Need a VPC error when trying to run the CloudFormation step in Chapter 2

[indrayam]

Book version: 1.3, 2020-02-03

I am getting this error in Chapter 2 when I run the ./deploy-infra.sh step...

The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request. (Service: AmazonEC2; Status Code: 400; Error Code: VPCResourceNotSpecified; Request ID: 5bdea2d7-db4a-42ef-9932-8311faef9cc0; Proxy: null)

Anand

[dvassallo]

Hey Anand — Could it be that you're using an AWS account created before 2013? There's a legacy feature in old accounts where you can run EC2 instances without a VPC, and therefore the AWS account doesn't come with a default VPC automatically configured.

Here's how you can check: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-classic-platform.html

[indrayam]

Thanks @dvassallo

I am pretty sure mine was created before 2013. Or at least, I would not be surprised. Plus, this output seems to suggest that my account does support both EC2-Classic and Amazon VPC..

I do have a non-default VPC already created in the region where I am playing with aws-bootstrap. What I do not know is how to pass the VPC ID in CloudFormation template. Any tips?

[dvassallo]

Yes, you're on a legacy account.

From page 93 onwards, it will work in your account because you'd be creating a VPC explicitly rather than relying on the default one.

If you're already reasonably familiar with AWS, you may want to just read through those early chapters and then get back to the guide from the Load Balancing chapter onwards. Note that the code is tagged by chapter in this repo, so you can pick from any point: https://github.com/good-parts/aws-bootstrap/tags

Alternatively, you can create a brand new AWS account just for the tutorial. It's free and takes only a couple of minutes. The final template will work fine even in your original account, but because of this quirk the initial chapters might be easier to follow using a new AWS account.

[indrayam]

@dvassallo You're awesome!

Btw, for now, I just brute-forced my way by adding the following to Chapter 2's main.yml:

• Manually added my VpcId to SecurityGroup Resource definition
• Manually added SubnetId to my Instance Resource definition

While I was at it, I also added KeyName property to the new Instance so that I could SSH into it as well.

Ah, one more thing. The Vpc did not have DNS Hostnames attribute enabled by default. So had to set that one up manually as well. I did peek into the CloudFormation template in the master branch and noticed that we will be creating a new Vpc with that field enabled.

Anyways, I am going to keep going. I am assuming that as long as I do not delete that Vpc and the Subnet, I should be all set!

[dvassallo]

Wonderful. Note that you don't need Key Pairs anymore to SSH to EC2 instances since the release of EC2 Connect: https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/ — It's a bit more convenient especially when automating infrastructure.