amazon-web-servicesyamlaws-cloudformationamazon-vpcamazon-efs
While deploying an efs stack i get the following error
I get the following errors as shown in the picture attached.
The Kms key is not being created. What could most probably be done to resolve this issue. At what line could the changes be made.
Error while deploying an efs stack
AWSTemplateFormatVersion: 2010-09-09
Description: Simple 3 tier web application template
Parameters:
KeyName:
Description: The EC2 Key Pair to allow SSH access to the instance
Type: 'AWS::EC2::KeyPair::KeyName'
ConstraintDescription: must be the name of an existing EC2 KeyPair.
InstanceType:
Default: t2.micro
Type: String
SSHLocation:
Description: The IP address range that can be used to SSH to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: '(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})'
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x
VpcBlock:
Type: String
Default: 192.168.0.0/16
Description: >-
The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR
range.
PublicSubnet01Block:
Type: String
Default: 192.168.0.0/18
Description: CidrBlock for public subnet 01 within the VPC
PublicSubnet02Block:
Type: String
Default: 192.168.64.0/18
Description: CidrBlock for public subnet 02 within the VPC
PrivateSubnet01Block:
Type: String
Default: 192.168.128.0/18
Description: CidrBlock for private subnet 01 within the VPC
PrivateSubnet02Block:
Type: String
Default: 192.168.192.0/18
Description: CidrBlock for private subnet 02 within the VPC
Metadata:
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: Worker Network Configuration
Parameters:
- VpcBlock
- PublicSubnet01Block
- PublicSubnet02Block
- PrivateSubnet01Block
- PrivateSubnet02Block
Mappings:
AWSInstanceType2Arch:
t1.micro:
Arch: HVM64
t2.nano:
Arch: HVM64
t2.micro:
Arch: HVM64
t2.small:
Arch: HVM64
t2.medium:
Arch: HVM64
t2.large:
Arch: HVM64
m1.small:
Arch: HVM64
m1.medium:
Arch: HVM64
m1.large:
Arch: HVM64
m1.xlarge:
Arch: HVM64
m2.xlarge:
Arch: HVM64
m2.2xlarge:
Arch: HVM64
m2.4xlarge:
Arch: HVM64
m3.medium:
Arch: HVM64
m3.large:
Arch: HVM64
m3.xlarge:
Arch: HVM64
m3.2xlarge:
Arch: HVM64
m4.large:
Arch: HVM64
m4.xlarge:
Arch: HVM64
m4.2xlarge:
Arch: HVM64
m4.4xlarge:
Arch: HVM64
m4.10xlarge:
Arch: HVM64
c1.medium:
Arch: HVM64
c1.xlarge:
Arch: HVM64
c3.large:
Arch: HVM64
c3.xlarge:
Arch: HVM64
c3.2xlarge:
Arch: HVM64
c3.4xlarge:
Arch: HVM64
c3.8xlarge:
Arch: HVM64
c4.large:
Arch: HVM64
c4.xlarge:
Arch: HVM64
c4.2xlarge:
Arch: HVM64
c4.4xlarge:
Arch: HVM64
c4.8xlarge:
Arch: HVM64
g2.2xlarge:
Arch: HVMG2
g2.8xlarge:
Arch: HVMG2
r3.large:
Arch: HVM64
r3.xlarge:
Arch: HVM64
r3.2xlarge:
Arch: HVM64
r3.4xlarge:
Arch: HVM64
r3.8xlarge:
Arch: HVM64
i2.xlarge:
Arch: HVM64
i2.2xlarge:
Arch: HVM64
i2.4xlarge:
Arch: HVM64
i2.8xlarge:
Arch: HVM64
d2.xlarge:
Arch: HVM64
d2.2xlarge:
Arch: HVM64
d2.4xlarge:
Arch: HVM64
d2.8xlarge:
Arch: HVM64
hi1.4xlarge:
Arch: HVM64
hs1.8xlarge:
Arch: HVM64
cr1.8xlarge:
Arch: HVM64
cc2.8xlarge:
Arch: HVM64
AWSRegionArch2AMI:
us-east-1:
HVM64: ami-0ff8a91507f77f867
HVMG2: ami-0a584ac55a7631c0c
us-west-2:
HVM64: ami-a0cfeed8
HVMG2: ami-0e09505bc235aa82d
us-west-1:
HVM64: ami-0bdb828fd58c52235
HVMG2: ami-066ee5fd4a9ef77f1
eu-west-1:
HVM64: ami-047bb4163c506cd98
HVMG2: ami-0a7c483d527806435
eu-west-2:
HVM64: ami-f976839e
HVMG2: NOT_SUPPORTED
eu-west-3:
HVM64: ami-0ebc281c20e89ba4b
HVMG2: NOT_SUPPORTED
eu-central-1:
HVM64: ami-0233214e13e500f77
HVMG2: ami-06223d46a6d0661c7
ap-northeast-1:
HVM64: ami-06cd52961ce9f0d85
HVMG2: ami-053cdd503598e4a9d
ap-northeast-2:
HVM64: ami-0a10b2721688ce9d2
HVMG2: NOT_SUPPORTED
ap-northeast-3:
HVM64: ami-0d98120a9fb693f07
HVMG2: NOT_SUPPORTED
ap-southeast-1:
HVM64: ami-08569b978cc4dfa10
HVMG2: ami-0be9df32ae9f92309
ap-southeast-2:
HVM64: ami-09b42976632b27e9b
HVMG2: ami-0a9ce9fecc3d1daf8
ap-south-1:
HVM64: ami-0912f71e06545ad88
HVMG2: ami-097b15e89dbdcfcf4
us-east-2:
HVM64: ami-0b59bfac6be064b78
HVMG2: NOT_SUPPORTED
ca-central-1:
HVM64: ami-0b18956f
HVMG2: NOT_SUPPORTED
sa-east-1:
HVM64: ami-07b14488da8ea02a0
HVMG2: NOT_SUPPORTED
cn-north-1:
HVM64: ami-0a4eaf6c4454eda75
HVMG2: NOT_SUPPORTED
cn-northwest-1:
HVM64: ami-6b6a7d09
HVMG2: NOT_SUPPORTED
Resources:
VPC:
Type: 'AWS::EC2::VPC'
Properties:
CidrBlock: !Ref VpcBlock
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-VPC'
InternetGateway:
Type: 'AWS::EC2::InternetGateway'
VPCGatewayAttachment:
Type: 'AWS::EC2::VPCGatewayAttachment'
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
PublicRouteTable:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public Subnets
- Key: Network
Value: Public
PrivateRouteTable01:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private Subnet AZ1
- Key: Network
Value: Private01
PrivateRouteTable02:
Type: 'AWS::EC2::RouteTable'
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private Subnet AZ2
- Key: Network
Value: Private02
PublicRoute:
DependsOn: VPCGatewayAttachment
Type: 'AWS::EC2::Route'
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PrivateRoute01:
DependsOn:
- VPCGatewayAttachment
- NatGateway01
Type: 'AWS::EC2::Route'
Properties:
RouteTableId: !Ref PrivateRouteTable01
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway01
PrivateRoute02:
DependsOn:
- VPCGatewayAttachment
- NatGateway02
Type: 'AWS::EC2::Route'
Properties:
RouteTableId: !Ref PrivateRouteTable02
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway02
NatGateway01:
DependsOn:
- NatGatewayEIP1
- PublicSubnet01
- VPCGatewayAttachment
Type: 'AWS::EC2::NatGateway'
Properties:
AllocationId: !GetAtt NatGatewayEIP1.AllocationId
SubnetId: !Ref PublicSubnet01
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-NatGatewayAZ1'
NatGateway02:
DependsOn:
- NatGatewayEIP2
- PublicSubnet02
- VPCGatewayAttachment
Type: 'AWS::EC2::NatGateway'
Properties:
AllocationId: !GetAtt NatGatewayEIP2.AllocationId
SubnetId: !Ref PublicSubnet02
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-NatGatewayAZ2'
NatGatewayEIP1:
DependsOn:
- VPCGatewayAttachment
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
NatGatewayEIP2:
DependsOn:
- VPCGatewayAttachment
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
PublicSubnet01:
Type: 'AWS::EC2::Subnet'
Metadata:
Comment: Subnet 01
Properties:
MapPublicIpOnLaunch: true
AvailabilityZone:
'Fn::Select':
- '0'
- 'Fn::GetAZs':
Ref: 'AWS::Region'
CidrBlock:
Ref: PublicSubnet01Block
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-PublicSubnet01'
- Key: kubernetes.io/role/elb
Value: 1
PublicSubnet02:
Type: 'AWS::EC2::Subnet'
Metadata:
Comment: Subnet 02
Properties:
MapPublicIpOnLaunch: true
AvailabilityZone:
'Fn::Select':
- '1'
- 'Fn::GetAZs':
Ref: 'AWS::Region'
CidrBlock:
Ref: PublicSubnet02Block
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-PublicSubnet02'
- Key: kubernetes.io/role/elb
Value: 1
PrivateSubnet01:
Type: 'AWS::EC2::Subnet'
Metadata:
Comment: Subnet 03
Properties:
AvailabilityZone:
'Fn::Select':
- '0'
- 'Fn::GetAZs':
Ref: 'AWS::Region'
CidrBlock:
Ref: PrivateSubnet01Block
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-PrivateSubnet01'
- Key: kubernetes.io/role/internal-elb
Value: 1
PrivateSubnet02:
Type: 'AWS::EC2::Subnet'
Metadata:
Comment: Private Subnet 02
Properties:
AvailabilityZone:
'Fn::Select':
- '1'
- 'Fn::GetAZs':
Ref: 'AWS::Region'
CidrBlock:
Ref: PrivateSubnet02Block
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-PrivateSubnet02'
- Key: kubernetes.io/role/internal-elb
Value: 1
PublicSubnet01RouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref PublicSubnet01
RouteTableId: !Ref PublicRouteTable
PublicSubnet02RouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref PublicSubnet02
RouteTableId: !Ref PublicRouteTable
PrivateSubnet01RouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref PrivateSubnet01
RouteTableId: !Ref PrivateRouteTable01
PrivateSubnet02RouteTableAssociation:
Type: 'AWS::EC2::SubnetRouteTableAssociation'
Properties:
SubnetId: !Ref PrivateSubnet02
RouteTableId: !Ref PrivateRouteTable02
ControlPlaneSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Cluster communication with worker nodes
VpcId: !Ref VPC
LoadBalancer:
Type: 'AWS::ElasticLoadBalancing::LoadBalancer'
Properties:
Subnets:
- !Ref PublicSubnet01
- !Ref PublicSubnet02
CrossZone: 'true'
Listeners:
- LoadBalancerPort: '80'
InstancePort: '80'
Protocol: HTTP
HealthCheck:
Target: 'HTTP:80/'
HealthyThreshold: '3'
UnhealthyThreshold: '5'
Interval: '30'
Timeout: '5'
SecurityGroups:
- !Ref ELBWebServerSecurityGroup
ELBWebServerSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable HTTP access via port 80
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '80'
ToPort: '80'
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
VpcId: !Ref VPC
AsgLaunchTemplate:
Type: 'AWS::EC2::LaunchTemplate'
Properties:
LaunchTemplateName: !Sub '${AWS::StackName}-launch-template'
LaunchTemplateData:
CreditSpecification:
CpuCredits: Unlimited
ImageId:
'Fn::FindInMap':
- AWSRegionArch2AMI
- Ref: 'AWS::Region'
- 'Fn::FindInMap':
- AWSInstanceType2Arch
- Ref: InstanceType
- Arch
InstanceType: !Ref InstanceType
KeyName: !Ref KeyName
Monitoring:
Enabled: true
SecurityGroupIds:
- !Ref ELBWebServerSecurityGroup
UserData:
'Fn::Base64': >
#!/bin/bash
yum update -y
yum install httpd -y
service httpd start
chkconfig httpd on
host_name=`curl -s
http://169.254.169.254/latest/meta-data/local-hostname`
echo "WELCOME TO FEBATECH WEB SERVER $host_name" >
/var/www/html/index.html
ApplicationAsg:
Type: 'AWS::AutoScaling::AutoScalingGroup'
DependsOn:
- PublicRouteTable
- PublicSubnet01RouteTableAssociation
- PublicSubnet02RouteTableAssociation
Properties:
AutoScalingGroupName: ApplicationAsg
MinSize: '1'
MaxSize: '5'
DesiredCapacity: '2'
HealthCheckGracePeriod: 300
LaunchTemplate:
LaunchTemplateId: !Ref AsgLaunchTemplate
Version: !GetAtt AsgLaunchTemplate.LatestVersionNumber
VPCZoneIdentifier:
- !Ref PublicSubnet01
- !Ref PublicSubnet02
LoadBalancerNames:
- !Ref LoadBalancer
MyNACL:
Type: 'AWS::EC2::NetworkAcl'
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: NACLforSSHTraffic
InboundRule:
Type: 'AWS::EC2::NetworkAclEntry'
Properties:
NetworkAclId:
Ref: MyNACL
RuleNumber: 100
Protocol: 6
RuleAction: allow
CidrBlock: 172.16.0.0/24
PortRange:
From: 0
To: 65535
OutboundRule:
Type: 'AWS::EC2::NetworkAclEntry'
Properties:
NetworkAclId:
Ref: MyNACL
RuleNumber: 100
Protocol: -1
Egress: true
RuleAction: allow
CidrBlock: 0.0.0.0/0
mySubnetNetworkAclAssociation:
Type: 'AWS::EC2::SubnetNetworkAclAssociation'
Properties:
SubnetId:
- !Ref PublicSubnet01
- !Ref PublicSubnet02
NetworkAclId:
Ref: MyNACL
MountTargetVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VPC
MountTargetSubnetOne:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: !Ref PublicSubnet01
VpcId: !Ref MountTargetVPC
AvailabilityZone: "ap-south-1a"
MountTargetSubnetTwo:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: !Ref PublicSubnet02
VpcId: !Ref MountTargetVPC
AvailabilityZone: "ap-south-1b"
FileSystemResource:
Type: 'AWS::EFS::FileSystem'
Properties:
BackupPolicy:
Status: ENABLED
PerformanceMode: maxIO
Encrypted: true
LifecyclePolicies:
- TransitionToIA: AFTER_30_DAYS
FileSystemTags:
- Key: Name
Value: TestFileSystem
FileSystemPolicy:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "elasticfilesystem:ClientMount"
Principal: 'arn:aws:iam::111122223333:root'
KmsKeyId: !GetAtt
- key
- Arn
key:
Type: AWS::KMS::Key
Properties:
KeyPolicy:
Version: 2012-10-17
Id: key-default-1
Statement:
- Sid: Allow administration of the key
Effect: Allow
Principal:
AWS: !Join
- ''
- - 'arn:aws:iam::'
- !Ref 'AWS::AccountId'
- ':root'
Action:
- 'kms:*'
Resource: '*'
AWS: "*"
MountTargetResource1:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref FileSystemResource
SubnetId: !Ref MountTargetSubnetOne
SecurityGroups:
- !GetAtt MountTargetVPC.DefaultSecurityGroup
MountTargetResource2:
Type: AWS::EFS::MountTarget
Properties:
FileSystemId: !Ref FileSystemResource
SubnetId: !Ref MountTargetSubnetTwo
SecurityGroups:
- !GetAtt MountTargetVPC.DefaultSecurityGroup
AccessPointResource:
Type: 'AWS::EFS::AccessPoint'
Properties:
FileSystemId: !Ref FileSystemResource
PosixUser:
Uid: "13234"
Gid: "1322"
SecondaryGids:
- "1344"
- "1452"
RootDirectory:
CreationInfo:
OwnerGid: "708798"
OwnerUid: "7987987"
Permissions: "0755"
Path: "/mnt/abc/data"
The Kms key is not being created. What could most probably be done to resolve this issue. At what line could the changes be made.
Solution
CloudFormation Linter in VSCode shows errors inline while authoring templates along with autocompletion and documentation links:
[cfn-lint] E3030: You must specify a valid value for CpuCredits (Unlimited).
Valid values are ["standard", "unlimited"]
[cfn-lint] E3002: Property should be of type String not List at Resources/mySubnetNetworkAclAssociation/Properties/SubnetId
[cfn-lint] E2507: IAM Policy statement key AWS isn't valid
- Lambda@Edge not logging on cloudfront request
- AWS CLI cloudformation validate-template success but getting error during create-stack
- The term 'Events:' is not recognized in cloudformation template in AWS
- AWS Lambda function and S3 - change metadata on an object in S3 only if the object changed
- Cloudformation : Encountered unsupported property DeletionPolicy on S3 Bucket
- Error in CloudFormation Stack: Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400;
- Template format error: Unresolved resource dependencies [subnet-057ba3df40f87da4e] in the Resources block of the template
- Encountered unsupported property Version
- While deploying an efs stack i get the following error
- Invalid request provided: AWS::ElasticLoadBalancingV2::ListenerRule Validation exception
- aws cloudformation - Encountered unsupported property RequestValidatorId
- How to check if CloudFormation template is correct?
- Why am I getting an error that there are unresolved VPC dependencies?
- Resource Definition is Malformed
- How to loop through values in a CloudFormation template
- Can't enable EnableExecuteCommand in ECS service blue/green
- Install 'ffi' PHP extension in Bref Laravel app running AWS Lambda with SAM template
- EC2 to S3 uploads fail randomly
- Reading a pdf in AWS lambda using PyMuPDF
- README of a Maven package is not presented at AWS CodeArtifact
- Do I need AmazonECSTaskExecutionRolePolicy as a task role in aws ecs faragate
- Resource policies and cost on AWS API Gateway
- How can I learn more about AWS's RDS Aurora PostgreSQL 9.6.19 upgrade failure?
- AWS Global Services
- Get latest AMI ID for AWS instance
- AWS Elastic Beanstalk + Laravel, Nginx Configuration
- How can we enable Amazon S3 replication modification sync in terraform?
- AWS Serverless function async: true
- ERROR aws_cloudwatch_log_subscription_filter to AWS Lambda with Terraform
- Getting a "Forbidden" exception posting to a API Gateway Websocket API from within a VPC