algo icon indicating copy to clipboard operation
algo copied to clipboard

Published 20 hours ago verified publisher icon trailofbits

Deploy to EC2 fails due to no available instance

Open danqing opened this issue 3 years ago • 3 comments

I chose the Seoul (ap-northeast-2) region of AWS, and when running the cloudformation script I get the following error:

Your requested instance type (t2.micro) is not supported in your requested Availability Zone (ap-northeast-2d). Please retry your request by not specifying an Availability Zone or choosing ap-northeast-2a, ap-northeast-2c.

Looks like somewhere the code is picking an availability zone explicitly. I can't find where that's done, but can we update the code such that an AZ is chosen automatically?

danqing avatar Nov 27 '22 01:11 danqing

Cloudformation automatically assigns the AZ when the subnet is allocated. The stack template defines all the resources created. The last resource requested is the instance, and in some occasional cases, the AZ which was assigned to the subnet does not support that instance type. I researched this issue in the past though never enough to know a good solution. It is the cloudformation stack template that handles everything, so no real 'code' to better evaluate responses. Conditional checking in the template configuration perhaps, or split the template into two to allow some better ansible checks after the subnet returns with the assigned AZ.

https://github.com/trailofbits/algo/blob/651f949ca61b1ad4d9d630d7cc6585c54bd02e7f/roles/cloud-ec2/files/stack.yaml#L59-L67

glennschler avatar Feb 17 '23 19:02 glennschler

Interesting. What I found is that the AZ assignment is quite stubborn — running the script repeatedly usually results in the same AZ being assigned (and thus fail)..

Or maybe an option (not ideal) is to give the user the ability to specify an AZ themselves, so if the first execution fails, at least they can enter a different AZ.

danqing avatar Feb 17 '23 19:02 danqing

You can try to set the AZ in your stack.yaml template to something you think is available. Then run algo to see what happens. If manually editing is successful, then it is worth researching how to find a better AZ before launching the Cloudformation stack, or in the stack template but before creating the Subnet.

  Subnet:
    Type: AWS::EC2::Subnet
    Properties:
      AvailabilityZone: "ap-northeast-2b"
      CidrBlock: 172.16.254.0/23
      MapPublicIpOnLaunch: false
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: !Ref AWS::StackName

glennschler avatar Feb 17 '23 20:02 glennschler