I am following the AWS tutorial to create a Webapp here: http://docs.aws.amazon.com/gettingstarted/latest/wah-linux/getting-started-create-rds.html
I am stuck at the part 'Create a Security Group for Your DB Instance'.
The tutorial instructs you to start writing 'WebserverSG' into the IP source, and to select an option. However, even after completely typing 'WebserverSG', no such option is presented and I am unable to create the security group.
Is there a way to know the source without selecting it from the options? Alternatively, have I done something wrong for the option to not be presented?
This is my first time dealing with AWS; I don't have a concrete understanding of the purpose of security groups - so please bear this in mind!
Thanks in advance for any answers.
Are you going through the VPC area of the console or trying to edit it from within RDS? If I remember correctly you can only enter another Security Group as a source from within the VPC area.
This was fixed by: remaking the web server security group with the exact name WebServerSG, then making the database security group by starting typing the inbound IP with 'sg-...' instead of 'WebSe...'. Assigning the new security group to a similar instance has everything working.
Related
I am new to AWS and,
Here's the drill:
- Logged in to AWS with root admin credentials.
- I created few security groups in AWS.
- Terminated all the EC2 instances that I had.
- Deleted ELB successfully.
- Deleted RDS successfully.
- Using default VPC and no Elastic IPs.
Now, when I am trying to delete security groups, one group says its being referenced by another. When I try to delete the referenced one, it says that the security group is being referenced by a Network Interface.
We get two options here- Associate with another group or Delete that Network Interface.
Trying first makes no sense as I want to get rid of all the Security Groups except the default (Like it was in the beginning). Still I tried that option and got the error "You do not have permission to access the specified resource" and it did not let me associate that Network Interface (Status-In Use) with any Security Group.
Tried deleting/detaching(force) that Network Interface and got an error message "You do not have permission to access the specified resource."
A similar issue can be found below without any known solution:
https://forums.aws.amazon.com/thread.jspa?threadID=99189&start=0&tstart=0
Unresolved Stackoverflow link: issue in deleting VPC and network interface
I would really appreciate if someone hits me with a hammer of facts :)
Thanks, in advance!
I had the same issue, after having removed load balancers, auto-scaling groups, the memcached cluster and so on, I couldn't delete the VPC.
I had the feeling that there was some vicious circle between two network interfaces that I couldn't detach or modify and the security group itself that I couldn't remove as long as it was attached to the interfaces.
I ran the aws elasticache describe-instances command (I saw a reference to elasticache in a network interface description) to see if it would show something I missed.
And indeed, there was some redis cluster remaining, that I didn't see in the mess of the UI, which was some remnant of a long forgotten test. After having removed this cluster, I could delete the VPC.
So I'd say that kind of issue: unauthorized access, even for admins is mainly related to a component managed by AWS, and to the fact that the UI is far from friendly when it comes to know from where an error comes.
https://forums.aws.amazon.com/thread.jspa?threadID=168376
It looks like sg-72bd411a does in fact reference itself. You'll need to go into it and remove the reference before you can delete it.
I'm creating EC2 machines in AWS using JClouds. The machines are created without any issues but they are put into a default security group created by JClouds. A typical default security group by JClouds will have the "jclouds#" prefix like here:
jclouds#euweawlt-c96-j40788-26
Since we have predefined security groups I want to use them instead.
According the link JClouds AWS guide this should be possible through a simple line of code:
template.getOptions().as(EC2TemplateOptions.class).securityGroups(group1, group2);
So I've added it to my code as well:
computeTemplate.getOptions().as(EC2TemplateOptions.class).securityGroups(securityGroup);
...where securityGroup is the name of our predefined security group.
The same documentation page states that this should be enough:
"With respect to the security group, jclouds creates a security group for you, with rules corresponding to the inboundPorts() option (defaults to open port 22), unless you use the option EC2TemplateOptions.securityGroups()."
The end result is that the EC2 machine is added to the security group specified by the above code AND the default "jcloud#..." security group as well. Hence JClouds does create a default security group after all.
I really want to get rid of that since we already have a security group, it is not removed when the machine is terminated and there have been exceptions thrown by the JClouds API due the security group not being available after creation, whatever that means.
Any pointers are welcome.
Looking at the code, it looks like you're right and jclouds will always create that security group by default. I think there is no current workaround for that and I'd suggest you report that as an issue in the jclouds JIRA.
I think the fix should be as easy as moving the highlighted lines into the previous else clause, but let's better open the issue so it can be properly tracked
I'm new to AWS and RDS. I've combed through help files and other stackflow questions, but can't seem to find out if i'm doing something wrong.
When I go to my RDS Instance, I see
Security Groups:default( active )
I click default, and it takes me to the SG page, where I create new groups.
However, any rules I put in those new groups don't work, only the rules I put in the default group works. In some of the documentation, I see the screenshots and the beside the Security Groups on the instance page, it doesn't list default, but a user created group.
So is there some way to make all the new groups active or a way to change which group has precedence on that Instance page? Or am I going to have to put all my rules in the default group?
I had the same problem trying to modify security group right from the top-level view of instances. [The Postgres RDS setup has it backwards, having me create the instance and then telling me I have to do the security group thing, saying only "see startup guide" and providing a broken link to that. :)]
Anyway, I finally figured out I had to select the running instance and then under instance actions select "Modify" and then there is a nice friendly widget for changing the security group.
Update:
You can now change a RDS security group, see user115813's answer a few pixels under my original answer.
Please feel free to validate his answer instead of mine.
Question: Is there a way to determine which AutoScaling Group a Launch Configuration is attached to.
Why do I need to know? I have a list of existing Launch Configurations and I want to delete one of them.
Undesirable Solutions:
I can get a list of all my AutoScaling Groups and look through each one to determine which Launch Configuration it is using.
I can just try to delete the Launch Configuration and then having the error tell me which AutoScaling Group it is attached to.
Desirable Solutions:
Query Launch Configuration and have it return which group it is attached to.
Query all AutoScaling Groups with the Launch Configuration name as a filter.
The answer as of this moment is that the solution I am looking for does not yet exist.
In light of this current lack I have proceeded to evaluate my Undesirable Solutions.
I first considered using a try/catch|except block and parsing the error when trying to delete a Launch Configuration that was attached to a group. The cost of parsing was more than I wanted to deal with so I decided to go with looping through the AutoScaling Groups and finding a match for each individual Launch Configuration.
While the solution is less than ideal, it is working quite nicely. I hope to post the code on GitHub shortly so that others can also benefit from it.
Update: 07 August 2013
Here is some code on GitHub that I have been working on. Hope it is helpful to others.
I am trying out the tutorial for amazon VPC - Virtual private cloud.
http://docs.amazonwebservices.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html#Case2_Launch_NAT
I have followed these steps....
Navigate to https://console.aws.amazon.com/vpc
Create a VPC.
Create security groups as outlined by the article.
I have created the NATSG security group as required by the article.
When I try to change the security group of the instance to run under the NATSG group it gives me an error - saying it encountered an error without any description.
Any pointers would be appreciated.
I am not facing the issue any longer - it appeared to be an ongoing issue at the time, I can currently switch security groups properly.
The one change I have made over the past 2 years is switch all my manual interactions with AWS to be programmatic using boto3 or cloudformation, which has eliminated a lot of errors.