Data Science Analytics Manager
Reputation: 439
AWS CloudFoundation Template error: Invalid template resource property 'VpcId' YAML format
Problem
Using AWS CloudFormation YAML to create resource stack with EC2, etc and RDS database. Have specific issue with reference use of VPC on parameters for resources.
Template format error
Resource VPC:Type: AWS::EC2::VPC in YAML script is defined at top.
CloudFormation stack error: Invalid template resource property 'VpcId'
Scope of where error resides is in reference to property VpcID. For example, I use AttachGateway with VpcId: !Ref VPC. As I am new to CloudFormation stack template, what is the stack error specifically addressing that I coded it wrong on reference to VpcId: !Ref VPC
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Type: AWS::EC2::SecurityGroup::Id
Properties:
VpcId: !Ref VPC
CloudFormation Template with Error
AWSTemplateFormatVersion: 2010-09-09
Parameters:
DBInstance:
Default: DBInstance
Description: My database instance
Type: String
MinLength: '1'
MaxLength: '63'
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
DBName:
Default: mydb
Description: My database
Type: String
MinLength: '1'
MaxLength: '64'
AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
DBInstanceClass:
Default: db.m5.large
Description: DB instance class
Type: String
DBAllocatedStorage:
Default: '50'
Description: The size of the database (GiB)
Type: Number
MinValue: '20'
MaxValue: '65536'
DBUsername:
Type: String
Description: Master username for the RDS instance
Default: admin
DBPassword:
Type: String
NoEcho: true
Description: Master password for the RDS instance
Default: password
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: VPC
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: VPC Internet Gateway
AttachGateway:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
VpcId: !Ref VPC
InternetGatewayId: !Ref InternetGateway
PublicSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public Subnet 1
PrivateSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.2.0/24
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: Private Subnet 1
PublicSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.3.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public Subnet 2
PrivateSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref VPC
CidrBlock: 10.0.4.0/24
MapPublicIpOnLaunch: false
Tags:
- Key: Name
Value: Private Subnet 2
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public Route Table
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PublicSubnetRouteTableAssociation1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet1
RouteTableId: !Ref PublicRouteTable
PublicSubnetRouteTableAssociation2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet2
RouteTableId: !Ref PublicRouteTable
PrivateRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private Route Table
PrivateSubnetRouteTableAssociation1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet1
RouteTableId: !Ref PrivateRouteTable
PrivateSubnetRouteTableAssociation2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PrivateSubnet2
RouteTableId: !Ref PrivateRouteTable
#EC2 Instances
EC2Instance1:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
SecurityGroupIds:
- !Ref EC2SecurityGroup
SubnetId: !Ref PublicSubnet1
KeyName: EC2Instance1
UserData:
Fn::Base64: !Sub |
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
#echo "<h1>Hello from Region us-east-2b</h1>" > /var/www/html/index.html
S3Bucket:
Type: 'AWS::S3::Bucket'
# EC2 and ALB Security Groups
ELBSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: ELB Security Group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 10.0.0.0/24
SSHSecurityGroup:
Type: AWS::EC2::SecurityGroup::Id
Properties:
GroupDescription: Limits security group egress traffic
SecurityGroupEgress:
- CidrIp: 127.0.0.1/32
IpProtocol: "-1"
VpcId: !Ref VPC
EC2SecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: EC2 Security Group
DependsOn: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId:
Fn::GetAtt:
- ELBSecurityGroup
- GroupId
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
S3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: 'myBucketV5'
S3BucketPolicy:
Type: 'AWS::S3::BucketPolicy'
Properties:
Bucket: !Ref S3Bucket
SecurityGroupIds:
- !Ref EC2SecurityGroup
KeyName: S3BucketPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action: 's3:*'
Resource: !Sub 'arn:aws:s3:::${S3Bucket}/*'
Principal:
AWS: !Sub 'arn:aws:iam::${AWS::AccountId}:user/@matthew'
EC2TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 30
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 15
HealthyThresholdCount: 5
Matcher:
HttpCode: '200'
Name: EC2TargetGroup
Port: 80
Protocol: HTTP
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: '20'
Targets:
- Id: !Ref EC2Instance1
Port: 80
UnhealthyThresholdCount: 3
ALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
- Type: forward
TargetGroupArn: !Ref EC2TargetGroup
LoadBalancerArn: !Ref ApplicationLoadBalancer
Port: 80
Protocol: HTTP
ApplicationLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
Subnets:
- !Ref PublicSubnet1
- !Ref PublicSubnet2
SecurityGroups:
- !GetAtt ELBSecurityGroup.GroupId
MyRDS:
Type: 'AWS::RDS::DBInstance'
Properties:
DBInstanceIdentifier: !Ref DBInstance
DBName: !Ref DBName
DBInstanceClass: !Ref DBInstanceClass
AllocatedStorage: !Ref DBAllocatedStorage
Engine: MySQL
MasterUsername: !Ref DBUsername
MasterUserPassword: !Ref DBPassword
SecurityGroupIds:
- !Ref EC2SecurityGroup
KeyName: MyRDS
Outputs:
EC2InstanceId:
Description: InstanceId of EC2 instance
Value: !Ref EC2Instance1
S3BucketName:
Description: S3 bucket
Value: !Ref S3Bucket
DBInstanceId:
Description: DBInstanceIdentifier of RDS instance
Value: !Ref DBInstance
Upvotes: 0
Views: 50
Answers (1)
Marcin
Reputation: 238199
Indentation of VpcId in SSHSecurityGroup is incorrect. It should be:
SSHSecurityGroup:
Type: AWS::EC2::SecurityGroup::Id
Properties:
GroupDescription: Limits security group egress traffic
SecurityGroupEgress:
- CidrIp: 127.0.0.1/32
IpProtocol: "-1"
VpcId: !Ref VPC
Upvotes: 1
Related Questions
- AWS CloudFormation: Resource handler returned message: "The CIDR '10.240.20.128/25' conflicts with another subnet
- ECS Service resource not deploying successfully
- Cloudformation "AWS::EC2::SecurityGroup" object with the Reason "No default VPC for this user"
- Filtering cloudformation stack resources using JQ
- CloudFormation target group health checks are inconsistent
- Error while creating EKS Cluster using eksctl
- How to represent aws internal functions to convert ruby hash to yaml
- aws cloudformation -resource property error