Menu
I try to create an EC2 instance with the template below:
Parameters:
KeyName:
Default: TestKeyPair
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
Type: AWS::EC2::KeyPair::KeyName
Resources:
Dev:
Properties:
ImageId: ami-4e79ed36
InstanceType: t2.micro
KeyName: !Ref 'KeyName'
SecurityGroups:
- !Ref 'SSH'
Type: AWS::EC2::Instance
but I get:
An error occurred (ValidationError) when calling the CreateChangeSet operation: Template format error: Unresolved resource dependencies [SSH] in the Resources block of the template
I can't understand what's wrong in the template since the security group named "SSH" is already present:
$ aws ec2 describe-security-groups --group-names SSH
....
"IpPermissions": [
{
"ToPort": 22,
"IpRanges": [
{
"CidrIp": "0.0.0.0/0"
}
],
"FromPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": [],
"PrefixListIds": [],
"Ipv6Ranges": []
}
],
"GroupName": "SSH",
"GroupId": "sg-3b8bc345",
"Description": "Enable SSH access via port 22",
"OwnerId": "150811659115",
"VpcId": "vpc-a84688cf"
....
330
For “Unresolved resource dependencies [XXXXXXXX] in the Resources block of the template” errors, we perform this. 1. First, we confirm that resource logical IDs are defined in the template. 2. Also, we need to confirm that resource physical IDs exist in the environment.
“The CloudFormation template is invalid: Template format error: Unresolved resource dependencies [ApiGatewayRestApi] in the Resources block of the template” When you define a resource in your serverless.yml, you can reference an attribute of another resource dynamically.
For "The [environmental resource] 'XXXXXXXX' does not exist" errors, see the Verify that your resource exists outside the stack, or validate dependencies for resources in the same stack section. For "At least one Resources member must be defined" errors, see the Include a Resources section in your template section.
When you define a resource in your serverless.yml, you can reference an attribute of another resource dynamically. This error happens when the referenced resource cannot be found. Ensure you are referring to the logical ID of the resource. For example, if you define an S3 bucket in your resources:
!Ref only works for Logical ID that exists within the template. That doesn't mean that you can't reference an existing security group, that just mean that you'll have to reference it in some other way. For your particular use case I suggest you pass the security group as a stack parameter like so:
Parameters:
KeyName:
Default: TestKeyPair
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
Type: AWS::EC2::KeyPair::KeyName
SSHSecurityGroup:
Description: SecurityGroup that allows access to the instance via SSH
Type: AWS::EC2::SecurityGroup::Id
Resources:
Dev:
Properties:
ImageId: ami-4e79ed36
InstanceType: t2.micro
KeyName: !Ref 'KeyName'
SecurityGroups:
- !Ref SSHSecurityGroup
Type: AWS::EC2::Instance
On the stack creation you just have to pass the SSH Security Group in the appropriated field.
That being said, you won't have a much dynamic setup if you do it this way. You should either define the security group within this template and reference it directly (using !Ref), or you could create a template that manages all security groups and use the Export/Import feature of CloudFormation to reference the security groups between stacks.
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
