aws-transit-vpc
aws-transit-vpc copied to clipboard
PaloAltoNetworks
Stack creation time exceeded the specified timeout.
I deployed the Transit VPC Template and then the Subscribing VPC template and they completed successfully. When it Launches the PaGroup Stack it fails with error: "Stack creation time exceeded the specified timeout." Is there a way to increase the timeout for the PaGroup creation?
Are there other errors in the cloud watch logs? Have you accepted the VM-Series EULA by manually launching the firewall in the marketplace?
If you can find the cloud watch logs (you can go in via step functions...makes it easier) then I may be able to assist you with a better answer
There aren't any errors in the cloud watch logs. It looks like this happens if you change the CIDR blocks when deploying the initializeTransitAccount template. There are some default ip address parameters in the paGroupCft template that don't match.
You have to be careful to avoid CIDR conflicts. The solution cannot check for that and will be the end users responsibility to track that you don't use overlapping CIDRs for your VPCs
A new VPC is being created using this template but it is triggering the same faillure as stated above. It has been reviewed whether there is any CIDR conflict but there is none. We need to modify the Stack Timeout. What is the file to be modified?
thanks in advanced
you will have to modify paGroupCft.json and add a timeout parameter. Check AWS cloud formation docs.
I don't think timeout is an issue. I have not encountered a timeout.
Have you accepted the EULA for VM-Series? You will need to dig into the cloud watch logs to see if there are other errors. Make sure your bootstrap files are not corrupted...clone the GitHub repo rather than downloading individual files.
Great. If that solves your issue please update this thread and mark this issue as closed.
thanks
Can we close this due to lack of follow-up? It sounds like accepting the EULA fixed the issue.
