I'm trying to create an instance to run apache, and everything seems to be working, but the web server is not being started.

It starts up fine manually. If I reboot the instance, it does not automatically start the web server.

My Resources section contains:

"Resources" : {
  "CfnUser" : {
    "Type" : "AWS::IAM::User",
    "Properties" : {
      "Path": "/",
      "Policies": [{
        "PolicyName": "root",
        "PolicyDocument": { "Statement":[{

  "HostKeys" : {
    "Type" : "AWS::IAM::AccessKey",
    "Properties" : {
      "UserName" : {"Ref": "CfnUser"}

  "testInstance" : {
    "Type" : "AWS::EC2::Instance",
    "Metadata" : {
        "Comment1" : "Just testing",
        "AWS::CloudFormation::Init" : {
          "config" : {
              "packages" : {
                  "yum" : {
                      "mysql"        : [],
                      "mysql-server" : [],
                      "mysql-libs"   : [],
                      "httpd24"      : [],
                      "php54"        : [],
                      "php54-common" : [],
                      "php54-mysql"  : [],
                      "php54-pdo"    : [],
                      "php54-xml"    : [],
                      "php54-mcrypt" : [],
                      "php54-gd"     : []

          "services" : {
              "sysvinit" : {
                  "httpd"    : { "enabled" : "true", "ensureRunning" : "true" },
                  "mysqld"   : { "enabled" : "true", "ensureRunning" : "true" }


  "Properties" : {
    "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "64"] },
    "InstanceType"   : { "Ref" : "InstanceType" },
    "SecurityGroups" : [ {"Ref" : "StackWebAccess"} ],
    "KeyName"        : { "Ref" : "KeyName" },

    "UserData"       : { "Fn::Base64" : { "Fn::Join" : ["", [
      "#!/bin/bash -v\n",
      "yum update -y aws-cfn-bootstrap\n",
      "# Install LAMP packages\n",
      "/opt/aws/bin/cfn-init -s ", { "Ref" : "AWS::StackName" }, " -r testInstance ",
      "    --access-key ",  { "Ref" : "HostKeys" },
      "    --secret-key ", {"Fn::GetAtt": ["HostKeys", "SecretAccessKey"]},
      "    --region ", { "Ref" : "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n"
        ] ] } }        

"StackWebAccess" : {
  "Type" : "AWS::EC2::SecurityGroup",
  "Properties" : {
    "GroupDescription" : "Enable SSH access and HTTP access on the inbound port",
    "SecurityGroupIngress" : [ 
        "IpProtocol" : "tcp",
        "FromPort" : "22",
        "ToPort" : "22",
        "CidrIp" : ""
        "IpProtocol" : "tcp",
        "FromPort" : "80",
        "ToPort" : "80",
        "CidrIp" : ""

My cfn-init.log:

2013-01-23 13:55:58,064 [INFO] Running configSets: default
2013-01-23 13:55:58,065 [INFO] Running configSet default
2013-01-23 13:55:58,065 [INFO] Running config config
2013-01-23 13:57:23,097 [INFO] Yum installed [u'php54-common', u'php54-xml', u'php54', u'httpd24', u'php54-gd', u'mysql-server', u'php54-mcrypt', u'mysql-libs', u'php54-mysql', u'php54-pdo', u'mysql']
2013-01-23 13:57:23,102 [INFO] ConfigSets completed

Is there something missing, or should this be starting the services?

  • 3,933
  • 6
  • 26
  • 35
  • Have you checked the logs? /var/log/cfn-init.log – Edwin Jan 23 '13 at 14:23
  • @Edwin: logs seem to indicate everything is OK. I updated the question with logs. – chris Jan 23 '13 at 14:26
  • I don't have experience running Cloud Formation with Linux instances, and I typically use Ubuntu for Linux. I can't come up with anything specific for you. A couple of ideas: create a command in the template that runs services httpd start. This will create a 60 second delay, which you can adjust with "waitAfterCompletion" : "[time in seconds]"... You can also try to tell your services section to restart when php54-gd is installed --> "packages" : { "yum" : ["php", php54-gd"]} – Edwin Jan 23 '13 at 14:58

1 Answers1


Just in case anyone runs across this, the problem was a nesting error - the services {} block needs to be part of the config {} block, not at the same level.

Edit: The working Resources block:

  "Resources" : {

    "CfnUser" : {
      "Type" : "AWS::IAM::User",
      "Properties" : {
        "Path": "/",
        "Policies": [{
          "PolicyName": "root",
          "PolicyDocument": { "Statement":[{

    "HostKeys" : {
      "Type" : "AWS::IAM::AccessKey",
      "Properties" : {
        "UserName" : {"Ref": "CfnUser"}

    "testInstance" : {
      "Type" : "AWS::EC2::Instance",
      "Metadata" : {
        "Comment1" : "Install the default packages",
        "AWS::CloudFormation::Init" : {
          "config" : {
            "packages" : {
              "yum" : {
                "mysql"        : [],
                "mysql-server" : [],
                "mysql-libs"   : [],
                "httpd24"      : [],
                "php54"        : [],
                "php54-common" : [],
                "php54-mysql"  : [],
                "php54-pdo"    : [],
                "php54-xml"    : [],
                "php54-mcrypt" : [],
                "php54-gd"     : []

            "services" : {
              "sysvinit" : {
                "httpd"    : { "enabled" : "true", "ensureRunning" : "true" },
                "mysqld"   : { "enabled" : "true", "ensureRunning" : "true" }
      "Properties" : {
        "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "64"] },
        "InstanceType"   : { "Ref" : "InstanceType" },
        "SecurityGroups" : [ {"Ref" : "StackWebAccess"} ],
        "KeyName"        : { "Ref" : "KeyName" },

        "UserData"       : { "Fn::Base64" : { "Fn::Join" : ["", [
          "#!/bin/bash -v\n",
          "yum update -y aws-cfn-bootstrap\n",
          "# Install LAMP packages\n",
          "/opt/aws/bin/cfn-init -s ", { "Ref" : "AWS::StackName" }, " -r testInstance ",
          "    --access-key ",  { "Ref" : "HostKeys" },
          "    --secret-key ", {"Fn::GetAtt": ["HostKeys", "SecretAccessKey"]},
          "    --region ", { "Ref" : "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n"
            ] ] } }        

    "StackWebAccess" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupDescription" : "Enable SSH access and HTTP access on the inbound port",
        "SecurityGroupIngress" : [ 
            "IpProtocol" : "tcp",
            "FromPort" : "22",
            "ToPort" : "22",
            "CidrIp" : ""
            "IpProtocol" : "tcp",
            "FromPort" : "80",
            "ToPort" : "80",
            "CidrIp" : ""

  • 3,933
  • 6
  • 26
  • 35