Troubleshooting - Linux Bastion Hosts on the AWS Cloud


Q. I encountered a CREATE_FAILED error when I launched the Quick Start. What should I do?

A. If AWS CloudFormation fails to create the stack, we recommend that you relaunch the template with Rollback on failure set to No. (This setting is under Advanced in the AWS CloudFormation console, Options page.) With this setting, the stack’s state will be retained and the instance will be left running, so you can troubleshoot the issue.


When you set Rollback on failure to No, you'll continue to incur AWS charges for this stack. Please make sure to delete the stack when you've finished troubleshooting.

The following table lists specific CREATE_FAILED error messages you might encounter.

Error message Possible cause What to do
API: ec2: RunInstances Not authorized for images: ami-ID The template is referencing an AMI that has expired. We refresh AMIs on a regular basis, but our updates sometimes lag behind AWS AMI changes. If you get this error message, notify us, and we’ll update the template with the new AMI ID.

If you’d like to fix the template yourself, you can download it and update the Mappings section with the latest AMI ID for your region.

We currently do not have sufficient instance-type capacity in the AZ you requested Your resources require a larger or different instance type. Switch to an instance type that supports higher capacity. If a higher-capacity instance type isn’t available, try a different Availability Zone or region. Or you can complete the request form in the AWS Support Center to increase the Amazon EC2 limit for the instance type or region. Limit increases are tied to the region they were requested for.
Instance ID did not stabilize You have exceeded your IOPS for the region. Request a limit increase by completing the request form in the AWS Support Center.
In order to use this AWS Marketplace product you need to accept terms and subscribe. To do so please visit URL. You’ve changed the BastionAMIOS parameter setting to CentOS, but you don’t have a subscription to the CentOS operating system. Subscribe to the CentOS AMI in AWS Marketplace, and then redeploy the Quick Start.

For additional information, see Troubleshooting AWS CloudFormation on the AWS website. If the problem you encounter isn’t covered on that page or in the table, please visit the AWS Support Center. If you’re filing a support ticket, please attach the install.log file from the master instance (this is the log file that is located in the /root/install folder) to the ticket.

Q. I changed the instance type parameter after deployment and updated the stack, but the instance types didn’t change or the Elastic IP addresses weren’t reassociated after the stack update.

A. Terminate your bastion host instances. They will be replaced by Auto Scaling. The new instances will undergo bootstrapping, which configures the security settings and CloudWatch logs, and associates Elastic IP addresses from the pool of IPs created as part of the stack.

Q. I encountered a size limitation error when I deployed the AWS CloudFormation templates.

A. We recommend that you launch the Quick Start templates from the location we’ve provided or from another S3 bucket. If you deploy the templates from a local copy on your computer or from a non-S3 location, you might encounter template size limitations when you create the stack. For more information about AWS CloudFormation limits, see the AWS documentation.