Issue Summary
I would like to set up Redash Instance in private subnet, but it didn’t work well. The instance status check is “1/2 failed”. The question is whether there is some necessary setting in addition to the setting introduced in the website(https://redash.io/help/open-source/setup).
For your information, if I place the redash instance on the public subnet, it works well.
Technical details:
AMI: ami-060741a96307668be
EC2 size: t2.small
the private subnet has NAT Gateway
CloudFormation template is below.(I removed parameters because those were kind of secret information. The parameters are correct because I checked those parameters with public subnet. So please check the other part, Thank you.)
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PrivateSubnetACidrBlock
VpcId: !Ref VpcId
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: !Ref PublicSubnetACidrBlock
VpcId: !Ref VpcId
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Sub ${InternetGatewayId}
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: !Ref VpcId
From marcin's comment, I try the template below, but it did not work well, ec2 status check shows '1/2 failed'
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 172.18.0.0/24
VpcId: <VPCID>
Tags:
- Key: Name
Value: Private
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: <VPCID>
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: ap-northeast-1a
CidrBlock: 172.18.2.0/24
VpcId: <VPCID>
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: <VPCID>
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: <INTERNETGATEWAYID>
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
#SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: <VPCID>
I modified the template so that it works. I can only test in us-east-1 in my sandbox account, so I made changes for that region. You need to modify it further as your template is incomplete and I had to fill out a lot of blanks.
The template works and provisions the instance (from curl):
<div class="fixed-width-page">
<div class="bg-white tiled">
<h4 class="m-t-0">Welcome to Redash!</h4>
<div>Before you can use your instance, you need to do a quick setup.</div>
Full working template:
AWSTemplateFormatVersion: '2010-09-09'
Description: This template is used for creating redash analysis foundation
Resources:
####################################################################################################
#### NetWork Setting
####################################################################################################
VpcId:
Type: AWS::EC2::VPC
Properties:
CidrBlock: 10.0.0.0/16
EnableDnsSupport: 'true'
EnableDnsHostnames: 'true'
RedashInstancePrivateSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a #ap-northeast-1a
CidrBlock: "10.0.1.0/24"
VpcId: !Ref VpcId
Tags:
- Key: Name
Value: Private
PrivateSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
SubnetId: !Ref RedashInstancePrivateSubnetA
PrivateSubnetRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
NATGatewayForPrivateSubnetA:
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt NATGatewayAEIP.AllocationId
SubnetId: !Ref RedashALBPublicSubnetA
NATGatewayAEIP:
DependsOn: IGWAttachment
Type: AWS::EC2::EIP
Properties:
Domain: vpc
PrivateARoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateSubnetRouteTable
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NATGatewayForPrivateSubnetA
RedashALBPublicSubnetA:
Type: AWS::EC2::Subnet
Properties:
AvailabilityZone: us-east-1a #ap-northeast-1a
CidrBlock: 10.0.0.0/24
VpcId: !Ref VpcId
MapPublicIpOnLaunch: true
Tags:
- Key: Name
Value: Public
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VpcId
InternetGatewayId:
Type: AWS::EC2::InternetGateway
Properties: {}
IGWAttachment:
Type: AWS::EC2::VPCGatewayAttachment
Properties:
InternetGatewayId: !Ref InternetGatewayId
VpcId: !Ref VpcId
#VpnGatewayId: String
PublicRoute:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGatewayId
PublicSubnetARoute:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
RouteTableId: !Ref PublicRouteTable
SubnetId: !Ref RedashALBPublicSubnetA
####################################################################################################
#### Re:dash EC2 Instance
####################################################################################################
RedashInstance:
Type: AWS::EC2::Instance
Properties:
LaunchTemplate:
LaunchTemplateId: !Ref RedashInstanceLaunchTemplate
Version: !GetAtt RedashInstanceLaunchTemplate.LatestVersionNumber
SubnetId: !Ref RedashInstancePrivateSubnetA
RedashInstanceLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: redash-isntance-lt
LaunchTemplateData:
SecurityGroupIds:
- !Ref RedashInstanceSecurityGroup
ImageId: ami-0d915a031cabac0e0 #ami-060741a96307668be
InstanceType: t2.small
RedashInstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: This Security Group is used for Re:dash Instance
GroupName: redash-instance-sg
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
#SourceSecurityGroupId: !Ref RedashALBSecurityGroup
VpcId: !Ref VpcId