Using AWS CloudFormation to create a DBSubnetGroup

3
votes

I'm using ECS-CLI (0.4.5) to launch a CFN template, and now I'm trying to put an Aurora cluster into the CFN template and update the stack with a changeset through the CFN SDK.

I can't figure out why it's upset about my subnets. The subnets are created by the initial 'ecs-cli up' call. They are in the same vpc as the rest of the stack, they already exist before I try to deploy the changeset, and they are in different availability zones (us-west-2b and us-west-2c).

The only info CFN is giving me is that 'some input subnets are invalid'.

CFN Failure: CFN Failure

Subnets: Subnets

I can create a DBSubnetGroup through the management console with the exact same subnets with no problems.

Any ideas on what could be going wrong? Is this a bug in CloudFormation? Let me know if more information is needed to solve this... I'm honestly at such a loss

Here's what my initial template boils down to (It's built into ecs-cli):

 "PubSubnetAz1": {
        "Type": "AWS::EC2::Subnet",
        "Properties": {
            "VpcId": {
                "Ref": "Vpc"
            },
            "CidrBlock": "10.0.0.0/24",
            "AvailabilityZone": "us-west-2b"
        }
},
"PubSubnetAz2": {
        "Type": "AWS::EC2::Subnet",
        "Properties": {
            "VpcId": {
                "Ref": "Vpc"
            },
            "CidrBlock": "10.0.1.0/24",
            "AvailabilityZone": "us-west-2c"
        }
},
"InternetGateway": {
    "Type": "AWS::EC2::InternetGateway"
},
"AttachGateway": {
    "Type": "AWS::EC2::VPCGatewayAttachment",
    "Properties": {
        "VpcId": {
            "Ref": "Vpc"
        },
        "InternetGatewayId": {
            "Ref": "InternetGateway"
        }
    }
},
"RouteViaIgw": {
    "Type": "AWS::EC2::RouteTable",
    "Properties": {
        "VpcId": {
            "Ref": "Vpc"
        }
    }
},
"PublicRouteViaIgw": {
    "DependsOn": "AttachGateway",
    "Type": "AWS::EC2::Route",
    "Properties": {
        "RouteTableId": {
            "Ref": "RouteViaIgw"
        },
        "DestinationCidrBlock": "0.0.0.0/0",
        "GatewayId": {
            "Ref": "InternetGateway"
        }
    }
},
"PubSubnet1RouteTableAssociation": {
    "Type": "AWS::EC2::SubnetRouteTableAssociation",
    "Properties": {
        "SubnetId": {
            "Ref": "PubSubnetAz1"
        },
        "RouteTableId": {
            "Ref": "RouteViaIgw"
        }
    }
},
"PubSubnet2RouteTableAssociation": {
    "Type": "AWS::EC2::SubnetRouteTableAssociation",
    "Properties": {
        "SubnetId": {
            "Ref": "PubSubnetAz2"
        },
        "RouteTableId": {
            "Ref": "RouteViaIgw"
        }
    }
},

And then when I go to update it, I add this:

"DBSubnetGroup": {
    "Type": "AWS::RDS::DBSubnetGroup",
    "Properties": {
        "DBSubnetGroupDescription": "Aurora Subnet Group using subnets from 2 AZs",
        "SubnetIds": {
             "Fn::Join": [
                    ",", [{
                            "Ref": "pubSubnetAz1"
                        },
                        {
                            "Ref": "pubSubnetAz2"
                        }
                    ]
                ]
            }]
        }
    }
}

The changeset should be simple enough...

"Changes": [
    {
      "Type": "Resource",
      "ResourceChange": {
        "Action": "Add",
        "LogicalResourceId": "DBSubnetGroup",
        "ResourceType": "AWS::RDS::DBSubnetGroup",
        "Scope": [],
        "Details": []
      }
    }
]

I'm using AWSTemplateFormatVersion 2010-09-09 and the JavaScript aws-sdk "^2.7.21"

2
amazon-web-servicesamazon-cloudformationsubnetamazon-ecsamazon-aurora
It would help to see how you are passing the subnets in the Cloudformation yaml/json -- please post if you can. - rumdrums
Added the relevant json! - Kaleo Brandt
Thanks guys, it's been a while since I've felt this dumb lol - Kaleo Brandt
Lol. Welcome to Cloudformation! Deploy, fail, deploy, fail, deploy..... - rumdrums

2 Answers

3
votes

The issue is that you're concatenating your subnet IDs into a string. Instead, you should pass them in an array. Try this:

  "PrivateSubnetGroup": {
    "Type": "AWS::RDS::DBSubnetGroup",
    "Properties": {
      "SubnetIds": [
        {
          "Ref": "PubSubnetAz1"
        },
        {
          "Ref": "PubSubnetAz2"
        }
      ],
      "DBSubnetGroupDescription": "Aurora Subnet Group using subnets from 2 AZs"
    }
  }

Also, I would highly recommend trying to use yaml instead of json. Cloudformation now supports this natively, along with some shortcut functions to make using references easier, and I think in the long run you'll find it much easier to both read and write.

Here's an example of how you could write equivalent json in yaml:

PrivateSubnetGroup:
  Type: AWS::RDS::DBSubnetGroup
  Properties:
    DBSubnetGroupDescription: Subnet group for Aurora Database
    SubnetIds:
    - !Ref PubSubnetAz1
    - !Ref PubSubnetAz2
2
votes

According to the AWS::RDS::DBSubnetGroup documentation, the SubnetIDs parameter accepts a List of strings, not a CommaDelimitedList which is what you provided in your example. You should pass the subnets in a JSON array directly, without using Fn::Join:

"SubnetIds": [
  {"Ref": "pubSubnetAz1"},
  {"Ref": "pubSubnetAz2"}
]