Skip to content

Instantly share code, notes, and snippets.

@carmstrong
Last active April 14, 2016 16:01
Show Gist options
  • Save carmstrong/66f9cc2ce5e8fb005d4d to your computer and use it in GitHub Desktop.
Save carmstrong/66f9cc2ce5e8fb005d4d to your computer and use it in GitHub Desktop.
AWS CloudFormation circular dependency
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description": "Deis on EC2: http://deis.io/",
"Parameters" : {
"KeyPair" : {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the Deis hosts",
"Type" : "String",
"MinLength": "1",
"MaxLength": "64",
"AllowedPattern" : "[-_ a-zA-Z0-9]*",
"ConstraintDescription" : "can contain only alphanumeric characters, spaces, dashes and underscores."
},
"ClusterSize": {
"Default": "3",
"MinValue": "3",
"MaxValue": "12",
"Description": "Number of nodes in cluster (3-12).",
"Type": "Number"
},
"SSHFrom" : {
"Description" : "Lockdown SSH access to the Deis hosts (default: can be accessed from anywhere)",
"Type" : "String",
"MinLength": "9",
"MaxLength": "18",
"Default" : "0.0.0.0/0",
"AllowedPattern" : "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription" : "must be a valid CIDR range of the form x.x.x.x/x."
},
"InstanceType" : {
"Description" : "EC2 instance type (see http://aws.amazon.com/ec2/instance-types/)",
"Type" : "String",
"Default" : "m3.large",
"AllowedValues" : [
"m3.medium",
"m3.large",
"m3.xlarge",
"m3.2xlarge",
"m1.small",
"m1.medium",
"m1.large",
"m1.xlarge",
"c3.large",
"c3.xlarge",
"c3.2xlarge",
"c3.4xlarge",
"c3.8xlarge",
"c1.medium",
"c1.xlarge",
"cc2.8xlarge",
"g2.2xlarge",
"cg1.4xlarge",
"m2.xlarge",
"m2.4xlarge",
"cr1.8xlarge",
"hi1.4xlarge",
"hs1.8xlarge",
"i2.xlarge",
"i2.2xlarge",
"i2.4xlarge",
"i2.8xlarge",
"r3.large",
"r3.xlarge",
"r3.2xlarge",
"r3.4xlarge",
"r3.8xlarge",
"t1.micro",
"t2.micro",
"t2.small",
"t2.medium"
],
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"EC2VirtualizationType" : {
"Description" : "EC2 AMI virtualization type (see http://aws.amazon.com/amazon-linux-ami/instance-type-matrix/)",
"Type": "String",
"Default": "PV",
"AllowedValues" : [ "PV", "HVM" ],
"ConstraintDescription" : "must be either PV or HVM"
},
"AssociatePublicIP": {
"Description": "Whether to associate a public IP address to the instances",
"Type": "String",
"Default": "true",
"AllowedValues" : [ "true", "false" ],
"ConstraintDescription" : "must be either true or false"
}
},
"Mappings" : {
"CoreOSAMIs" : {
"us-east-1" : { "PV" : "ami-b85786d0", "HVM" : "ami-a65786ce" },
"us-west-2" : { "PV" : "ami-cfafd5ff", "HVM" : "ami-cdafd5fd" },
"us-west-1" : { "PV" : "ami-45151800", "HVM" : "ami-bb1a17fe" },
"eu-west-1" : { "PV" : "ami-72865b05", "HVM" : "ami-74865b03" },
"ap-southeast-1" : { "PV" : "ami-88e4bcda", "HVM" : "ami-ce376c9c" },
"ap-southeast-2" : { "PV" : "ami-3ba8ce01", "HVM" : "ami-0d98fe37" },
"ap-northeast-1" : { "PV" : "ami-47cb9246", "HVM" : "ami-49cb9248" },
"sa-east-1" : { "PV" : "ami-e1f65efc", "HVM" : "ami-e7f65efa" }
},
"SubnetConfig" : {
"VPC" : { "CIDR" : "10.21.0.0/16" },
"Subnet1" : { "CIDR" : "10.21.1.0/24" },
"Subnet2" : { "CIDR" : "10.21.2.0/24" }
}
},
"Resources" : {
"VPC" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"EnableDnsSupport" : "true",
"EnableDnsHostnames" : "true",
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "VPC", "CIDR" ]},
"Tags" : [
{ "Key" : "Application", "Value" : "Deis" }
]
}
},
"Subnet1" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone": { "Fn::Select" : [ 0, { "Fn::GetAZs" : "" } ] },
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Subnet1", "CIDR" ]},
"Tags" : [
{ "Key" : "Application", "Value" : "Deis" },
{ "Key" : "Network", "Value" : "Private" }
]
}
},
"Subnet2" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"AvailabilityZone": { "Fn::Select" : [ 1, { "Fn::GetAZs" : "" } ] },
"CidrBlock" : { "Fn::FindInMap" : [ "SubnetConfig", "Subnet2", "CIDR" ]},
"Tags" : [
{ "Key" : "Application", "Value" : "Deis" },
{ "Key" : "Network", "Value" : "Private" }
]
}
},
"InternetGateway" : {
"Type" : "AWS::EC2::InternetGateway",
"Properties" : {
"Tags" : [
{ "Key" : "Application", "Value" : "Deis" },
{ "Key" : "Network", "Value" : "Public" }
]
}
},
"GatewayToInternet" : {
"Type" : "AWS::EC2::VPCGatewayAttachment",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"InternetGatewayId" : { "Ref" : "InternetGateway" }
}
},
"PublicRouteTable" : {
"Type" : "AWS::EC2::RouteTable",
"DependsOn" : "GatewayToInternet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"Tags" : [
{ "Key" : "Application", "Value" : "Deis" },
{ "Key" : "Network", "Value" : "Public" }
]
}
},
"PublicRoute" : {
"Type" : "AWS::EC2::Route",
"DependsOn" : "GatewayToInternet",
"Properties" : {
"RouteTableId" : { "Ref" : "PublicRouteTable" },
"DestinationCidrBlock" : "0.0.0.0/0",
"GatewayId" : { "Ref" : "InternetGateway" }
}
},
"Subnet1RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "Subnet1" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"Subnet2RouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "Subnet2" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"NetworkAcl" : {
"Type" : "AWS::EC2::NetworkAcl",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"Tags" : [
{ "Key" : "Application", "Value" : "Deis" }
]
}
},
"InboundSSHNetworkAclEntry" : {
"Type" : "AWS::EC2::NetworkAclEntry",
"Properties" : {
"NetworkAclId" : { "Ref" : "NetworkAcl" },
"RuleNumber" : "100",
"Protocol" : "6",
"RuleAction" : "allow",
"Egress" : "false",
"CidrBlock" : { "Ref" : "SSHFrom" },
"PortRange" : { "From" : "22", "To" : "22" }
}
},
"OutboundNetworkAclEntry" : {
"Type" : "AWS::EC2::NetworkAclEntry",
"Properties" : {
"NetworkAclId" : { "Ref" : "NetworkAcl" },
"RuleNumber" : "100",
"Protocol" : "6",
"RuleAction" : "allow",
"Egress" : "true",
"CidrBlock" : "0.0.0.0/0",
"PortRange" : { "From" : "0", "To" : "65535" }
}
},
"Subnet1NetworkAclAssociation" : {
"Type" : "AWS::EC2::SubnetNetworkAclAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "Subnet1" },
"NetworkAclId" : { "Ref" : "NetworkAcl" }
}
},
"Subnet2NetworkAclAssociation" : {
"Type" : "AWS::EC2::SubnetNetworkAclAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "Subnet2" },
"NetworkAclId" : { "Ref" : "NetworkAcl" }
}
},
"CoreOSServerAutoScale": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": [
{ "Fn::GetAtt" : [ "Subnet1", "AvailabilityZone" ] },
{ "Fn::GetAtt" : [ "Subnet2", "AvailabilityZone" ] }
],
"VPCZoneIdentifier": [
{ "Ref" : "Subnet1" },
{ "Ref" : "Subnet2" }
],
"LaunchConfigurationName": {"Ref": "CoreOSServerLaunchConfig"},
"MinSize": "3",
"MaxSize": "12",
"DesiredCapacity": {"Ref": "ClusterSize"},
"Tags": [
{"Key": "Name", "Value": "Deis", "PropagateAtLaunch": true}
],
"LoadBalancerNames": [
{ "Ref": "DeisWebELB" }
]
}
},
"CoreOSServerLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"DependsOn" : "GatewayToInternet",
"Properties": {
"ImageId" : { "Fn::FindInMap" : [ "CoreOSAMIs", { "Ref" : "AWS::Region" }, { "Ref" : "EC2VirtualizationType" }]},
"InstanceType": {"Ref": "InstanceType"},
"KeyName": {"Ref": "KeyPair"},
"UserData" : { "Fn::Base64": { "Fn::Join": [ "", [ ] ] } },
"AssociatePublicIpAddress": {"Ref": "AssociatePublicIP"},
"SecurityGroups": [ { "Fn::GetAtt": ["VPCSecurityGroup", "GroupId"] }],
"BlockDeviceMappings" : [
{
"DeviceName" : "/dev/sda",
"Ebs" : { "VolumeSize" : "100" }
}
]
}
},
"DeisWebELB": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"DependsOn" : "GatewayToInternet",
"Properties": {
"HealthCheck": {
"HealthyThreshold": "4",
"Interval": "15",
"Target": "HTTP:80/health-check",
"Timeout": "5",
"UnhealthyThreshold": "2"
},
"Subnets": [
{ "Ref" : "Subnet1" },
{ "Ref" : "Subnet2" }
],
"Listeners": [
{
"InstancePort": "80",
"InstanceProtocol": "HTTP",
"LoadBalancerPort": "80",
"Protocol": "HTTP"
},
{
"InstancePort": "2222",
"InstanceProtocol": "TCP",
"LoadBalancerPort": "2222",
"Protocol": "TCP"
}
],
"SecurityGroups": [
{
"Fn::GetAtt": ["DeisWebELBSecurityGroup", "GroupId"]
}
]
}
},
"DeisWebELBSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Deis Web ELB SecurityGroup",
"SecurityGroupIngress": [
{"IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "CidrIp": "0.0.0.0/0"},
{"IpProtocol": "tcp", "FromPort": "2222", "ToPort": "2222", "CidrIp": "0.0.0.0/0"}
],
"VpcId": { "Ref" : "VPC" }
}
},
"VPCSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable public SSH and intra-VPC communication",
"SecurityGroupIngress" : [
{"IpProtocol": "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : { "Ref" : "SSHFrom" }},
{"IpProtocol": "tcp", "FromPort" : "0", "ToPort" : "65535", "SourceSecurityGroupId" : { "Fn::GetAtt": ["VPCSecurityGroup", "GroupId"] }}
],
"VpcId" : { "Ref" : "VPC" }
}
}
},
"Outputs" : {
"DNSName" : {
"Description" : "DNS Name of the ELB",
"Value" : { "Fn::GetAtt" : ["DeisWebELB", "DNSName"] }
}
}
}
@carmstrong
Copy link
Author

Error is A client error (ValidationError) occurred when calling the CreateStack operation: Circular dependency between resources: [VPCSecurityGroup, CoreOSServerAutoScale, CoreOSServerLaunchConfig].

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment