Reputation: 13593
Unable to change the security group of a network interface
I want to delete a security group, sg-d578d9ab, in my AWS account.
I got the following message when trying to delete it.
These security groups are associated with one or more network interfaces. Delete the network interfaces, or associate them with different security groups. View your network interfaces.
In order to solve the problem, I opened the Network Interfaces page to see which network interface is using sg-d578d9ab.
It turns out there's 1 network interface that's using the security group.
Then I use Change Security Groups option to dissociate the security group from the network interface.
Then I got a message saying
You do not have permission to access the specified resource.
Why can't I change the security group of the network interface?
My AWS account has AdministratorAccess permission.
The Attachment owner and Owner ID properties of the network interface are amazon-rds. This seems to be the reason I can't change its security group.
Does this mean that the network interface is created when someone else sets up an AWS RDS?
Upvotes: 15
Views: 21371
Answers (3)
Reputation: 46
As mentioned in some of the other answers, it is quite common to have this problem because the Security Group is blocking the Network interface from been changed.
In my case, I had to remove the SG from a load balancer first, so its interface would be allowed to be changed or delete.
From AWS Documentation:
If you try to detach a network interface that is attached to a resource from another service, such as an Elastic Load Balancing load balancer, a Lambda function, a WorkSpace, or a NAT gateway, you get an error that you do not have permission to access the resource. To find which service created the resource attached to a network interface, check the description of the network interface. If you delete the resource, then its network interface is deleted.
Upvotes: 1
Reputation: 1331
Saw the same error, but from a VPC endpoint. After dissociating the VPC endpoint from the security group, I was able to delete the security group.
Upvotes: 2
Reputation: 13593
The security group, sg-d578d9ab, is used by one of my RDS instances.
After dissociating the RDS instance and the security group. I'm able to delete the security group.
Upvotes: 12
Related Questions
- How to set "Name" of security group (AWS EC2)
- Change AWS ECS service's security groups
- How to change security group for existing amazon EC2 ubuntu
- AWS security groups not working as expected
- AWS - Changing Security Group Rules
- AWS: Configuring Security Groups using hostname
- Security group allowing traffic from itself
- Remove EC2 default security group
- AWS Port in Security Group but Can't Connect
- AWS Security Group Not Permitting Inbound Traffic