Reputation: 338
How to fix : VALIDATION_ERROR: You must also specify a ServiceAccessSecurityGroup Terraform
I am new in terraform . I have a issue which I am facing when I am launching a simple EMR cluster in private subnet
It fails with the below error message :
- aws_emr_cluster.emr-test-cluster: [WARN] Error waiting for EMR Cluster state to be "WAITING" or "RUNNING": TERMINATED_WITH_ERRORS: VALIDATION_ERROR: You must also specify a ServiceAccessSecurityGroup if you use custom security groups when creating a cluster in a private subnet.
I did check the github seems like the fixed it for the issue opened . But I am using the latest version of terraform (0.11.7)
Below are the github links for for the issue reported in Github https://github.com/hashicorp/terraform/issues/9518 https://github.com/hashicorp/terraform/pull/9600
Any suggestions on how to fix this will be really helpful
Thank you
Upvotes: 2
Views: 4421
Answers (2)
Reputation: 2314
As we know that to put emr components in private subnet, you have to following
these security groups
Then in terraform you have to resolve cyclic dependency between security groups from this link and put following configuration as shown below
ec2_attributes {
subnet_id = element(var.subnet_ids, count.index)
key_name = "${var.ssh_key_id}"
emr_managed_master_security_group = aws_security_group.EmrManagedMasterSecurityGroup.id
emr_managed_slave_security_group = aws_security_group.EmrManagedSlaveSecurityGroup.id
service_access_security_group = aws_security_group.ServiceAccessSecurityGroup.id
#additional_master_security_groups = aws_security_group.allow_ssh.id
instance_profile = aws_iam_instance_profile.example_ec2_profile.arn
}
source:- https://github.com/hashicorp/terraform/pull/9600
Upvotes: 0
Reputation: 353
The issue is fixed in Git because it was raised to show an error which is supposed to ask for service_access_security_group while using the emr_managed_master_security_group and emr_managed_slave_security_group.
So, you would require mentioning service_access_security_group parameter in your EMR resource.
Thanks.
Upvotes: 2
Related Questions
- Unable to assume role and validate the specified targetGroupArn
- Terraform failed API authorization
- Not authorized to perform: ecr:GetAuthorizationToken on resource: * because no identity-based policy allows the ecr:GetAuthorizationToken
- Error: Cycle: local.security_groups (expand), aws_security_group.this
- Issue while adding AWS Security Group via Terraform
- Error: "network_interface": conflicts with vpc_security_group_ids
- Error creating CacheSecurityGroup: InvalidParameterValue
- Terraform - AWS - CreateSecurityGroup - parameter GroupName is invalid. Group names may not be in the format sg-*
- Terraform aws error creating IAM Role ecs_task_execution_role: MalformedPolicyDocument: Has prohibited field Resource
- self-reference not allowed in Security Group definition