I have the following Cloudformation template, but the instances are only up for a few seconds before resulting in terminate status.
I thought it had something to do with the 'grace' period, 'timeout' periods, but still haven't been able to figure it out.
Basically, this template is to create autoscaling groups (target group) with multiple instances and register on the ALB.
How do I fix this issue and what's the best way to debug?
AWSTemplateFormatVersion: 2010-09-09
Description: ec2-instance
Parameters:
# Azs:
# Description: Avialbility zones
# Type: String
# Default: ap-southeast-2a
AMIs:
Description: AMIs
Type: String
Default: Linux
AllowedValues:
- Linux
- Windows
InstanceCount:
Description: Number of instances
Type: Number
Default: 1
Environment:
Description: Hosting Environment
Type: String
Default: Dev
AllowedValues:
- Dev
- Prod
Subnet01:
Description: Subnet1
Type: String
Default: 10.0.1.0/24
Subnet02:
Description: Subnet2
Type: String
Default: 10.0.2.0/24
LaunchTemplateVersionNumber:
Default: 1
Type: String
# Metadata:
Mappings:
FreeTier:
Linux:
HVM64: ami-0d9f286195031c3d9
Windows:
HVM64: ami-09cf24ffd6d332930
Conditions:
SelectImage: !Equals [!Ref AMIs, Linux]
SelectEnv: !Equals [ !Ref Environment, Dev]
# Transform:
Resources:
ApplicationLB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Type: application
IpAddressType: ipv4
Scheme: internet-facing
Subnets:
- !Ref MySubnet01
- !Ref MySubnet02
Name: WebAppLB
SecurityGroups:
- !Ref SecurityALB
ALBListner:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn: !Ref ApplicationLB
DefaultActions:
- Type: forward
TargetGroupArn: !Ref MyTargetGroup
Port: 80
Protocol: "HTTP"
MyTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckEnabled: true
HealthCheckIntervalSeconds: 30
HealthCheckPath: /index.html
HealthCheckPort: 80
Port: 80
Protocol: HTTP
VpcId: !Ref MyVpc
TargetType: "instance"
Matcher:
HttpCode: "200"
TargetGroupAttributes:
- Key: load_balancing.algorithm.type
Value: round_robin
- Key: "deregistration_delay.timeout_seconds"
Value: "3000"
MyVpc:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
MySubnet01:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone:
Fn::Select:
- 0
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: !Ref Subnet01
VpcId: !Ref MyVpc
MySubnet02:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone:
Fn::Select:
- 1
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: !Ref Subnet02
VpcId: !Ref MyVpc
MyRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref MyVpc
MyIgw:
Type: AWS::EC2::InternetGateway
Subnet01RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref MySubnet01
RouteTableId: !Ref MyRouteTable
Subnet02RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref MySubnet02
RouteTableId: !Ref MyRouteTable
VPCGatewayAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref MyIgw
VpcId: !Ref MyVpc
Route:
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref MyRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref MyIgw
Launchtemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateData:
ImageId: !If [SelectImage, !FindInMap [ FreeTier, Linux, HVM64 ], !FindInMap [ FreeTier, Windows, HVM64 ]]
InstanceType: t2.micro
KeyName: cfn-putty
UserData:
Fn::Base64: |
#!/bin/bash
sudo yum -y install httpd
sudo touch /var/www/html/index.html
echo "webserver v1" > /var/www/html/index.html
sudo hostname >> /var/www/html/index.html
sudo ifconfig >> /var/www/html/index.html
systemctl start httpd.service
SecurityGroups:
- !Ref enbalessh
LauncConfig:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
DefaultInstanceWarmup: 60
HealthCheckGracePeriod: 120
HealthCheckType: ELB
AvailabilityZones:
Fn::GetAZs:
Ref: "AWS::Region"
MaxSize: 3
MinSize: 1
TargetGroupARNs:
- !Ref MyTargetGroup
DesiredCapacity: !Ref InstanceCount
LaunchTemplate:
LaunchTemplateId: !Ref Launchtemplate
Version: !Ref LaunchTemplateVersionNumber
Tags:
- Key: "Environment"
PropagateAtLaunch: true
Value: !If [SelectEnv,Dev,Prod]
- Key: "Name"
PropagateAtLaunch: true
Value: !Sub
- "web-${os}-${env}"
- os: !Ref AMIs
env: !Ref Environment
enbalessh:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: enable-ssh
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: "0.0.0.0/0"
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: "0.0.0.0/0"
SecurityALB:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Incoming-traffic-lb
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: "0.0.0.0/0"
VpcId: !Ref MyVpc
Probably because you are creating instances and its associated security groups in a default VPC, white your ALB is in your custom VPC.
So to fix that both instances and ALB must be in same VPC. You can't join them across VPCs without a VPC peering connection.