Demo App CREATE_FAILED

Rapid Docker on AWS
#1

Hi Michael,

I’m working with the V9 of the source code. Getting a CREATE_FAILED error in AWS on the Vpc submodule.

Embedded stack arn:aws:cloudformation:us-west-1:086458951085:stack/demo-app-Vpc-ZBZIWQGHUZC0-SubnetCPublic-BN3GI8SMCMVS/e25ef9e0-0b4b-11eb-8363-02bf5ad7a27f was not successfully created: The following resource(s) failed to create: [RouteTable, Subnet, NetworkAcl].

{
“StackId”: “arn:aws:cloudformation:us-west-1:086458951085:stack/demo-app/ad3f9490-0b4b-11eb-8c90-028e68dfd5f1”,
“EventId”: “Vpc-CREATE_FAILED-2020-10-10T22:57:14.073Z”,
“ResourceStatus”: “CREATE_FAILED”,
“ResourceType”: “AWS::CloudFormation::Stack”,
“Timestamp”: “2020-10-10T22:57:14.073Z”,
“ResourceStatusReason”: "Embedded stack arn:aws:cloudformation:us-west-1:086458951085:stack/demo-app-Vpc-ZBZIWQGHUZC0/c196a460-0b4b-11eb-8345-06667c389c9d was not successfully created: The following resource(s) failed to create: [SubnetBPrivate, SubnetAPrivate, SubnetAPublic, SubnetCPublic, SubnetCPrivate, SubnetBPublic, FlowLogModule]. ",
“StackName”: “demo-app”,
“ResourceProperties”: "{“TemplateURL”:"https://s3.us-west-1.amazonaws.com/docker-on-aws-gocetest2/2741e34e5bba9ae889ecfb21e90b2316.template",“Parameters”:{“AlertingModule”:“demo-app-Alerting-90SQLLHD1H68”,“NatGateways”:“false”}}",
“PhysicalResourceId”: “arn:aws:cloudformation:us-west-1:086458951085:stack/demo-app-Vpc-ZBZIWQGHUZC0/c196a460-0b4b-11eb-8345-06667c389c9d”,
“LogicalResourceId”: “Vpc”
},

#2

Hi @goce.komita

Thanks for posting! Can you check out the events of the nested stacks as well? You might have reached the “max number of VPC” limit which you can increase.

Thanks
Michael

#3

This is the only VPC in the region I was deploying in (besides the default vpc). I attached a screenshot of the events for the stack. I’m not sure if it’s too legible, but the Vpc embedded stack is the first one that failed.

Where else should I look to isolate the issue?

Screen Shot 2020-10-12 at 05.43.21
Screen Shot 2020-10-12 at 05.43.211169×253 15.3 KB

Screen Shot 2020-10-12 at 05.29.12
Screen Shot 2020-10-12 at 05.29.121296×844 108 KB

#4

CloudFormation is the right place to look into the issue. You should see a bunch of stacks in the deleted state. One if them is called demo-VPC-*** Can you post the events from this stack?

#5

Thanks for the tip Michael and thank you for troubleshooting this step by step. We are heading in the right direction.

This is from the stack “demo-app-Vpc-ZBZIWQGHUZC0-SubnetCPrivate-8Q99DXA9MYV3”

Subnet CREATE_FAILED Template error: Fn::Select cannot select nonexistent value at index 2

I’ve tried this process about 6 times and this error is consistent.

I’m not sure if this matters, but this is the template I copied from the AWS VPC Subnet module.

AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules: AWS VPC Subnet'
Parameters:
  VpcPlainModule:
    Description: stack name of vpc-plain module
    Type: String
  Reach:
    Description: Should the subnet has a route to the Internet?
    Type: String
    AllowedValues:
    - private
    - public
  AZIndex:
    Description: Index of the AZ where the subnet should be created in
    Type: Number
    MinValue: 0
    MaxValue: 2
  AZChar:
    Description: Availability zone char
    Type: String
    AllowedValues:
    - A
    - B
    - C
  SubnetIndex:
    Description: Index of the subnet
    Type: Number
    MinValue: 0
    MaxValue: 5
  SubnetCount:
    Description: To slice the IP address ranges you need to specify how many subnets
      you want to create in the VPC
    Type: Number
    MinValue: 1
    MaxValue: 6
Conditions:
  IsPublic:
    Fn::Equals:
    - Ref: Reach
    - public
Resources:
  Subnet:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone:
        Fn::Select:
        - Ref: AZIndex
        - Fn::GetAZs: ''
      CidrBlock:
        Fn::Select:
        - Ref: SubnetIndex
        - Fn::Cidr:
          - Fn::ImportValue:
              Fn::Sub: ${VpcPlainModule}-CidrBlock
          - Ref: SubnetCount
          - 12
      VpcId:
        Fn::ImportValue:
          Fn::Sub: ${VpcPlainModule}-Id
      Tags:
      - Key: Name
        Value:
          Fn::Sub: ${AZChar} ${Reach}
      - Key: Reach
        Value:
          Ref: Reach
  RouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:
        Fn::ImportValue:
          Fn::Sub: ${VpcPlainModule}-Id
      Tags:
      - Key: Name
        Value:
          Fn::Sub: ${AZChar} ${Reach}
  SubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId:
        Ref: Subnet
      RouteTableId:
        Ref: RouteTable
  RouteInternet:
    Type: AWS::EC2::Route
    Condition: IsPublic
    Properties:
      RouteTableId:
        Ref: RouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId:
        Fn::ImportValue:
          Fn::Sub: ${VpcPlainModule}-InternetGatewayId
  NetworkAcl:
    Type: AWS::EC2::NetworkAcl
    Properties:
      VpcId:
        Fn::ImportValue:
          Fn::Sub: ${VpcPlainModule}-Id
      Tags:
      - Key: Name
        Value:
          Fn::Sub: ${AZChar} ${Reach}
  NetworkAclEntryAllowAllInbound:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId:
        Ref: NetworkAcl
      RuleNumber: 99
      Protocol: -1
      RuleAction: allow
      Egress: false
      CidrBlock: 0.0.0.0/0
  NetworkAclEntryAllowAllOutbound:
    Type: AWS::EC2::NetworkAclEntry
    Properties:
      NetworkAclId:
        Ref: NetworkAcl
      RuleNumber: 99
      Protocol: -1
      RuleAction: allow
      Egress: true
      CidrBlock: 0.0.0.0/0
  SubnetNetworkAclAssociation:
    Type: AWS::EC2::SubnetNetworkAclAssociation
    Properties:
      SubnetId:
        Ref: Subnet
      NetworkAclId:
        Ref: NetworkAcl
Outputs:
  ModuleId:
    Value: vpc-subnet
  ModuleVersion:
    Value: 1.0.0
  StackName:
    Value:
      Ref: AWS::StackName
  Id:
    Value:
      Ref: Subnet
    Export:
      Name:
        Fn::Sub: ${AWS::StackName}-Id
  RouteTableId:
    Value:
      Ref: RouteTable
    Export:
      Name:
        Fn::Sub: ${AWS::StackName}-RouteTableId
  AvailabilityZone:
    Value:
      Fn::Select:
      - Ref: AZIndex
      - Fn::GetAZs: ''
    Export:
      Name:
        Fn::Sub: ${AWS::StackName}-AvailabilityZone
#6

I believe that something is wrong with your default subnets in your default vpc in us-west-1. CloudFormation uses them to detect your AZs.

Can you check that:

  1. You have a default vpc in us-west-1
  2. You have 3 subnets in 3 different AZs?

If this issue is only about the missing 3 default subnet, as a workaround, you can reduce the AZz down to 2 in the vpc module, see https://github.com/cfn-modules/vpc#usage

#7

The issue was #2, the us-west-1 region has only two AZs.

After I moved the stack to a different region with more AZs it is working as expected.

Thanks for your help Michael.

1 Like
#8

Oh… I see. I wasn’t expecting one of the US regions to only have two AZs. I use us-east-1 and us-west-2 often. But I never used us-west-1 so far.

I’m glad it works now!

#9

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.