- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
You didn't provide all the info, so I'm making an assumption:
is the peering across accounts? If so, add --group-owner where that is the account number of the source-group sg id:
aws ec2 authorize-security-group-ingress --group-id sg-XXXXXXXXXXXXXX --protocol all --port all --source-group sg-YYYYYYYYYYYYY --group-owner 123456789012
Thank you for your helpful, I've progress with your help. But, now I've this error:
An error occurred (InvalidGroup.NotFound) when calling the AuthorizeSecurityGroupIngress operation: The security group 'SG_YYYYYYYY' does not exist in default VPC 'vpc-xyxyxyx'
I've checked to change the VPC at 'aws ec2 authorize-security-group-ingress' command, but according manuals it's don't exist's, and the mentioned VCP is not the Default, so the question is: Is it possible just to Default VCP?
Order of my commands:
$ aws configure set region us-east-1 --profile MY_PROFILE. # it's my target region
$ aws ec2 authorize-security-group-ingress \
--group-id sg-XXXXXXXXX \ # this group is on my target region -> us-east-1
--protocol all \
--port all \
--source-group SG-XXXXXXXX \ # this group is on my source region -> us-west-1
--group-owner yxyxyxyxyxyx
An error occurred (InvalidGroup.NotFound) when calling the AuthorizeSecurityGroupIngress operation: The security group 'SG-XXXXXXXX' does not exist in default VPC 'vpc-AbAbAbAb'
The both of sides are on the same ownerid.
Thank you
Currently, you can't reference security groups if the vpc peering connections are cross-region.
You will have to use the CIDR block of the peer vpc instead.
https://docs.aws.amazon.com/vpc/latest/peering/vpc-pg.pdf#invalid-peering-configurations
page 15
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 7 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa