Reputation: 337
Terraform shows `InvalidGroup.NotFound` while creating an EC2 instance
I am trying to deploy EC2 instances using Terrafom and I can see the following error:
Error: Error launching source instance: InvalidGroup.NotFound: The security group 'prod-web-servers-sg' does not exist in VPC 'vpc-db3a3cb3'
Here is the Terraform template I'm using:
resource "aws_default_vpc" "default" {
}
resource "aws_security_group" "prod-web-servers-sg" {
name = "prod-web-servers-sg"
description = "security group for production grade web servers"
vpc_id = "${aws_default_vpc.default.id}"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
#Subnet
resource "aws_subnet" "private_subnet" {
vpc_id = "${aws_default_vpc.default.id}"
cidr_block = "172.31.0.0/24"
availability_zone = "ap-south-1a"
}
resource "aws_instance" "prod-web-server" {
ami = "ami-04b1ddd35fd71475a"
count = 2
key_name = "test_key"
instance_type = "r5.large"
security_groups = ["prod-web-servers-sg"]
subnet_id = "${aws_subnet.private_subnet.id}"
}
Upvotes: 5
Views: 6270
Answers (2)
Reputation: 1
Error:-- creating EC2 Instance: InvalidGroup.NotFound: The security group 'terraform-20240912034551254600000001' does not exist in VPC 'vpc-0315c4545621e2bd
Note:- Change the [aws_security_group.production_sg.name] to [aws_security_group.production_sg.id] in the code. It will works for me.
security_groups = [aws_security_group.production_sg.id]
Upvotes: 0
Reputation: 56997
You have a race condition there because Terraform doesn't know to wait until the security group is created before creating the instance.
To fix this you should interpolate the aws_security_group.prod-web-servers-sg.id into aws_instance.prod-web-server resource so that it can work out the dependency chain between the resources. You should also use vpc_security_group_ids instead of security_groups as mentioned in the aws_instance resource documentation:
security_groups - (Optional, EC2-Classic and default VPC only) A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.
NOTE: If you are creating Instances in a VPC, use vpc_security_group_ids instead.
So you should have something like the following:
resource "aws_default_vpc" "default" {}
resource "aws_security_group" "prod-web-servers-sg" {
name = "prod-web-servers-sg"
description = "security group for production grade web servers"
vpc_id = aws_default_vpc.default.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
#Subnet
resource "aws_subnet" "private_subnet" {
vpc_id = aws_default_vpc.default.id
cidr_block = "172.31.0.0/24"
availability_zone = "ap-south-1a"
}
resource "aws_instance" "prod-web-server" {
ami = "ami-04b1ddd35fd71475a"
count = 2
key_name = "test_key"
instance_type = "r5.large"
vpc_security_group_ids = [aws_security_group.prod-web-servers-sg.id]
subnet_id = aws_subnet.private_subnet.id
}
Upvotes: 13
Related Questions
- Error: creating EC2 Instance: InvalidAMIID.Malformed: Invalid id
- failed to create ec2 instance using terraform if set security group
- no matching EC2 Security Group found
- Terraform trying to re-create "default" `aws_security_group`
- Can't start a self managed node group through Terraform
- Security group created by Terraform has no rules
- Terraform to create ec2 instance error even though instance is created
- Issue while adding AWS Security Group via Terraform
- Terraform - AWS - CreateSecurityGroup - parameter GroupName is invalid. Group names may not be in the format sg-*
- Error while creating instance on AWS with Terraform