Amazon AWS Grey state - Deleting security group failed

Question

I am new to AWS. After invalid deployment my environment cloudapp went to the Grey state. I have created another environment cloudapp-1and successfully uploaded and deployed my app. Then I swap the URLs to keep the first address still working.

Now when my first env is in the Grey state I am not able to do anything with it. I am not able to deploy, rebuild or even terminate it. I receive errors like this ones below.

Stack deletion failed: The following resource(s) failed to delete: [awseb-xxx-AWSEBSecurityGroup]. 
 2016-07-13 13:23:32 UTC+0200   ERROR   Deleting security group named: awseb-xxx-AWSEBSecurityGroup failed Reason: resource sg-xxxxxxx has a dependent object

I have tried to remove AWSEBSecurityGroup from cloudapp but i cannot because:

Error
Unable to validate settings: Environment named cloudapp is in an invalid state for this operation. Must be Ready.

It looks like kind of deadlock. I cannot delete the env because of a security group and I cannot change that group because the env is not Ready. How to fix it?

Answer 1

First make sure that no other instances than the ElasticBeanstalk EC2 instances belonging to this particular environment is using the sg-xxxxxx security group.

Then you must make sure that you do not have any depending objects of that security group, like the error message vaguely states. Go to EC2 > Security Groups and search by Source/Destination (Group Id) for the sg-xxxxxx group.

This will give you a list of all security groups having rules referencing sg-xxxxxx. Once you've removed the depending rules you can retry your ElasticBeanstalk operation.