I am deploying my application into the AWS environment. I am creating an Elastic Cache Cluster resource in my template. But when I deployed my template, it is failing to create the Elastic Cache Cluster resource.
This is my template.
AWSTemplateFormatVersion: '2010-09-09'
Description: "Pathein Directory web application deployment template."
Parameters:
KeyName:
Default: 'PatheinDirectory'
Type: String
InstanceType:
Default: 't2.micro'
Type: String
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
Mappings:
Region2Principal:
us-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-west-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-northeast-3:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-southeast-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ap-south-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
us-east-2:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
ca-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
sa-east-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
cn-north-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
cn-northwest-1:
EC2Principal: ec2.amazonaws.com.cn
OpsWorksPrincipal: opsworks.amazonaws.com.cn
eu-central-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
eu-north-1:
EC2Principal: ec2.amazonaws.com
OpsWorksPrincipal: opsworks.amazonaws.com
Resources:
WebServerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Security Group for EC2 instances
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp:
Ref: SSHLocation
WebServerRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- Fn::FindInMap:
- Region2Principal
- Ref: AWS::Region
- EC2Principal
Action:
- sts:AssumeRole
Path: /
WebServerRolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: WebServerRole
PolicyDocument:
Statement:
- Effect: Allow
NotAction: iam:*
Resource: '*'
Roles:
- Ref: WebServerRole
WebServerInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- Ref: WebServerRole
Application:
Type: AWS::ElasticBeanstalk::Application
Properties:
Description: AWS Elastic Beanstalk Pathein Directory Laravel application
ApplicationVersion:
Type: AWS::ElasticBeanstalk::ApplicationVersion
Properties:
Description: Version 1.0
ApplicationName:
Ref: Application
SourceBundle:
S3Bucket:
Fn::Join:
- '-'
- - elasticbeanstalk-samples
- Ref: AWS::Region
S3Key: php-sample.zip
ApplicationConfigurationTemplate:
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
Properties:
ApplicationName:
Ref: Application
Description: SSH access to Pathein Directory Laravel application
SolutionStackName: 64bit Amazon Linux 2 v3.1.0 running PHP 7.3
OptionSettings:
- Namespace: aws:autoscaling:launchconfiguration
OptionName: EC2KeyName
Value:
Ref: KeyName
- Namespace: aws:autoscaling:launchconfiguration
OptionName: IamInstanceProfile
Value:
Ref: WebServerInstanceProfile
- Namespace: aws:autoscaling:launchconfiguration
OptionName: SecurityGroups
Value:
Ref: WebServerSecurityGroup
Environment:
Type: AWS::ElasticBeanstalk::Environment
Properties:
Description: AWS Elastic Beanstalk Environment running Pathein Directory Laravel application
ApplicationName:
Ref: Application
EnvironmentName: PatheinDirectoryTesting
TemplateName:
Ref: ApplicationConfigurationTemplate
VersionLabel:
Ref: ApplicationVersion
OptionSettings:
- Namespace: aws:elasticbeanstalk:environment
OptionName: EnvironmentType
Value: SingleInstance
- Namespace: aws:elasticbeanstalk:container:php:phpini
OptionName: document_root
Value: /public
ElasticCacheSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable TCP connection on port 6379
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '6379'
ToPort: '6379'
SourceSecurityGroupId: !GetAtt WebServerSecurityGroup.GroupId
ElasticCacheCluster:
Type: AWS::ElastiCache::CacheCluster
Properties:
AZMode: cross-az
CacheNodeType: cache.t2.small
Engine: memcached
NumCacheNodes: '2'
VpcSecurityGroupIds:
- !Ref ElasticCacheSecurityGroup
PreferredAvailabilityZones:
- !Select
- 0
- Fn::GetAZs: !Ref AWS::Region
- !Select
- 1
- Fn::GetAZs: !Ref AWS::Region
This is the error in the log.
{
"StackId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/ec64d370-e7e1-11ea-9dd6-0a1312d0cd8a",
"EventId": "fdb2e900-e7e1-11ea-9b3d-02e056ab1688",
"StackName": "patheindirectory",
"LogicalResourceId": "patheindirectory",
"PhysicalResourceId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/ec64d370-e7e1-11ea-9dd6-0a1312d0cd8a",
"ResourceType": "AWS::CloudFormation::Stack",
"Timestamp": "2020-08-26T21:20:39.812000+00:00",
"ResourceStatus": "ROLLBACK_IN_PROGRESS",
"ResourceStatusReason": "The following resource(s) failed to create: [ElasticCacheCluster, WebServerRole]. . Rollback requested by user."
},
{
"StackId": "arn:aws:cloudformation:eu-west-1:733553390213:stack/patheindirectory/ec64d370-e7e1-11ea-9dd6-0a1312d0cd8a",
"EventId": "ElasticCacheCluster-CREATE_FAILED-2020-08-26T21:20:36.420Z",
"StackName": "patheindirectory",
"LogicalResourceId": "ElasticCacheCluster",
"PhysicalResourceId": "",
"ResourceType": "AWS::ElastiCache::CacheCluster",
"Timestamp": "2020-08-26T21:20:36.420000+00:00",
"ResourceStatus": "CREATE_FAILED",
"ResourceStatusReason": "Some security group Id not recognized by EC2: securityGroupIds[[patheindirectory-ElasticCacheSecurityGroup-1BYYWJDZOM4TM]], awsAccountId[733553390213] (Service: AmazonElastiCache; Status Code: 40
0; Error Code: InvalidParameterValue; Request ID: 331c0240-bed8-4861-9b92-29603ad2b08c)",
"ResourceProperties": "{\"CacheNodeType\":\"cache.t2.small\",\"VpcSecurityGroupIds\":[\"patheindirectory-ElasticCacheSecurityGroup-1BYYWJDZOM4TM\"],\"PreferredAvailabilityZones\":[\"eu-west-1a\",\"eu-west-1b\"],\"NumCach
eNodes\":\"2\",\"Engine\":\"memcached\",\"AZMode\":\"cross-az\"}"
},
How can I fix it?
The VpcSecurityGroupIds should container SG group id, not sg name.
Thus, you should replace:
VpcSecurityGroupIds:
- !Ref ElasticCacheSecurityGroup
with
VpcSecurityGroupIds:
- !GetAtt ElasticCacheSecurityGroup.GroupId
Please note that there could be other issues which are not yet apparent. But the above change should fix the error reported in your question.