Can't connect to public EC2 made with CloudFormation

Question

I've been trying since yesterday to get this CloudFormation template working... the goal is to launch an EC2 instance into a public subnet that I can access through HTTP. Everything looks like it has been created correctly to me, but the instance won't connect in the browser. Things I've checked:

• EC2 instance deployed in correct subnet
• Subnet has a route table pointing to an IGW
• EC2 instance has a public IP
• Security group allows inbound access over ports 80, 443 and 22 from all sources
• Creating without userdata
• verified user data works correctly in a manual EC2

Any suggestions for other things to check?

Here's my template:

Resources:
  myVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.2.0.0/16
      Tags:
        - Key: Name
          Value: myVPC

  WebDMZcf:
    Type: AWS::EC2::SecurityGroup
    Properties: 
      GroupDescription: Open to HTTP, HTTPS and SSH on all ports
      GroupName: WebDMZcf
      SecurityGroupIngress: 
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0
      Tags: 
        - Key: Name
          Value: WebDMZcf
      VpcId: 
        Ref: myVPC

  myInternetGatewayCF:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
      - Key: Name
        Value: myInternetGatewayCF

  myInternetGatewayCFAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties: 
      InternetGatewayId: 
        Ref: myInternetGatewayCF
      VpcId: 
        Ref: myVPC 

  myRouteTableCF:
    Type:  AWS::EC2::RouteTable
    Properties:
      Tags:
        - Key: Name
          Value: myRouteTableCF
      VpcId: 
        Ref: myVPC 

  IGWRoute:
    Type: AWS::EC2::Route
    Properties: 
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId:
        Ref: myInternetGatewayCF
      RouteTableId:
        Ref: myRouteTableCF

  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties: 
      CidrBlock: 10.2.1.0/24
      # MapPublicIpOnLaunch: true
      Tags: 
        - Key: Name
          Value: PublicSubnet
      VpcId: 
        Ref: myVPC

  PublicEC2:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-047a51fa27710816e
      InstanceType: t2.micro
      NetworkInterfaces: 
      - AssociatePublicIpAddress: True
        DeviceIndex: 0
        SubnetId: 
          Ref: PublicSubnet
        DeleteOnTermination: True
        GroupSet:
          - Ref: WebDMZcf
      Tags:
        - Key: Name
          Value: PublicEC2
      UserData:
        !Base64 |
        #!/bin/bash

        # Install Apache Web Server 
        yum install httpd -y
        systemctl start httpd
        systemctl enable httpd

        # Discovery configuration from using the EC2 metadata service
        ID=$(curl 169.254.169.254/latest/meta-data/instance-id)
        TYPE=$(curl 169.254.169.254/latest/meta-data/instance-type)
        AZ=$(curl 169.254.169.254/latest/meta-data/placement/availability-zone)
        IPV4=$(curl -f 169.254.169.254/latest/meta-data/public-ipv4)

        # Set up the Web Site
        cd /var/www/html


        ## Generate customized index.html for this instance
        echo "<html><body><H1>Hello, EC2 Instance!</H1><p><p>" > ./index.html
        echo "The ID of this instance is " >> ./index.html
        echo "<strong>$ID</strong>.<p><p>" >> ./index.html
        echo "This is a <strong>$TYPE</strong> instance" >> ./index.html
        echo " in <strong>$AZ</strong>. <p><p>" >> ./index.html
        if [ "$IPV4" ]; 
        then
            echo "The public ip is <strong>$IPV4</strong>.<p><p>"  >> ./index.html
        else
            echo "This instance does <strong>NOT</strong> have" >> ./index.html
            echo "a public ip address.<p><p>"  >> ./index.html
        fi
        echo "</body></html>" >> ./index.html

EDIT:

I've now added a Key Pair to the Instance, but I cannot SSH in either. When I try using the "Connect" button in the console, I get this: There was a problem connecting to your instance We were unable to connect to your instance. Make sure that your instance’s network settings are configured correctly for EC2 Instance Connect. For more information, see [Task 1: Configure network access to an instance.][1] which I'm investigating now.

Answer 1

You have no SubnetRouteTableAssociation so your public subnet is not associated with your VPC's default route table and hence your public subnet has no default route to the Internet Gateway and cannot reach the internet.

Add the following:

  PublicSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      RouteTableId: !Ref myRouteTableCF
      SubnetId: !Ref PublicSubnet