CloudFormation: Unable to access the EC2 instance created using CloudFomation through public DNS

0
votes

I am deploying an EC2 instance using CloudFormation. Then I installed apache and uploaded the files to EC2 instance after deployment. When the instance is deployed I cannot access it using public DNS from browser.

This is my EC2 instance resource and its security group.

WebServerInstance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      SubnetId: !Ref PublicSubnet1
      ImageId:
        Fn::FindInMap:
          - AWSRegionArch2AMI
          - Ref: AWS::Region
          - Fn::FindInMap:
              - AWSInstanceType2Arch
              - Ref: InstanceType
              - Arch
      AvailabilityZone: !Select
        - 0
        - Fn::GetAZs: !Ref AWS::Region
  WebServerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable HTTP access via port 80
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp:
            Ref: SSHLocation
      VpcId: !Ref Vpc

When I access it from the browser, it just keeps loading loading and loading. I set the inbound rules on the security group too. What is wrong with it and how can I fix it?

This is my public DNS, http://ec2-3-{xxx-xxx-xx}.eu-west-1.compute.amazonaws.com/

This is the Public subnet resource.

PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref Vpc
      CidrBlock: !Select [ 0, !Cidr [ !Ref VpcCidr, 12, 8 ] ]
      MapPublicIpOnLaunch: True
      AvailabilityZone: !Select
        - 0
        - Fn::GetAZs: !Ref AWS::Region

There is a route table for public subnet.

enter image description here

In the internet gateway console, there is only one gateway and which is not attached to the VPC in the template. Can this be the issue?

Edit I got this error

enter image description here

1
amazon-web-servicesamazon-ec2amazon-cloudformationamazon-vpc
Does the subnet have a route table attached with an internet gateway?Chris Williams
Hi. Do you have full CFN template to show, like last time? This would enable me to launch it it my sandabox and hopefully faster verify the instance conectivity.Marcin
Hi yes. Can we do that in chat?Wai Yan Hein
I see the issue was solved :-)Marcin
Yes. It has been resolved. Thanks.Wai Yan Hein

1 Answers

1
votes

There are several reasons outside the security group allowing access. The following should be checked:

Check your instances subnet has a route within its route table for 0.0.0.0/0 which has a destination of a internet gateway.

Each subnet will have an available route table (this will be the default route table if you did not specify one).

This can be completed by using the CloudFormation below

  InternetGateway:
    Type: AWS::EC2::InternetGateway
  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId:
        Ref: VPC
      InternetGatewayId:
        Ref: InternetGateway    
  RouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId:  
        Ref: myVPC
  Route:
    Type: AWS::EC2::Route
    DependsOn: InternetGateway
    Properties:
       RouteTableId:
         Ref: RouteTable
       DestinationCidrBlock: 0.0.0.0/0
       GatewayId:
         Ref: InternetGateway
  SubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId:
        Ref: Subnet
      RouteTableId:
        Ref: RouteTable

If you updated the default NACL make sure you added both port 80 and ephemeral ports to the rules.

Make sure apache is running on the host (not just installed). This can be done by running systemctl start apache on debian based OS or systemctl start httpd on a RHEL based.