CloudFormation template fails with error "Service: AmazonEC2; Status Code: 400; Error Code: Unsupported"

1
votes

I have created CloudFormaton Template with below resources

---
Resources: 
  InsuranceVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 11.0.0.0/16
      EnableDnsSupport: 'false'
      EnableDnsHostnames: 'false'
      InstanceTenancy: dedicated
      Tags:
       - Key: work
         Value: insurance
       - Key: name
         Value: InsuranceVPC

  InsuranceInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
      - Key: work
        Value: insurance
      - Key: name
        Value: InsuranceInternetGateway

  InsuranceSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Ref: InsuranceVPC
      CidrBlock: 11.0.2.0/24
      AvailabilityZone: "ap-south-1a"
      Tags:
      - Key: work
        Value: insurance
      - Key: name
        Value: InsuranceSubnet

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId:
         Ref: InsuranceVPC
      InternetGatewayId:
         Ref: InsuranceInternetGateway

  Ec2Instance: 
    Type: AWS::EC2::Instance
    Properties: 
      ImageId: "ami-0732b62d310b80e97"
      InstanceType: "t2.medium"
      KeyName: "DevOpsAutomation"
      NetworkInterfaces: 
        - AssociatePublicIpAddress: "true"
          DeviceIndex: "0"
          GroupSet: 
            - Ref: "InsuranceSecurityGroup"
          SubnetId: 
            Ref: "InsuranceSubnet"

  InsuranceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Allow http and ssh to client host
        VpcId:
           Ref: InsuranceVPC
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        SecurityGroupEgress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

All resources creations are successful except EC2Instance which fails with below error:

The requested configuration is currently not supported. Please check the documentation for supported configurations. (Service: AmazonEC2; Status Code: 400; Error Code: Unsupported; Request ID: a59a2d39-3aa9-4f7b-9cbd-db05dca0d61e)

The following resource(s) failed to create: [Ec2Instance]. . Rollback requested by use

What I have checked:

  1. The ImageID and InstanceType exist in the same region (or AZ)
  2. All other objects and its dependencies are met
  3. though I understand I haven't yet created route table, route entries but that shouldn't affect EC2 instance resource creation
  4. I am privileged user to create resources.

Please help or guide what I am missing here

2
amazon-web-servicesamazon-cloudformationaws-cloudformation-custom-resource

2 Answers

1
votes

I launched your template on my sandbox account.

I've identified some issues.

  • missing DependsOn on the instance,
  • VPC has dedicated tenancy,
  • and incorrect GroupSet.

I modified the template so it fully works now in us-east-1. You have to adjust it to your own region (AMI also needs to be changed back to your original one if not using us-east-1).

---
Resources: 
  InsuranceVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 11.0.0.0/16
      EnableDnsSupport: 'false'
      EnableDnsHostnames: 'false'
      InstanceTenancy: default
      Tags:
       - Key: work
         Value: insurance
       - Key: name
         Value: InsuranceVPC

  InsuranceInternetGateway:
    Type: AWS::EC2::InternetGateway
    Properties:
      Tags:
      - Key: work
        Value: insurance
      - Key: name
        Value: InsuranceInternetGateway

  InsuranceSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId:
        Ref: InsuranceVPC
      CidrBlock: 11.0.2.0/24
      AvailabilityZone: "us-east-1a"
      Tags:
      - Key: work
        Value: insurance
      - Key: name
        Value: InsuranceSubnet

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId:
         Ref: InsuranceVPC
      InternetGatewayId:
         Ref: InsuranceInternetGateway

  Ec2Instance: 
    Type: AWS::EC2::Instance
    DependsOn: AttachGateway
    Properties: 
      ImageId: "ami-08f3d892de259504d"
      InstanceType: "t2.medium"
      KeyName: "MyKeyPair"
      NetworkInterfaces: 
        - AssociatePublicIpAddress: "true"
          DeviceIndex: "0"
          GroupSet: 
            - !GetAtt InsuranceSecurityGroup.GroupId
          SubnetId: 
            Ref: "InsuranceSubnet"

  InsuranceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: Allow http and ssh to client host
        VpcId:
           Ref: InsuranceVPC
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        SecurityGroupEgress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
1
votes

Your VPC is set to dedicated tenancy, which has limits over the resources you can use launch in it (including certain instances types.

Some AWS services or their features won't work with a VPC with the instance tenancy set to dedicated. Check the service's documentation to confirm if there are any limitations.

Some instance types cannot be launched into a VPC with the instance tenancy set to dedicated. For more information about supported instances types, see Amazon EC2 Dedicated Instances.

You should check the above link above, to compare against your instance type.