FAILED The security token included in the request is invalid 2022-12-03 04:32:59 UTC-0500 rdsSG UPDATE_IN_PROGRESS Apply stack-level tags to imported resource if applicable. 2022-12-03 04:32:58 UTC-0500 rdsSG IMPORT_COMPLETE Resource import completed. ```
0
answers
0
votes
5
views
RNHurt
asked 13 hours ago

How to deal with multiple duplicate keys (Fn::Sub) in a aws cloudformation template?

I have a policy that is being made in a cloudformation template. I want to add two resources to the policy, they end up being `arn::bucket` and `arn::bucket/*`. The issue is that the `arn` is a parameter and I get the error: `[cfn-lint] E0000: Duplicate resource found "Fn::Sub" (line 161)`. I understand that it doesn't like the duplicates. ``` "RolePolicies": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "GetGEBucketPutCustomerBucket", "PolicyDocument": { "Statement": [ { "Action": [ "s3:PutObject", "s3:GetObject", "s3:GetObjectAttributes", "s3:GetObjectTagging", "s3:ListBucket", "s3:DeleteObject" ], "Effect": "Allow", "Resource": { "Fn::Sub": [ "${arn}/*", { "arn": { "Ref": "CustomerS3BucketARN" } } ], "Fn::Sub": [ "${arn}", { "arn": { "Ref": "CustomerS3BucketARN" } } ] } } ] }, "Roles": [ { "Ref": "InstanceRole" } ] }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "a713fcc6-95c8-423f-a5b8-0020a81e5ce4" } } } ``` However, this cloudformation is allowed to run, but produces errors. When viewing the policy in IAM console window after create, I see that both of the resources were not created. ![IAM Console](/media/postImages/original/IM-C-6juMgR12vBi6kAOuH5Q) IAM policy editor gives me this error. `Ln 1, Col 0Missing Version: We recommend that you specify the Version element to help you with debugging permission issues.` since the resource than ends with `/*` wasn't created by cloud formation.
1
answers
0
votes
28
views
asked 8 days ago