What steps should be taken to troubleshoot this issue?
(Choose two.)
Confirm from the cfn logs that the cfn-signal command was successfully run on the instance.
Try to re-create the stack with a different IAM user.
Check that the instance has a route to the Internet through a NAT device.
Update the AWS CloudFormation stack service role to have iam:PassRole permission.
Delete the existing stack and attempt to create a new once.
Explanations:
The cfn-signal command must be executed on the EC2 instance to send a signal to CloudFormation indicating that the instance is ready. You should verify from the cfn logs if the command was successfully run.
Re-creating the stack with a different IAM user is not related to the issue. The problem is likely with the EC2 instance or the configuration of the signals, not the IAM user.
If the instance cannot reach the internet or cannot send the signal to the CloudFormation service, it will fail. A NAT device or internet connectivity must be verified to allow outbound communication.
The IAM role permissions related to the CloudFormation stack are not relevant in this case. The problem is more likely with the EC2 instance’s ability to send the signal.
Deleting the stack and creating a new one does not directly address the root cause of the signal issue. The issue is more likely related to the EC2 instance’s configuration.