AWS cfn-signal not working in private subnets

I am writing Cloud Formation template for web service instances with auto scaling and elastic load balancer. My plan is to place the ELB in public subnet and instances in private subnets behind the load balancer. My private subnets are fully restricted without any NAT Gateway. SSH Access is also enabled through ELB.

In Cloud Formation script I’ve also written “Creation Policy” to receive signal from EC2 Instance to proceed in the stack with time out value of 15 minutes.

 "CreationPolicy" : {
 "ResourceSignal" : {
 "Timeout" : "PT15M",
 "Count" : "1"
 }
 }

After running the template – I can see EC2 running and “InService” w.r.t ELB. But the instance not able to send signal and after 15 minutes CF stack is being rolled back.

AutoScale_Error

With in the 15 minutes I’ve logged in to the instance and found the below error.

#/opt/aws/bin/cfn-signal -e 0 --stack AutoScale --resource AutoScalingConfiguration --region ap-southeast-2

2017-06-24 07:38:42,261 [DEBUG] Signaling resource AutoScalingConfiguration in stack AutoScale with unique ID i-062ffccab190a6c5a and status SUCCESS
2017-06-24 07:39:42,261 [WARNING] Timeout of 60 seconds breached
2017-06-24 07:39:42,261 [ERROR] Client-side timeout
Traceback (most recent call last):
 File "/usr/lib/python2.7/dist-packages/cfnbootstrap/util.py", line 162, in _retry
 return f(*args, **kwargs)
 File "/usr/lib/python2.7/dist-packages/cfnbootstrap/util.py", line 231, in _timeout
 raise TimeoutError("Execution did not succeed after %s seconds" % duration)
TimeoutError
2017-06-24 07:39:42,261 [DEBUG] Sleeping for 3.912545 seconds before retrying

I have allocated an EIP and associated to the instance and ran the “cfn-signal” command which this time is successful in sending signal. Also tried with “NAT Gateway” attaching to private subnets also successful in sending signal.

So cfn-signal working only over “internet” even though all resources in stack are internal.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s