Home > Blockchain >  EC2 Instance Status Check fails when created by CloudFormation template
EC2 Instance Status Check fails when created by CloudFormation template

Time:04-17

I have created a CloudFormation Stack using the below template in the us-east-1 and ap-south-1 region

AWSTemplateFormatVersion: "2010-09-09"
Description: Template for node-aws-ec2-github-actions tutorial
Resources:
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Sample Security Group
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 443
        ToPort: 443
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0
  EC2Instance: 
    Type: "AWS::EC2::Instance"
    Properties: 
      ImageId: "ami-0d2986f2e8c0f7d01" #Another comment -- This is a Linux AMI
      InstanceType: t2.micro
      KeyName: node-ec2-github-actions-key
      SecurityGroups:
      - Ref: InstanceSecurityGroup
      BlockDeviceMappings:
      - DeviceName: /dev/sda1
        Ebs:
          VolumeSize: 8
          DeleteOnTermination: true
      Tags:
        - Key: Name
          Value: Node-Ec2-Github-Actions

  EIP:
      Type: AWS::EC2::EIP
      Properties:
        InstanceId: !Ref EC2Instance
Outputs:
  InstanceId:
    Description: InstanceId of the newly created EC2 instance
    Value:
      Ref: EC2Instance
  PublicIP:
    Description: Elastic IP 
    Value:
      Ref: EIP

The Stack is executed successfully and all the resources are created. But unfortunately, once the EC2 status checks are initialized the Instance status check fails and I am not able to reach the instance using SSH.

I have tried creating an Instance manually by the same IAM user, and that works perfectly.

These are the Policies I have attached to the IAM user.

Managed Policies

  • AmazonEC2FullAccess
  • AWSCloudFormationFullAccess

InLine Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:CreateInstanceProfile",
                "iam:DeleteInstanceProfile",
                "iam:GetRole",
                "iam:GetInstanceProfile",
                "iam:DeleteRolePolicy",
                "iam:RemoveRoleFromInstanceProfile",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:UpdateRole",
                "iam:PutRolePolicy",
                "iam:AddRoleToInstanceProfile"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListAllMyBuckets",
                "s3:CreateBucket",
                "s3:DeleteObject",
                "s3:DeleteBucket"
            ],
            "Resource": "*"
        }
    ]
}

Thanks in advance for helping out. Have a good day

CodePudding user response:

I tried to replicate your issue by deploying your template. It works as expected, and instance pass all status checks. Thus the issue is not related to your template that you provided.

CodePudding user response:

Answering my own question. The issue lies with the EBS Block Storage Device name. For the Amazon Linux AMI specified here the device name should be /dev/xvda/

BlockDeviceMappings:
   - DeviceName: /dev/xvda
     Ebs:
       VolumeSize: 8
       DeleteOnTermination: true

Thanks for all the help

Page link:https//www.codepudding.com/Blockchain/375201.html

Prev:Is it safe to download a site's files and database at the same time?
Next:Vuetify components not linking properly in NuxtJS
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding