I am using Cloudformation to deploy EC2 instances into different VPC's. Using cloudformation I created a role and role profile and attached it to EC2 instance [Role in question is AmazonEC2RoleforSSM ]. Yet I am unable to connect to EC2 using the sane. Here is the Cloudformation code: AWSTemplateFormatVersion: 2010-09-09 Description: Test and Dev Environment
Resources:
VPCdev:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: VPCdev
VPCtest:
Type: "AWS::EC2::VPC"
Properties:
CidrBlock: 192.168.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
- Key: Name
Value: VPCtest
SubnetDev:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
CidrBlock: 10.0.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: SubnetDev
VpcId: !Ref VPCdev
SubnetTest:
Type: "AWS::EC2::Subnet"
Properties:
AvailabilityZone: !Select [0, !GetAZs '']
CidrBlock: 192.168.1.0/24
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Subnettest
VpcId: !Ref VPCtest
IGWdev:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Name
Value: IGWdev
IGWtest:
Type: "AWS::EC2::InternetGateway"
Properties:
Tags:
- Key: Name
Value: IGWtest
IGWdevattachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref IGWdev
VpcId: !Ref VPCdev
IGWtestattachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref IGWtest
VpcId: !Ref VPCtest
RouteTabledev:
Type: "AWS::EC2::RouteTable"
Properties:
Tags:
- Key: Name
Value: RouteTabledev
VpcId: !Ref VPCdev
RouteTabletest:
Type: "AWS::EC2::RouteTable"
Properties:
Tags:
- Key: Name
Value: RouteTabletest
VpcId: !Ref VPCtest
defaultdev:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref IGWdev
RouteTableId: !Ref RouteTabledev
defaulttest:
Type: "AWS::EC2::Route"
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref IGWtest
RouteTableId: !Ref RouteTabletest
Ec2InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles: [ !Ref Ec2InstanceRole ]
Ec2InstanceRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ ec2.amazonaws.com ]
Action:
- sts:AssumeRole
Path: /
sgdev:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: sgdev
GroupName: sgdev
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: sgdev
VpcId: !Ref VPCdev
sgtest:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: sgtest
GroupName: sgtest
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Tags:
- Key: Name
Value: sgtest
VpcId: !Ref VPCtest
instancedev:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-02d55cb47e83a99a0
InstanceType: "t2.micro"
IamInstanceProfile: !Ref Ec2InstanceProfile
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: 0
GroupSet:
- !Ref sgdev
SubnetId: !Ref SubnetDev
Tags:
- Key: Name
Value: dev
instancetest:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-02d55cb47e83a99a0
InstanceType: "t2.micro"
IamInstanceProfile: !Ref Ec2InstanceProfile
NetworkInterfaces:
- AssociatePublicIpAddress: true
DeviceIndex: 0
GroupSet:
- !Ref sgtest
SubnetId: !Ref SubnetTest
Tags:
- Key: Name
Value: test
Also attached is the error screenshot. P.S: I tried manually doing it and it worked. Don't seem to understand where I went wrong, the stack gets succesfully built and all resources get deployed as well.
I am using Ubuntu 18.04 LTS Image, it comes pre installed with Session Manager
It does not work because your subnets are private, they don't have any internet connectivity.
Although you've created public route tables, they are not associated with any subnet.
The following should help:
MyRouteTableAssoc1:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTabledev
SubnetId: !Ref SubnetDev
MyRouteTableAssoc2:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref RouteTabletest
SubnetId: !Ref SubnetTest