Reputation: 1104
AWS lab VPC failing to create
I am going through the AWS well-architected labs guides and am on the automated deployment of the VPC (https://www.wellarchitectedlabs.com/Security/200_Automated_Deployment_of_VPC/Lab_Guide.html).
The instructions are pretty straight forward and I upload the template provided (tried both the one linked directly in the instructions and the one from their git repo I found here https://github.com/awslabs/aws-well-architected-labs/blob/master/Security/200_Automated_Deployment_of_VPC/Code/vpc-alb-app-db.yaml). But when it runs, I keep getting failure messages. These errors saying unable to spin up things in us-west-1c:
And this for the VPC:
I am logged in with an IAM user that had admin access and tried cleaning up the YAML as there was some duplicate fields I found, but nothing worked. Is it just that my account can't create anything in us-west-1c because it is overloaded or something, or is it some other issue?
Upvotes: 1
Views: 427
Answers (1)
Reputation: 4486
The answer is in the picture: CloudFormation could not create ALB1Subnet3 because the availability zone us-west-1c doesn't exist. When anything in a new stack fails, the entire stack is rolled back.
As described here, you can get the list of availability zones for a region with the CLI:
aws ec2 describe-availability-zones --region us-west-1
You'll see that this region only has two availability zones:
{
"AvailabilityZones": [
{
"State": "available",
"OptInStatus": "opt-in-not-required",
"Messages": [],
"RegionName": "us-west-1",
"ZoneName": "us-west-1b",
"ZoneId": "usw1-az3",
"GroupName": "us-west-1",
"NetworkBorderGroup": "us-west-1"
},
{
"State": "available",
"OptInStatus": "opt-in-not-required",
"Messages": [],
"RegionName": "us-west-1",
"ZoneName": "us-west-1c",
"ZoneId": "usw1-az1",
"GroupName": "us-west-1",
"NetworkBorderGroup": "us-west-1"
}
]
}
Update
It's been pointed out that us-west-1c appears in my availability zone listing. This happens because my availability zones are not the same as the OP's availability zones. To quote the docs:
To ensure that resources are distributed across the Availability Zones for a Region, we independently map Availability Zones to names for each AWS account. For example, the Availability Zone us-east-1a for your AWS account might not be the same location as us-east-1a for another AWS account.
So for the OP, the error message was correct: there is no us-west-1c. And my explanation -- that us-west-1 only has two zones -- was also correct.
However, to take this to the bitter end (and head off any more comments), if you look at the AWS Global Infrastructure map (about halfway down the page here), and mouse over the us-west-1 region, you'll see that it has three AZs. However, any given account may not have access to all of the AZs in a region.
Upvotes: 4
Related Questions
- Error creating AWS CloudFormation Stack (AMI cannot be described)
- Cloud formation failed to create Security group with VPCIdNotSpecified
- AWS CloudFormation: unable to create RDS resource with VPC assigned
- Cannot create ECS Service via CloudFormation
- Fail to create AWS CloudFormation "Get Started" example stack
- CloudFormation: EC2 is not finding VPC and is not launching
- Create an EC2 instance for a VPC not allowed
- CloudFormation - Security Group VPC issue
- AWS EC2 goes to stopped state when creating it
- How to create an Amazon VPC using AWS CloudFormation?