当使用CloudFormation模板创建EC2实例时，状态检查失败

Question

【以下的问题经过翻译处理】 我使用下面的模板在 **us-east-1** 和 **ap-south-1** 区域创建了一个 CloudFormation Stack。

```
AWSTemplateFormatVersion: "2010-09-09"
Description: 模板用于 Node-aws-ec2-github-actions 教程
Resources:
  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: 例子安全组
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 80
        ToPort: 80
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 443
        ToPort: 443
        CidrIp: 0.0.0.0/0
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0
  EC2Instance: 
    Type: "AWS::EC2::Instance"
    Properties: 
      ImageId: "ami-0d2986f2e8c0f7d01" #Another comment -- This is a Linux AMI
      InstanceType: t2.micro
      KeyName: node-ec2-github-actions-key
      SecurityGroups:
      - Ref: InstanceSecurityGroup
      BlockDeviceMappings:
      - DeviceName: /dev/sda1
        Ebs:
          VolumeSize: 8
          DeleteOnTermination: true
      Tags:
        - Key: Name
          Value: Node-Ec2-Github-Actions

EIP:
      Type: AWS::EC2::EIP
      Properties:
        InstanceId: !Ref EC2Instance
Outputs:
  InstanceId:
    Description: 新创建的 EC2 实例 Id
    Value:
      Ref: EC2Instance
  PublicIP:
    Description: 弹性 IP
    Value:
      Ref: EIP

```

Stack 执行成功并且所有资源都创建了。但不幸的是，一旦 EC2 状态检查被初始化，实例状态检查失败，我就无法使用 SSH 连接到实例。

我尝试过由同一 IAM 用户手动创建实例，效果非常好。

这些是我附加到 IAM 用户的策略。

托管策略：
* AmazonEC2FullAccess
* AWSCloudFormationFullAccess

Inline 策略：
```

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:CreateInstanceProfile",
                "iam:DeleteInstanceProfile",
                "iam:GetRole",
                "iam:GetInstanceProfile",
                "iam:DeleteRolePolicy",
                "iam:RemoveRoleFromInstanceProfile",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:UpdateRole",
                "iam:PutRolePolicy",
                "iam:AddRoleToInstanceProfile"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListAllMyBuckets",
                "s3:CreateBucket",
                "s3:DeleteObject",
                "s3:DeleteBucket"
            ],
            "Resource": "*"
        }
    ]
}

```

Answer

【以下的回答经过翻译处理】 AMI: ami-0d2986f2e8c0f7d01 是适用于ap-south-1的Amazon Linux 2 (HVM)虚拟机。

对于HVM虚拟机，请将xvda指定为根设备。

你应该将BlockDeviceMappings.DeviceName更改为：

```
       BlockDeviceMappings:
       - DeviceName: /dev/xvda
         Ebs:
           VolumeSize: 8
           DeleteOnTermination: true

```

当使用CloudFormation模板创建EC2实例时，状态检查失败

관련 콘텐츠