AWS CloudFormation: How to get subnet list from VPC?

amazon-web-services amazon-ec2 subnet amazon-cloudformation amazon-elasticache
James Robert Albert picture James Robert Albert · May 30, 2015 · Viewed 9.1k times · Source

In CloudFormation, I'm creating a VPC, two EC2 instances, and an Elasticache in front of them. In the template, I'm trying to add the elasticache to the vpc. The problem's happening in creating the AWS::Elasticache::SubnetGroup

    "CacheSubnetGroup" : {
      "Type" : "AWS::ElastiCache::SubnetGroup",
      "Properties" : {
        "Description" : "Subnets available for the ElastiCache Cluster",
        "SubnetIds" : [ ... ]
      }
    },

I do not want to ask the user to input the subnet list as suggested here because I'm assuming the user doesn't know what a subnet is. Is there any function similar to { "Fn::GetAtt" : ["myVpc", "SubnetList"] }?

edit After jarmod's response, I'm creating the subnets, vpc, and everything else. But one problem still remains. I can launch the EC2's in the created VPC, but the instances get created and in the middle on initializing the instance shuts down and new instances are spun up. This cycle goes on until I delete the cf stack. Here's the part where I think the problem is originating:

"WebServerGroup" : {
  "Type" : "AWS::AutoScaling::AutoScalingGroup",
  "Properties" : {
    "VPCZoneIdentifier" : [{ "Ref" : "InstanceSubnet1" }, { "Ref" : "InstanceSubnet2" }, { "Ref" : "InstanceSubnet3" }, { "Ref" : "InstanceSubnet4" }],
    "LaunchConfigurationName" : { "Ref" : "LaunchConfig" },
    "MinSize" : "1",
    "MaxSize" : "4",
    ...
  }
}

Answer

bsvingen picture bsvingen · May 30, 2015

There are three typical ways of handling this situation (in my preferred order):

  1. If the subnets will only be used by this stack, create them as part of the stack and use ref.

  2. If the subnets will be used by several stacks, create them in a separate stack, define them as outputs, do a describe-stack on the defining stack to get the values, and then pass them on to this stack as parameters.

  3. If the subnets are created elsewhere (outside of CloudFormation), just pass them in as parameters.

If you really want to use all subnets from a VPC, which I wouldn't recommend in case new ones are created in the future for other purposes, then you can always do describe-subnets and filter on VpcId do get your list.

Related questions

Security Group and Subnet Belongs to different networks

I am creating a basic AWS CloudFormation Template with one VPC, 3 Security Group and 5 EC2 Instances my security group looks something like this - { "WebApplicationServerSG": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "DevVpc" }, "GroupDescription": "Enable HTTP, HTTPS and SSH access", "…

Read More
Permission denied (publickey) when SSH Access to Amazon EC2 instance

I want to use my Amazon ec2 instance but faced the following error: Permission denied (publickey). I have created my key pair and downloaded .pem file. Given: chmod 600 pem file. Then, this command ssh -i /home/kashif/serverkey.pem ubuntu@…

Read More
Trying to SSH into an Amazon Ec2 instance - permission error

This is probably a stupidly simple question to some :) I've created a new linux instance on Amazon EC2, and as part of that downloaded the .pem file to allow me to SSH in. When I tried to ssh with: ssh …

Read More