- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
AWSEBSecurityGroup is a dynamic resource that beanstalk creates for you. It's also the security group attached to the Auto Scaling group.
To start debugging this within the CloudFormation console look for the stack that is dynamically created it will start with awseb-e then switch to the template tab copy and paste the contents into a an editor. Convert it into yaml which will make it easier to read and then search for the resource AWSEBSecurityGroup and see what properties values are being used and if they are what you expect.
I would try 2 things:
-
In EB, the Security Group reference must refer to the ID and not the name. the !Ref will pull the name, try using !GetAtt Security.GroupId (if yaml) to retrieve the Security Group ID.
-
You could also use the CloudFormation DependsOn Property to ensure the MCTEBSecurityGroup resource gets deployed first if there's an order issue.
Hope that helps!
Reference: EC2 Error Code explanations: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html DependsOn: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html
I commented on RoB's suggestion, so this is mostly the same - I tried the above, and unfortunately neither 1 alone, 2 alone, or 1 and 2 together made a difference. The MCTEBSecurityGroup is getting created, but it looks like it's not being used in the Elastic Beanstalk creation.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 3 Jahren
Thanks, this is what it looks like:
It's not using the vpcid I gave in the template. There must be something I need to change in the template, I just don't know what.
In the root stack is the SG created before the resource MCTEBConfig. I would expect it to be because of the implicit !Ref. If you look within the resources tab do you see an SG created for MCTEBSecurityGroup and does it belong to the relevant vpc?
Following on from jsonc response. Within MCTEBConfig try replacing
with
I say this because of the following taken from the docs if you use Amazon Virtual Private Cloud (Amazon VPC) with Elastic Beanstalk so that your instances are launched within a virtual private cloud (VPC), specify security group IDs instead of security group names.
I added DependsOn and !GetAtt. The resource yaml looks like this:
I also tried creating a SG through the console, then used that id in the template.
Unfortunately I see no change - Elastic Beanstalk still tries to create a SG with a default VPC. Looking at the resources I do see a SG for MCTEBSecurityGroup in the correct VPC. I've tried googling the issue, but didn't find anything that helped.
Would you be able to delete the stack then relaunch it to see if you see the same behavior?