@andreaswittig and @michaelwittig thanks so much for posting your templates - they are excellent. Glad to see them in yaml.

I run your templates unchanged from a master stack template which works well.

However, for your Jenkins templates I get failures on account of EFS not being supported in Sydney. Do you happen to have versions without EFS?

Hi Michael,

I have a custom request very similar to that of Issue #43.

I'm also more than willing to hire you to edit our template for this purpose (for a fair price).

Basically what I need to accomplish is to store the WordPress uploads folder (/wp-content/uploads/) in an S3 bucket, while still using the EFS to store everything else. We would still want to use CloudFront, in conjunction with both the EFS and the S3 bucket.

Your response in #43 about static content most likely being served by the CDN is a good point, but it doesn't help us with the pricing differences between the EFS and S3. Storage costs in the EFS are much more expensive than S3, and this is going to quickly become a problem for our platform as it grows.

I agree that executable code is far better served from the EFS, and this is something I like a lot in your templates. But static content that is uploaded by users can take up a lot of space, and there's no benefit to storing that in the EFS. It's critical that we store our uploads folder content in S3, as otherwise the costs will become prohibitive.

As I am new to CloudFormation, I don't feel comfortable editing the template myself. We're using the WordPress Aurora template currently. Would you be willing to make the necessary changes for a fee?

We can discuss the terms privately over email...

All my best!

~ Michael

Hi guys, first off thanks for creating these templates. Liking them a lot.

I am encountering an issue on the Wordpress CF template that is preventing me from using WP all-in-one migration and also from manually installing themes and plugins.

When I attempt to upload/install a plugin via WP-Admin UI by navigating to Plugins > Add New > Upload Plugin I am greeted by the error "Are you sure you want to do this? Please try again." Not all that helpful of an error message. The same thing happens with themes. The theme and plugin are never uploaded.

The theme and plugin in question are both from OptimizePress.

I would prefer to use WP all-in-one migration since I am moving from an old site but it freezes/times out on Importing Database and the site crashes.

Any help is much appreciated as I am really stuck at the moment.

Sorry didn't know where else to ask this. Feel free to rebuke me.

I have a couple questions regarding the WordPress-HA template, but they may also apply to the VPC templates.

1. For the WordPress template it says edit /root/config.sh to edit plugins/themes. Is this done from the wordpress-ha.json file or from an instance after creation?
2. How can I allow one of my developers to connect directly to the database? I tried to enable their IP address to port 3306 in the DB security group, but they were still denied access.
3. Will changes he makes to the primary database be replicated instantly to the slaves? I only ask because after launching I only saw 1 RDS instance at all.
4. How do I access the logs on the server (php errors/etc.)?

I try to deploy the script to my existing deployment zone (Ireland), but get the error:

AWS::EC2::Subnet SubnetBPrivate Template error: Fn::Select cannot select nonexistent value at index 1

I already have a subnet setup on Ireland, so for testing purposes I deployed the script to the Frankfurt region. Here it had no problems deploying, and worked like a charm, I even deployed the script a second time, to another subnet. And both were setup properly.

For testing purposes i disabled the rollback function:

Trying to use the WordPress template to deploy with 3AZ VPC template. I'm getting all the settings in and configuring everything according to the directions, but when I click create I get the following error:

CREATE_FAILED AWS::S3::Bucket S3Bucket Bucket name must not be formatted as an IP Address

I'm not seeing an option to change the S3 Bucket Name anywhere in the settings. Am I missing something there or do I need to modify the json file to change that?

PS.
Thanks for your help and rapid response.

My subnets has this names:

Private Subnet - C / Private Subnet - D and Public Subnet - A / Public Subnet - B

Made changes on code to support then

Fn::ImportValue': !Sub '${ParentVPCStack}-Private Subnet - C'
- 'Fn::ImportValue': !Sub '${ParentVPCStack}-Private Subnet - D'
- - 'Fn::ImportValue': !Sub '${ParentVPCStack}-Public Subnet - A'
- 'Fn::ImportValue': !Sub '${ParentVPCStack}-Public Subnet - B'

When execute stack occurs this error

No export named -Private Subnet - C found. Rollback requested by user.

Hi,

The new solution for wordpress-ha (non immutable with EFS) is very cool.
however it omits using S3 for user uploads / handing over static object serving to S3.

I ask to add S3 to this template (port from older blog), for two things:

1. Relieve Apache/EFS from serving static content, handover static objects to S3 -> configure cloudfront to point to S3 for static content.
2. one major concern is allowing users to upload files, serving them without 1st scanning them. this can be incoporated with your Lambda function for scan triggered by Put object.

Thanks,
Lior

I've used ASG for singletons before, too, but we've had EC2 Auto Recovery for a while and should use that instead.

Hi,

First of all thanks for providing these templates.

At template line 23 seems that RedirectDomainName is optional. However, when running AWS command line we get:

An error occurred (ValidationError) when calling the CreateStack operation: Parameters: [RedirectDomainName, ExistingCertificate] must have values

Also, I am providing CertificateType=CreateAcmCertificate and I think this shall make ExistingCertificate not necessary.

I could run it by passing RedirectDomainName='' and ExistingCertificate=''.

Is this expected behavior?

Creating an environment with all templates:

In Bastion template this error occurs

CREATE_FAILED | AWS::AutoScaling::AutoScalingGroup

The following resource(s) failed to create: [AutoScalingGroup]. . Rollback requested by user.

Thanks

Thanks for putting this together.

Using the wordpress template as per documentation.
I am getting the following error when I try to access the cloudfront endpoint:

ERROR

The request could not be satisfied.

CloudFront wasn't able to connect to the origin.
Generated by cloudfront (CloudFront)

The load balancer endpoint does not seem to load any of the css and photos:
https://wordpress-loadbala-wfc5mq2yz8we-82036775.us-west-2.elb.amazonaws.com

After using the 2az template, and then the WordPress template, as described here (https://github.com/widdix/aws-cf-templates/tree/master/wordpress) i get the following error from my endpoint:

As I have experienced problems on my other account (as mentioned in #37 and #36), this has been setup on another account.

A2Z launch:

Wordpress launch:

The endpoint, as obtained from the Output tab:
https://d1rv0uqa4nxmuh.cloudfront.net

Hi Andreas,

I'm having great difficulty reaching any of the WordPress instances from the Bastion Host. As you know I am using the new WordPress Aurora template.

I currently have both the default ec2-user access setup as well as private IAM based access (as you recommend). I'm able to login successfully via SSH to the Bastion Host using either the ec2-user or my IAM key. The problem occurs when I attempt to jump to the WordPress instances.

I'm using the correct commands and am making sure that forwarding of the authentication agent is enabled (I've enabled this in Putty, and also with the command itself).

I'm using this command to jump to the other instances: ssh -A user@private-ip-address

Whether I login to the Bastion Host as the ec2-user, or using my IAM user, I get the same error each time when jumping to the other instance:

"Permission denied (publickey)."

I'd greatly appreciate any help you can offer in troubleshooting this!

All my best,

~ Michael

I am getting the following failure when using your stock templates (vpc-2azs.yaml and wordpress-ha.yaml).

I was able to run the vpc-2azs.yaml with no issues. When running the wordpress-ha.yaml I got the following errors:

12:02:31 UTC-0400	CREATE_FAILED	AWS::AutoScaling::AutoScalingGroup	AutoScalingGroup	Received 1 FAILURE signal(s) out of 1. Unable to satisfy 100% MinSuccessfulInstancesPercent requirement

Here is my parameters list:

First, thanks for sharing the templates!

I am trying to maintain a wordpress installation using your template, and I am wondering how I should go about keeping plugins and themes updated?

The instructions mentions this limitation, and although it was straightforward to add plugins and themes during setup, I am not sure how to sustain such a stack. Is the template in its current form simply experimental?

PR: #72

Expected Behavior

• Providing LoadBalancerHostPattern and/or LoadBalancerPath when launching the service-cluster-alb.yaml stack will result in the correct combination of these patterns on both HTTP and HTTPS listeners.

Actual Behavior

• Using https:// the host pattern wasn't routing to the correct target group.
• The HTTPS listener rule does not take LoadBalancerHostPattern into account

Proposed Fix

• The HTTPS listener should use the same Conditions property as the HTTP listener rule, it is more robust to handle all combinations of LoadBalancerHostPattern*and/or*LoadBalancerPath`:

Current

  # ecs/service-cluster-alb.yaml:123-164

  LoadBalancerHttpListenerRule:
    Type: 'AWS::ElasticLoadBalancingV2::ListenerRule'
    Properties:
      Actions:
      - Type: forward
        TargetGroupArn: !Ref LoadBalancerTargetGroup
      Conditions: !If
      - HasLoadBalancerPath
      - !If
        - HasLoadBalancerHostPattern
        - - Field: host-header
            Values:
            - !Ref LoadBalancerHostPattern
          - Field: path-pattern
            Values:
            - !Sub '/${LoadBalancerPath}/*'
        - - Field: path-pattern
            Values:
            - !Sub '/${LoadBalancerPath}/*'
      - !If
        - HasLoadBalancerHostPattern
        - - Field: host-header
            Values:
            - !Ref LoadBalancerHostPattern
        - [] # neither LoadBalancerHostPattern nor LoadBalancerPath specified
      ListenerArn:
        'Fn::ImportValue': !Sub '${ParentClusterStack}-HttpListener'
      Priority: !Ref LoadBalancerPriority

  LoadBalancerHttpsListenerRule:
    Condition: HasLoadBalancerHttps
    Type: 'AWS::ElasticLoadBalancingV2::ListenerRule'
    Properties:
      Actions:
      - Type: forward
        TargetGroupArn: !Ref LoadBalancerTargetGroup
      Conditions:
      - Field: path-pattern
        Values:
        - !Sub '/${LoadBalancerPath}/*'
      ListenerArn:
        'Fn::ImportValue': !Sub '${ParentClusterStack}-HttpsListener'
      Priority: !Ref LoadBalancerPriority

Proposed

  LoadBalancerHttpListenerRule:
    Type: 'AWS::ElasticLoadBalancingV2::ListenerRule'
    Properties:
      Actions:
      - Type: forward
        TargetGroupArn: !Ref LoadBalancerTargetGroup
      Conditions: !If
      - HasLoadBalancerPath
      - !If
        - HasLoadBalancerHostPattern
        - - Field: host-header
            Values:
            - !Ref LoadBalancerHostPattern
          - Field: path-pattern
            Values:
            - !Sub '/${LoadBalancerPath}/*'
        - - Field: path-pattern
            Values:
            - !Sub '/${LoadBalancerPath}/*'
      - !If
        - HasLoadBalancerHostPattern
        - - Field: host-header
            Values:
            - !Ref LoadBalancerHostPattern
        - [] # neither LoadBalancerHostPattern nor LoadBalancerPath specified
      ListenerArn:
        'Fn::ImportValue': !Sub '${ParentClusterStack}-HttpListener'
      Priority: !Ref LoadBalancerPriority
  LoadBalancerHttpsListenerRule:
    Condition: HasLoadBalancerHttps
    Type: 'AWS::ElasticLoadBalancingV2::ListenerRule'
    Properties:
      Actions:
      - Type: forward
        TargetGroupArn: !Ref LoadBalancerTargetGroup
      Conditions: !If
      - HasLoadBalancerPath
      - !If
        - HasLoadBalancerHostPattern
        - - Field: host-header
            Values:
            - !Ref LoadBalancerHostPattern
          - Field: path-pattern
            Values:
            - !Sub '/${LoadBalancerPath}/*'
        - - Field: path-pattern
            Values:
            - !Sub '/${LoadBalancerPath}/*'
      - !If
        - HasLoadBalancerHostPattern
        - - Field: host-header
            Values:
            - !Ref LoadBalancerHostPattern
        - [] # neither LoadBalancerHostPattern nor LoadBalancerPath specified
      ListenerArn:
        'Fn::ImportValue': !Sub '${ParentClusterStack}-HttpsListener'
      Priority: !Ref LoadBalancerPriority

We should have a new templat that defined a SNS topic.
All existing templates should have this stack as a parent to send CloudWatch Alarms to in case of something is wrong.

Would a Drupal8 installation work on the 'WordPress Templates for AWS CloudFormation' ??

https://github.com/widdix/aws-cf-templates/blob/master/ecs/service-dedicated-alb.yaml#L347
I believe in ecs/service-dedicated-alb.yaml scaledown policy step adjustment should be MetricIntervalUpperBound.

Had a problem creating a stack with the vpc-4azs template. The first error I received was "Template error: Fn::Select cannot select nonexistent value at index 3" on the "SubnetDPrivate" Logical ID. From there it kind of went downhill. I managed to create a 2 zone vpc using your template and used the exact same parameter values for both. I have attached a zip contaning a csv with the full output of the Events tab in the console.

Any help would be appreciated.

vpc-4azs-error.zip

Template available in branch https://github.com/widdix/aws-cf-templates/blob/vpc-endpoint-dynamodb/vpc/vpc-endpoint-dynamodb.yaml
Waits for general availability of DynamoDB endpoints

Hi,

This is a feature request, and not a bug ;-).

I would be nice if the Wordpress template had support for multiple databases. Or simply different templates I guess. I would like to use it with Aurora instead of MySQL.

Thanks a lot for sharing these templates!

Thanks.

Paul

Hi Andreas,

I'm posting this in a separate issue since you said it was no longer related to my original post.

Now that you have helped me to gain direct access to the EFS, I have found that I am unable to change or delete any files there (which is obviously the entire point). I'm using WinSCP with an SSH tunnel direct to the EFS on one of the WordPress instances. I'm also using the sFTP protocol because the SCP protocol does not support deleting items.

Whenever I try to either delete a file or overwrite a file I receive the following error message:

Permission denied.
Error code: 3
Error message from server: Permission denied

I noticed that all the files are owned by Apache, and perhaps this is the source of the problem? Assuming I am right, do you know how to work around this?

I hope you can help, as without being able to change files on the EFS my project cannot proceed.

All my best,

~ Michael

We only have one routing table that is shared by all subnets. I f we want to have HA NAt Gateway/Instance we need a route table per subnet so that we can add one NAT instance/Gateway per subnet as well.

We should add IPv6 support

PR #182

This will touch:

• AWS::EC2::VPCCidrBlock
• AWS::EC2::SubnetCidrBlock
• AWS::EC2::SecurityGroupIngress
• AWS::EC2::Instance
• AWS::ElasticLoadBalancingV2::LoadBalancer
• AWS::EC2::Subnet
• EC2 NetworkInterface Embedded Property Type
• AWS::EC2::VPC
• AWS::EC2::Route
• CloudFront DistributionConfig
• Amazon Elastic Compute Cloud SpotFleet
• AWS::S3::Bucket
• AWS::CloudFront::Distribution
• AWS::EC2::EgressOnlyInternetGateway
• AWS::EC2::NetworkInterface
• AWS::EC2::NetworkAclEntry
• EC2 Security Group Rule
• AWS::EC2::SecurityGroupEgress
• EC2 NetworkInterface Ipv6Addresses
• AWS::ServiceDiscovery::Instance

Hey Guys,
Great work on the template. I'm using the wordpress template & looking to allow HTTP through CloudFront & the ELB.

I've changed the origin on CloudFront to "Match Viewer" & changed all the behaviors to HTTP & HTTPS.

On the ELB - I added a listener on Port 80.

However - once all those changes distribute - I get a CloudFront error.

Any ideas what I'm missing?
-Darren

Ive completed the install as per the steps on
http://templates.cloudonaut.io/en/stable/wordpress/

However once it runs it doesn't complete instead I get the following in the log

Stack name:
wordpress-ha
Stack ID:
arn:aws:cloudformation:us-west-2:303563467503:stack/wordpress-ha/024ce810-4a
da-11e7-89a9-503ac9841a99
Status:
ROLLBACK_COMPLETE
03:03:20 UTC+1000 ROLLBACK_COMPLETE AWS::CloudFormation::Stack
wordpress-ha
03:03:09 UTC+1000 ROLLBACK_IN_PROGRESS
AWS::CloudFormation::Stack wordpress-ha No export named
-SubnetBPublic found. Rollback requested by user.
03:03:06 UTC+1000 CREATE_IN_PROGRESS AWS::CloudFormation::Stack
wordpress-ha User Initiated

So seems to be failing I don't get any ec2 instances made or anything,

Thanks

Hi Michael & Andreas,

I've been having a consistent issue here when attempting to run plugin updates from within the WordPress admin. This problem has been present from the very first day I setup the CF stack. I'm using the WordPress Aurora CF template.

What is happening is that larger plugins are unable to complete their updates, and produce this error directly in the WordPress admin:

Update Failed: ERROR: The request could not be satisfied ERROR The request could not be satisfied. CloudFront attempted to establish a connection with the origin, but either the attempt failed or the origin closed the connection. Generated by cloudfront (CloudFront) Request ID: AHqgd8KK0806Bt6DLtYiDLpKcJR00lq9zaUJnTJumKKY8IouheLxyQ==

In some cases this results in the plugins being corrupted, and at other times they do fully update despite this error being displayed. I've also had a number of instances where the website became completely unavailable for a few minutes and was stuck in maintenance mode (the maintenance mode created by WordPress in the back-end when running plugin updates). Luckily in those instances the website became available again after a few minutes.

There seems to be some kind of time-out occurring here with respect to plugin updates. I am concerned about this since it can result in corrupted plugins, or worse making the entire website unavailable.

I'd welcome your insights into the cause of this...

~ Michael

What is the preferred way of modifying the $PATH variable for the Jenkins user in the CloudFormation template?

I have setup a Jenkins environment based on the jenkins2-ha.json template. Now, I have added asciidoctor
by configuring the install part of the template:

"rubygems" : {
  "asciidoctor" : []
},

When I login to the instance I can verify that it has been installed:

$ asciidoctor --version
Asciidoctor 1.5.4 [http://asciidoctor.org]
Runtime Environment (ruby 2.0.0p648 (2015-12-16) [x86_64-linux]) (lc:UTF-8 fs:UTF-8 in:- ex:UTF-8)

However when I try to execute a bash command from Jenkins I find that

Running shell script
+ asciidoctor --version
[...]: asciidoctor: command not found

Some more investigation revealed that the asciidoctor has been installed to /usr/local/bin/asciidoctor, but the $PATH used by Jenkins is /sbin:/usr/sbin:/bin:/usr/bin. Consequently, what is the preferred way of adding /usr/local/bin/ to Jenkins' $PATH in the CloudFormation template?

Hello,

Using a fresh install of the wordpress-ha template under the vpc-4azs parent stack, I occasionally have problems with plugins and other media taking long enough to upload that they timeout in the default 30 seconds set by CloudFront's OriginReadTimeout property.

The plugin still installs, but the front end shows the timeout error, thus confusing the various non-technical individuals I work with who handle WP implementation. I tried manually changing the OriginReadTimeout from 30 to 60 (the maximum CF says it allows) in the CloudFront manager UI, but this then causes CF to blanket the whole site with a "ERROR The request could not be satisfied. CloudFront wasn't able to connect to the origin." response.

So, I made several test stacks while changing the CNAME for the subdomain to the loadbalancer instead of CF (in a panic), as changing the setting back to the default 30 seconds did not cause the CF error to go away. I was able to reproduce the error in fresh test stacks, just by running the template and changing only that one parameter, the whole site blew up and was irreversible.

I referenced this:
http://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CustomOriginConfig.html

And tried modifying the wordpress-ha.yaml file to use OriginReadTimeout: 60 under CustomOriginConfig. CloudFormation returns "Encountered unsupported property OriginReadTimeout" when I try to do this.

I can obviously instruct my coworkers to just ignore the upload timeout error, and have everyone swear not to touch the CF settings, but I was wondering if perhaps you might have some insight anyway. At this point I'll have to build a new stack for production and restore from backups because of the error, which isn't horrible... but if I could avoid it, that would be awesome too.

Thanks so much, love the stack!

Did you purposefully make the user/pass for the master database "wordpress" ?

Hello,

First of all thanks for this complete cloudformation template!

That's the first time I try Cloudformation for what I call "an advanced stack" (for me at least).

I have setup the vpc-2azs.json template before this one and I'm using it's output during configuration step.

I've made some debug and I'm pretty sure that the guilty lines are:

"curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar \n",
"php wp-cli.phar core install --url=\"", {"Fn::GetAtt": ["LoadBalancer", "DNSName"]}, "\" --title=\"", {"Ref": "BlogTitle"}, "\" --admin_user=\"", {"Ref": "BlogAdminUsername"}, "\" --admin_password=\"", {"Ref": "BlogAdminPassword"}, "\" --admin_email=\"", {"Ref": "BlogAdminEMail"}, "\" --skip-email \n",
"php wp-cli.phar plugin install --activate amazon-web-services \n",
"php wp-cli.phar plugin install --activate amazon-s3-and-cloudfront \n"

But I can't manage to get an error output from EC2 instances before they terminate...

Can someone help me on this?

Create a new config and make sure that this runs at first (this will help us to get logs if something breaks during cfn-init).

Thanks for your sample templates.

Would be awesome if you have some S3 CF templates with Lambda & SNS events.

I have a problem with installing some npm packages due the Docker storage driver. With the overlay driver it works. I had similar problems in the past with devicemapper. The docker info output is:

Server Version: 1.11.2
Storage Driver: devicemapper
 Udev Sync Supported: true
 Deferred Removal Enabled: false
 Deferred Deletion Enabled: false
 Deferred Deleted Device Count: 0
 Data loop file: /var/lib/docker/devicemapper/devicemapper/data
 WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
 Metadata loop file: /var/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.93-RHEL7 (2015-01-28)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: host bridge null
Kernel Version: 4.4.19-29.55.amzn1.x86_64
Operating System: Amazon Linux AMI 2016.09
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 995.4 MiB

The good thing is, we have kernel 4.4.19, so we have only to install linux-image-extra-[kernel version] and linux-image-extra-virtual and then we should have support for storage driver aufs and overlay. I've described the update for Ubuntu in this blog post.

I'm not sure how to activate it for Amazon AMI Linux, maybe via EPEL (Extra Packages for Enterprise Linux)? Any ideas @michaelwittig ?

If this is solved, we should update Docker too. ;-) Then we can use overlay2.

command f_install_plugins only installs the first plugin. There is no real documentation on how to install multiple plugins, but the working method is the following:

java -jar jenkins-cli.jar ... install-plugin plugin-short-name-1 plugin-short-name-2 ...

see here.

so the do...while statement is not effective. I'm rusty with my bash scripting, so the best solution I can come up with is the following:

'f_install_plugins':
  command: java -jar /var/cache/jenkins/war/WEB-INF/jenkins-cli.jar -s "http://localhost:8080/" -noKeyAuth install-plug
in $(echo $(cat /root/plugins.txt)) --username admin --password "$(cat /var/lib/jenkins/secrets/initialAdminPassword)"
  test: '[ ! -f /var/lib/jenkins/setup_done.txt ]'

Bastion with user SSH keys from IAM fails with user names in the form of...
[email protected]

gives an error for useradd as:

useradd: invalid user name some.person.at.mydomain.com

The remote agents are not able to checkout a private repository due the The authenticity of host 'github.com (192.30.253.113)' can't be established. issue. It looks like the SSH auth socket is not available on the agents? I'm not sure if it is a plugin/Jenkins or Cloudformation template error.

Jul 14, 2017 2:03:35 PM hudson.remoting.jnlp.Main createEngine
INFO: Setting up slave: i-082a9591d11611b0c
Jul 14, 2017 2:03:35 PM hudson.remoting.jnlp.Main$CuiListener <init>
INFO: Jenkins agent is running in headless mode.
Jul 14, 2017 2:03:35 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Locating server among [http://10.10.41.120:8080/]
Jul 14, 2017 2:03:36 PM org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver resolve
INFO: Remoting server accepts the following protocols: [JNLP4-connect, JNLP-connect, Ping, JNLP2-connect]
Jul 14, 2017 2:03:36 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Agent discovery successful
Agent address: 10.10.41.120
Agent port: 49817
Identity: 47:bf:39:7c:90:a3:9a:73:7b:8f:f9:b5:07:8c:b5:42
Jul 14, 2017 2:03:36 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Handshaking
Jul 14, 2017 2:03:36 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Connecting to 10.10.41.120:49817
Jul 14, 2017 2:03:36 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Trying protocol: JNLP4-connect
Jul 14, 2017 2:03:36 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Remote identity confirmed: 47:bf:39:7c:90:a3:9a:73:7b:8f:f9:b5:07:8c:b5:42
Jul 14, 2017 2:03:36 PM hudson.remoting.jnlp.Main$CuiListener status
INFO: Connected
The authenticity of host 'github.com (192.30.253.113)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.

Apparently us-east-1b isn't a valid AZ for creating subnets in my account.

CREATE_FAILED	AWS::EC2::Subnet	SubnetBPrivate	Value (us-east-1b) for parameter availabilityZone is invalid. Subnets can currently only be created in the following availability zones: us-east-1d, us-east-1e, us-east-1a, us-east-1c.

After an initial successful configuration using the jenkins2-ha.json template, a Jenkins project has suddenly stopped working. The problem is that Jenkins fails to checkout the code from CodeCommit (see details in the copy from Jenkins' Console Output below). After some googling, I found this Jenkins issue which is similar to my experience. In the comments there is a link to Why you should not use Network File System (NFS) with Git or SVN. Based on this information, I chose to clone the failing project (using "New Item" -> "Copy from", enter the name of my existing project in Jenkins). When I chose "Build Now" the new project checks out the files from Jenkins and builds the project without any problem, whereas the original project still fails due to the problems stated earlier. No changes was done to the Jenkins environment or Git credentials.

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sample_repo # timeout=10
Fetching upstream changes from https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sample_repo
 > git --version # timeout=10
 > git -c core.askpass=true fetch --tags --progress https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sample_repo +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sample_repo
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:799)
    at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1055)
    at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1086)
    at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
    at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:108)
    at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:57)
    at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:207)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:410)
Caused by: hudson.plugins.git.GitException: Command "git -c core.askpass=true fetch --tags --progress https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sample_repo +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: Reference directory conflict: refs/remotes/origin/

    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1740)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1476)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:63)
    at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:314)
    at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
    ... 8 more
ERROR: null
Finished: FAILURE

Received this error message when attempting to upload "VPC with private and public subnets in two Availability Zones" template to AWS...

When running the latest version of jenkins2-ha.yaml, the CF creation is failing at the MasterASG step:

"Received 1 FAILURE signal(s) out of 1. Unable to satisfy 100% MinSuccessfulInstancesPercent requirement"

Here's the details:

1. Resources are being created in Oregon West. I have another instance of VPC+Jenkins2-ha created in US East.
2. Successfully created VPC using vpc2-az.yaml. Default parameters except for name.
3. Parameters for jenkins formation are default except for following:
   • Formation name
   • Reference to VPC (using VPC name)
   • Jenkins password

Hello guys, don't find anything about this, why there is JSON version of templates? This could be useful to work on it via AWS editor.

Thanks you,

Tom

I have setup a Jenkins environment based on the jenkins2-ha.json template. Is it possible to configure Jenkins to delegate authentication to AWS? In other words, I would like to setup Jenkins so that a user can use the same username and password as he or she uses when logging in to the AWS Console.

At the moment we hardcode use SubnetA and SubnetB. The new Fn::Split function let's us use the exported comma separated list of subnets again.

Thank you for your template!

I read both posts about Wordpress on AWS and on the first approach you mentioned it could cost approximately 75$/month.
How do the costs of the second approach compare with the first approach?

Thanks!

Part of the operations collection

What do you think about the following SSH Bastion security improvements?

1. choose a SSH Port (is there a problem with other templates?)
2. enable SSH Port Knocking
3. deny IP for 3h if >= 3 wrong login attempts

Hello,

I have used the VPC-2azs CF Template to create my VPC and then I've launched inside of it my Opsworks Stack with my sites. I actually cloned my current stack so the new one runs inside the VPC.

The problem is that I'm not being able to access my sites. I'm using an ELB I added to my Stack. When trying to access the site's URL it keeps loading but nothing happens.

I've launched the stack in the Public subnets A and B. Do I need any additional configuration in order to have my sites accessible through the web?

I have a PHP/MySQL application. The MySQL is running on RDS.

It seems something is being blocked. Any idea what might that be?

Thank you in advance.

Best regards,
Walter