How to Attach Elastic IP to NatGateway via Cloud Formation

Question

I am trying to learn Aws cloud Formation , where I am trying to create VPC as shown in picture. it contains three public subnets, private subnets , natgateway and Internetgateway with public and private Route table.I am trying to achieve it through cloud formation but getting Exception for Elastic IP. I have created template but When I try to create stack on cloud formation I am getting error

"The elastic-ip ID 'xx.xxx.xx.xxx' is malformed (Service: AmazonEC2; Status Code: 400; Error Code: InvalidElasticIpID.Malformed; Request ID: 2e3a9f8c-5a7e-482e-869c-8a0e46a08f27; Proxy: null)"

. I am trying to attach Elastic IP to NatGateway and getting above error. Please Guide me how can I do this.

{

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "ExampleEc2Instance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "InstanceType": "t2.micro",
        "ImageId" : "ami-047a51fa27710816e",
        "AvailabilityZone" : "us-east-1a",
        "SecurityGroupIds" : [{
           "Ref":"ExampleSecurityGroup"
        }],
        "SubnetId" : {
           "Ref":"public2A"
        }
      }
    },"ExampleEc2InstancePrivate": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "InstanceType": "t2.micro",
        "ImageId" : "ami-047a51fa27710816e",
        "AvailabilityZone" : "us-east-1a",
        "SecurityGroupIds" : [{
           "Ref":"ExampleSecurityGroup"
        }],
        "SubnetId" : {
           "Ref":"private2A"
        }
      }
    },
    "public2A":{
      "Type" : "AWS::EC2::Subnet",
      "Properties":{
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.2.0/24",
       "Tags" : [{"Key" : "public2A", "Value" : "public2A"}],
       "VpcId" : {
        "Ref":"ExampleVpcId"
       }
      }
    },"public2B":{
      "Type" : "AWS::EC2::Subnet",
      "Properties":{
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.3.0/24",
       "Tags" : [{"Key" : "public2B", "Value" : "public2B"}],
       "VpcId" : {
        "Ref":"ExampleVpcId"
       }
      }
    },
    "public2C":{
      "Type" : "AWS::EC2::Subnet",
      "Properties":{
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.1.0/24",
       "Tags" : [{"Key" : "public2C", "Value" : "public2C"}],
       "VpcId" : {
        "Ref":"ExampleVpcId"
       }
      }
    },"private2A":{
      "Type" : "AWS::EC2::Subnet",
      "Properties":{
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.5.0/24",
       "Tags" : [{"Key" : "private2A", "Value" : "private2A"}],
       "VpcId" : {
        "Ref":"ExampleVpcId"
       }
      }
    },"private2B":{
      "Type" : "AWS::EC2::Subnet",
      "Properties":{
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.6.0/24",
       "Tags" : [{"Key" : "private2B", "Value" : "private2B"}],
       "VpcId" : {
        "Ref":"ExampleVpcId"
       }
      }
    },
    "private2C":{
      "Type" : "AWS::EC2::Subnet",
      "Properties":{
       "AvailabilityZone" : "us-east-1a",
       "CidrBlock" : "10.0.7.0/24",
       "Tags" : [{"Key" : "private2C", "Value" : "private2C"}],
       "VpcId" : {
        "Ref":"ExampleVpcId"
       }
      }
    },
    "privateRT":{
      "Type" : "AWS::EC2::RouteTable",
      "Properties" : {
          "Tags" : [{"Key" : "privateRT", "Value" : "privateRT"}],
          "VpcId" : {
            "Ref":"ExampleVpcId"
            }
        }
    },
    "publicRT":{
      "Type" : "AWS::EC2::RouteTable",
      "Properties" : {
          "Tags" : [{"Key" : "publicRT", "Value" : "publicRT"}],
          "VpcId" : {
            "Ref":"ExampleVpcId"
            }
        }
    },
    "public2ARouteTableAssociation" : {
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : {
          "SubnetId" : { "Ref" : "public2A" },
          "RouteTableId" : { "Ref" : "publicRT" }
        }   
    },
    "public2BRouteTableAssociation" : {
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : {
          "SubnetId" : { "Ref" : "public2B" },
          "RouteTableId" : { "Ref" : "publicRT" }
        }   
    },
    "public2CRouteTableAssociation" : {
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : {
          "SubnetId" : { "Ref" : "public2C" },
          "RouteTableId" : { "Ref" : "publicRT" }
        }   
    },
    "private2ARouteTableAssociation" : {
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : {
          "SubnetId" : { "Ref" : "private2A" },
          "RouteTableId" : { "Ref" : "privateRT" }
        }   
    },
    "private2BRouteTableAssociation" : {
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : {
          "SubnetId" : { "Ref" : "private2B" },
          "RouteTableId" : { "Ref" : "privateRT" }
        }   
    },
    "private2CRouteTableAssociation" : {
       "Type" : "AWS::EC2::SubnetRouteTableAssociation",
       "Properties" : {
          "SubnetId" : { "Ref" : "private2C" },
          "RouteTableId" : { "Ref" : "privateRT" }
        }   
    },
    "myVpcInternetGateWay":{
        "Type" : "AWS::EC2::InternetGateway",
        "Properties" : {
            "Tags" : [{"Key" : "myVpcInternetGateWay", "Value" : "myVpcInternetGateWay"}]
         }
    },
    "myVpcInternetGateWayRoute":{
        "Type" : "AWS::EC2::Route",
            "Properties" : {
              "DestinationCidrBlock" : "0.0.0.0/0",
              "GatewayId" : {"Ref":"myVpcInternetGateWay"},
              "RouteTableId" : {"Ref":"publicRT"}
            }
    },
    "myVpcInternetGateWayAttachement":{
        "Type" : "AWS::EC2::VPCGatewayAttachment",
        "Properties" : {
            "InternetGatewayId" : {"Ref":"myVpcInternetGateWay"},
            "VpcId" : {"Ref":"ExampleVpcId"}
         }
    },
    "myNatGateWay":{
        "Type" : "AWS::EC2::NatGateway",
        "Properties" : {
             "AllocationId" : {"Ref":"myElasticIP"},
             "SubnetId" :{"Ref":"public2A"},
             "Tags" : [{"Key" : "myNatGateWay", "Value" : "myNatGateWay"}]
        }
    },"myVpcNatGatWayRoute":{
        "Type" : "AWS::EC2::Route",
            "Properties" : {
              "DestinationCidrBlock" : "0.0.0.0/0",
              "GatewayId" : {"Ref":"myNatGateWay"},
              "RouteTableId" : {"Ref":"privateRT"}
            }
    },
    "myElasticIP":{
        "Type" : "AWS::EC2::EIP",
        "Properties" : {
              "Domain" : "VPC",
              "Tags" : [{"Key" : "myElasticIP", "Value" : "myElasticIP"}]
         }
    },
    "ExampleSecurityGroup":{
       "Type":"AWS::EC2::SecurityGroup",
       "Properties" : {
          "GroupDescription" : "Allow http to client host",
          "GroupName" : "templateSecuritygrp",
          "Tags" : [ {"Key" : "securityGroup", "Value" : "cloudformationSecurityGroup"} ],
          "VpcId" :  {
                "Ref":"ExampleVpcId"
            }
        }
    },
    "ExampleSecurityGroupEgress" : {
        "Type":"AWS::EC2::SecurityGroupEgress",
        "Properties":{
                "IpProtocol":"-1",
                "FromPort":"-1",
                "ToPort":"-1",
                "DestinationSecurityGroupId":{
                   "Ref":"ExampleSecurityGroup"
                },
                "GroupId":{
                   "Ref":"ExampleSecurityGroup"
                }
             }
         },
    "ExampleSecurityGroupIngress" :{
         "Type":"AWS::EC2::SecurityGroupIngress",
         "Properties":{
                "IpProtocol":"-1",
                "FromPort":"-1",
                "ToPort":"-1",
                "SourceSecurityGroupId":{
                   "Ref":"ExampleSecurityGroup"
                },
                "GroupId":{
                   "Ref":"ExampleSecurityGroup"
                }
            }
         },
    "ExampleVpcId":{
       "Type":"AWS::EC2::VPC",
       "Properties" : {
          "CidrBlock" : "10.0.0.0/16",
          "EnableDnsSupport" : "false",
          "EnableDnsHostnames" : "false",
          "InstanceTenancy" : "default",
          "Tags" : [ {"Key" : "tmpltVPC", "Value" : "firstVpc"}]
       }
    }
  }
}

}

Hi. I also noticed that you have a lot of questions with answers, yet not a single answer was ever accepted. Accepting helpful answers is not only a good practice, but it also reduces a number of duplicate questions, helps future readers and it removes your questions from [unanswered](https://stackoverflow.com/questions/tagged?tab=Unanswered&tagMode=Watched) list. — Marcin, Feb 10 '21 at 06:48
Sorry I wasnt aware I need to accept the Answer. going forward I will accept the answers. — Jordan, Feb 18 '21 at 03:35
Thanks. This helps. You can check your [history](https://stackoverflow.com/users/9114332/jordan?tab=questions) and review answers, which could potentially be accepted. — Marcin, Feb 18 '21 at 03:36
By the way, how was the answer I provided for this question. You haven't comment whether it works or not, nor was it accepted, thus its not clear if it addresses your issue? — Marcin, Feb 18 '21 at 03:37

Marcin · Accepted Answer · 2021-02-10T06:42:12.687

3

In your myNatGateWay you should use GetAtt to get AllocationId:

    "myNatGateWay":{
        "Type" : "AWS::EC2::NatGateway",
        "Properties" : {
             "AllocationId" : { "Fn::GetAtt" : ["myElasticIP", "AllocationId"]},
             "SubnetId" :{"Ref":"public2A"},
             "Tags" : [{"Key" : "myNatGateWay", "Value" : "myNatGateWay"}]
        }
    }

Also you need DependsOn in EIP:

    "myElasticIP":{
        "Type" : "AWS::EC2::EIP",
        "DependsOn":["myVpcInternetGateWayAttachement"] ,
        "Properties" : {
              "Domain" : "VPC",
              "Tags" : [{"Key" : "myElasticIP", "Value" : "myElasticIP"}]
         }
    }

Finally myVpcNatGatWayRoute should be:

"myVpcNatGatWayRoute":{
        "Type" : "AWS::EC2::Route",
            "Properties" : {
              "DestinationCidrBlock" : "0.0.0.0/0",
              "NatGatewayId" : {"Ref":"myNatGateWay"},
              "RouteTableId" : {"Ref":"privateRT"}
            }
    }

edited Feb 10 '21 at 06:42

answered Feb 10 '21 at 05:43

Marcin

215,873
14
235
294

1

Thank you Marcin. I was not aware of depends on and getAttn function .it worked – Jordan Feb 18 '21 at 03:47
Do you have any good resource where I can find more practice Hands on ? – Jordan Feb 18 '21 at 04:10
@Jordan Sadly, I don't have any single reference to recommend. But AWS docs has good [beginners](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/gettingstarted.templatebasics.html) tutorial. This would be a good start. – Marcin Feb 18 '21 at 04:13

score 1 · Answer 2 · answered Jul 21 '22 at 06:00

1

Try the snippet NatGateway1EIP: Type: AWS::EC2::EIP DependsOn: InternetGatewayAttachment Properties: Domain: vpc NatGateway1: Type: AWS::EC2::NatGateway Properties: AllocationId: !GetAtt NatGateway1EIP.AllocationId SubnetId: !Ref PublicSubnet1

answered Jul 21 '22 at 06:00

Prakash Vegiraju

89
7

How to Attach Elastic IP to NatGateway via Cloud Formation

2 Answers2