AWS CloudFormation 堆栈失败并出现错误 Received 0 SUCCESS signal(s) out of 1

Question

我的 AWS CloudFormation 模板失败并出现以下错误：

收到 0 个成功信号（共 1 个）。无法满足 100% MinSuccessfulInstancesPercent 要求

我认为我的 WaitConditionHandles 设置不正确（或者 EC2 实例可能没有发送），但不知道如何解决这个问题。

一切（ASG、EC2 实例）似乎都在 AWS 中正​​确创建。

我正在使用以下 CloudFormation 模板：

AWSTemplateFormatVersion: "2010-09-09"
Description: "Auto Scaling Group"
Outputs:
  AsgArn: 
    Value: !Ref "AutoScalingGroup"
  AsgMinSize:
    Description: "The minimum size of the Auto Scaling Group"
    Value: !FindInMap [ "HighAvailability", "MinSize", !Ref "HighAvailabilityFlag" ]
Parameters:
  Ami:
    Description: "Base AMI"
    Type: "AWS::EC2::Image::Id"
  EnvironmentName:
    Description: "The environment name"
    Type: "String"
  HighAvailabilityFlag:
    Description: "Flag used to set the minimum and maximum size of the Auto Scaling Group"
    Default: false
    Type: "String"
    AllowedValues: [ "true", "false" ]
  KeyPairName:
    Description: "Name of EC2 key pair for logging in to the instances"
    Type: "String"
  SecurityGroupIds:
    Description: "The IDs of security groups that are permitted access to EC2 instances"
    Type: "String"
  Subnets:
    Description: "Subnets to associate with the ASG"
    Type: "List<AWS::EC2::Subnet::Id>"
  VersionToDeploy:
    Description: "Version to deploy"
    Type: "String"
  VpcId:
    Description: "The ID of the VPC"
    Type: "AWS::EC2::VPC::Id"
Mappings:
  HighAvailability:
    MinSize:
      "false": 1
      "true": 2
    MaxSize:
      "false": 1
      "true": 4
Resources:
  InstanceProfile:
    Properties:
      Path: "/"
      Roles:
        - !Ref "InstanceRole"
    Type: "AWS::IAM::InstanceProfile"
  InstanceRole:
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Action:
              - sts:AssumeRole
            Effect: "Allow"
            Principal:
              Service:
                - ec2.amazonaws.com
        Version: "2012-10-17"
      Path: "/"
    Type: "AWS::IAM::Role"
  Policy:
    Properties:
      PolicyDocument:
        Statement:
          - Action:
              - cloudformation:DescribeStacks
              - ec2:Describe*
            Effect: "Allow"
            Resource: "*"
        Version: "2012-10-17"
      PolicyName: "Service"
      Roles:
        - !Ref "InstanceRole"
    Type: "AWS::IAM::Policy"    
  AutoScalingGroup:
    Properties:
      HealthCheckGracePeriod: 300
      MetricsCollection:
        - Granularity: "1Minute"
      HealthCheckType: "ELB"
      LaunchConfigurationName: !Ref "LaunchConfiguration"
      MaxSize: !FindInMap [ "HighAvailability", "MaxSize", !Ref "HighAvailabilityFlag" ]
      MinSize: !FindInMap [ "HighAvailability", "MinSize", !Ref "HighAvailabilityFlag" ]
      VPCZoneIdentifier: !Ref "Subnets"
    CreationPolicy:
      ResourceSignal:
        Count: !FindInMap [ "HighAvailability", "MinSize", !Ref "HighAvailabilityFlag" ]
        Timeout: "PT5M"
    UpdatePolicy:
      AutoScalingRollingUpdate:
        MinInstancesInService: !FindInMap [ "HighAvailability", "MinSize", !Ref "HighAvailabilityFlag" ]
        PauseTime: "PT5M"
        WaitOnResourceSignals: true
    Type: "AWS::AutoScaling::AutoScalingGroup"
  LaunchConfiguration:
    Properties:
      AssociatePublicIpAddress: true
      IamInstanceProfile: !Ref "InstanceProfile"
      ImageId: !Ref "Ami"
      InstanceType: "t2.micro"
      KeyName: !Ref "KeyPairName"
      SecurityGroups: !Split [ ",", !Join [ ",", [ !Ref "SecurityGroupIds" ] ] ]
      UserData:
        Fn::Base64:
          cfn-init.exe -v -s "AWS::StackName" --region "AWS::Region" 
          cfn-signal.exe -e 0 !Ref "WindowsServerWaitHandle"
    Type: "AWS::AutoScaling::LaunchConfiguration"
  WindowsServerWaitHandle:
    Type: "AWS::CloudFormation::WaitConditionHandle"
  WindowsServerWaitCondition:
    DependsOn: "AutoScalingGroup"
    Properties:
      Handle: !Ref "WindowsServerWaitHandle"
      Timeout: "1800"
      Count: 0
    Type: "AWS::CloudFormation::WaitCondition"

创建 EC2 实例后，我会看到一些日志文件正在生成：

UserdataExecution.log

2017/03/05 05:54:47Z: Userdata execution begins
2017/03/05 05:54:47Z: Zero or more than one <persist> tag was not provided
2017/03/05 05:54:47Z: Unregistering the persist scheduled task
2017/03/05 05:54:50Z: Zero or more than one <runAsLocalSystem> tag was not provided
2017/03/05 05:54:50Z: Zero or more than one <script> tag was not provided
2017/03/05 05:54:50Z: Zero or more than one <powershell> tag was not provided
2017/03/05 05:54:50Z: Zero or more than one <powershellArguments> tag was not provided
2017/03/05 05:54:50Z: Userdata execution done

WindowsIsReadyToConsole.log

2017/03/03 04:46:27Z: Sending "Windows is Ready" message to console is scheduled successfully
2017/03/05 05:54:27Z: Sending windows is ready message started
2017/03/05 05:54:28Z: Opening COM port handle to write to the console
2017/03/05 05:54:30Z: Serial Port in use. Waiting for Serial Port...
2017/03/05 05:54:48Z: Message: Windows is Ready to use
2017/03/05 05:54:48Z: Sending windows is ready message done

Answer 1

TLDR

这是当 EC2 无法向 ASG 发送成功信号时发生的一般错误。发生这种情况的原因有很多，但很可能您使用的任何运行状况检查都没有按预期工作。

使用下面的 userData 应该对运行状况检查进行硬编码，这是开始测试您的应用程序和 Cloud Formation 模板的好方法。

我的问题

我删除了对AWS::CloudFormation::WaitConditionHandle 和AWS::CloudFormation::WaitCondition 的所有引用

我的UserData 脚本存在问题：

• 脚本需要<script>标签才能执行
• 命令的参数不正确
• 变量未正确注入（例如${AWS::StackName}）

结果是：

UserData:
  "Fn::Base64":
    !Sub |
      <script>
        cfn-init.exe -v --stack ${AWS::StackName} --resource AutoScalingGroup --region ${AWS::Region}
        cfn-signal.exe -e 0 --stack ${AWS::StackName} --resource AutoScalingGroup --region ${AWS::Region}
      </script>

Answer 2

您的 IAM 角色的 PolicyDocument 中缺少 - cloudformation:SignalResource 操作。发送信号需要此权限。