glennschler/_01-test-stack-failure.md

## _01-test-stack-failure.md

      
    Raw
  

              _01-test-stack-failure.md
            
          
    curl -o a-test-stack-template.yaml https://gist.githubusercontent.com/glennschler/7c6eb8c506c7460929b07a2c97fa6fca/raw/_02-test-stack-template.yaml

Set the temporary bash variable named aws_cred_profile with the aws credentials profile name to be used for the aws cli commands
aws_cred_profile=
aws_region=eu-central-1
test_env=$(aws cloudformation create-stack --region $aws_region --no-cli-pager --profile $aws_cred_profile \
--disable-rollback --stack-name test-$(date +%Y%b%d-%H%M%S) --template-body file://a-test-stack-template.yaml \
| sed -r -e 's/.*:stack\/(.*)\/.*/\1/' | sed '1d' | sed '2d')
echo $test_env

# repeat calls to list-stack-resources until the stack creation is complete
aws cloudformation list-stack-resources --region $aws_region --no-cli-pager --profile $aws_cred_profile --stack-name=$test_env --max-items=3
Try again, with temporary creds recieved from an assumed role
aws sts assume-role --no-cli-pager --profile $aws_cred_profile --role-session-name test --duration-seconds 900


## _02-test-stack-template.yaml
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Test stack'
Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 172.16.0.0/16
      EnableDnsSupport: true
      EnableDnsHostnames: true
      InstanceTenancy: default

  VPCIPv6:
    Type: AWS::EC2::VPCCidrBlock
    Properties:
      AmazonProvidedIpv6CidrBlock: true
      VpcId: !Ref VPC

  Subnet:
    Type: AWS::EC2::Subnet
    DependsOn:
      - VPCIPv6
    Properties:
      CidrBlock: 172.16.254.0/23
      Ipv6CidrBlock: !Select [0, !Cidr [!Select [0, !GetAtt 'VPC.Ipv6CidrBlocks'], 1, 64]]
      MapPublicIpOnLaunch: false
      VpcId: !Ref VPC

## _03-test-stack-aim-profile.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CloudFormationStackActions",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:UpdateStack",
                "cloudformation:DescribeStacks",
                "cloudformation:DescribeStackEvents",
                "cloudformation:ListStackResources"
            ],
            "Resource": [
                "*"
            ]
        },
        {
        {
            "Sid": "TESTINGVPCIPv6Subnet",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateVpc",
                "ec2:CreateSubnet",
                "ec2:AssociateVpcCidrBlock",
                "ec2:AssociateSubnetCidrBlock",
                "ec2:ModifyVpcAttribute",
                "ec2:DescribeVpcAttribute",
                "ec2:DescribeVpcs",
                "ec2:DescribeSubnets"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}
	---
	AWSTemplateFormatVersion: '2010-09-09'
	Description: 'Test stack'
	Resources:
	VPC:
	Type: AWS::EC2::VPC
	Properties:
	CidrBlock: 172.16.0.0/16
	EnableDnsSupport: true
	EnableDnsHostnames: true
	InstanceTenancy: default

	VPCIPv6:
	Type: AWS::EC2::VPCCidrBlock
	Properties:
	AmazonProvidedIpv6CidrBlock: true
	VpcId: !Ref VPC

	Subnet:
	Type: AWS::EC2::Subnet
	DependsOn:
	- VPCIPv6
	Properties:
	CidrBlock: 172.16.254.0/23
	Ipv6CidrBlock: !Select [0, !Cidr [!Select [0, !GetAtt 'VPC.Ipv6CidrBlocks'], 1, 64]]
	MapPublicIpOnLaunch: false
	VpcId: !Ref VPC
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "CloudFormationStackActions",
	"Effect": "Allow",
	"Action": [
	"cloudformation:CreateStack",
	"cloudformation:UpdateStack",
	"cloudformation:DescribeStacks",
	"cloudformation:DescribeStackEvents",
	"cloudformation:ListStackResources"
	],
	"Resource": [
	"*"
	]
	},
	{
	{
	"Sid": "TESTINGVPCIPv6Subnet",
	"Effect": "Allow",
	"Action": [
	"ec2:CreateVpc",
	"ec2:CreateSubnet",
	"ec2:AssociateVpcCidrBlock",
	"ec2:AssociateSubnetCidrBlock",
	"ec2:ModifyVpcAttribute",
	"ec2:DescribeVpcAttribute",
	"ec2:DescribeVpcs",
	"ec2:DescribeSubnets"
	],
	"Resource": [
	"*"
	]
	}
	]
	}