Lost security group on running instance

0

Hello, there are two running EC2 instances (launched in 2019) in my account, and the security groups for these instances have been lost. When I select the instance and go to the security tab, I see the message 'Failed to describe security groups. The security group 'sg-a95225a8' does not exist.' Currently, there is only one security group named 'default' in the security group list.

I believe the security group associated with the instance is protected from deletion, but it has disappeared. I have checked the security group list in the same region as the instance.

Although I cannot see the security group rule, the instance is still working under the lost security group, as my SSH port is still permitted as usual. How can I find my lost security group? Please help.

I am not sure if it will be helpful, but the instance IDs are i-272d2324 and i-22ced23b.

Thanks a lot.

asked a year ago529 views
5 Answers
1

Hi, I contacted one of our SME in AWS and he told that the old and deprecated EC2-classic security groups are still there, but not visible anymore. He suggested to open a ticket to solve the issue of having them listed out by their support group, so that you can migrate them and then ask to remove the old one.

answered a year ago
  • I think I can't open a support ticket without purchasing the AWS Developer Support plan. So in realistic, I think I have to create a new security group in VPC from my memory. Thank you very much for your continuous help.

0

Did you check via aws ec2-describe-security-groups --<region> to verify if still present the original security group in the list? Did you check using aws ec2 describe-instances --instance-ids <id> --query with the network-interface.group-id parameter to check what you see via cli and not console?

answered a year ago
  • Thank you for your reply.

    command:

    aws ec2 describe-instances --instance-ids i-272d2324 --query 'Reservations[].Instances[].[SecurityGroups[],InstanceId,NetworkInterfaces]'

    output:

    [[[[{"GroupName":"quick-start-1","GroupId":"sg-a95225a8"}],"i-272d2324",[]]]]

    command:

    aws ec2 describe-security-groups --query "SecurityGroups[].[GroupId,GroupName]"

    output:

    [["sg-558d4430","default"]]

    I think it is the same as what is shown in the console

0

Hi, did you check in trail to understand if anyone did anything? Do you have full access and no policy restriction on NSGs? Is the NSG in the default VPC? Try also aws ec2 describe-security-groups --filters Name=vpc-id,Values=vpc-XXX --filters Name=group-name,Values=your_group_name Same result?

answered a year ago
  • I am aware that our instance does not belong to a VPC, and having a VPC is now a necessary option for a security group. Our security group did not have any VPC assigned, which is why it disappeared.

    Am I correct? If this is true, is there any way to recover my lost security group?

0

So, I'm understanding that you had EC2-Classic Security Group and now you need to migrate to EC2-VPC due to EC2-Classic sunset. This is a good starting point to find classic resources and migrate to the EC2-VPC model. https://aws.amazon.com/blogs/aws/ec2-classic-is-retiring-heres-how-to-prepare/ Please advise how you are moving forward and if needs other help

answered a year ago
0

In the blog I included in the previous mail, you can find the link to the https://github.com/aws-samples/ec2-classic-resource-finder that can help you find the security groups EC2-Classic

answered a year ago
  • ec2-classic-resource-finder outputs Classic_EC2_Instances.csv, which lists up 2 Classic EC2 instances, but there is no information about their security groups. And the file Classic_SGs.csv is empty.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions