Unexpected EC2 error while attempting to Create Network Interface UnauthorizedOperation while using boto3

0

While trying to start a task of a ECS cluster using the aws API key with boto3 for my own account, the task container was created and immediately killed due to an error:

*Unexpected EC2 error while attempting to Create Network Interface in subnet 'subnet-xxxxxxxxxxxxxxxxx': UnauthorizedOperation *

However, I was able to start a task in a ECS cluster via web GUI using the same subnet. When the container was created, it is in the subnet I am expecting.

The task launch type is FARGATE, platform version is 1.4.0. Task role has been defined and used in either manual or script launch mode. Network mode shows awsvpc. In case of failed script launch, the EIN id is 'unset'.

Can someone help understand this issue? It will be nice to know how to enable the log for the launching of a container. At this moment, I only see the container logs after a container is successfully launched via web gui.

Thank you!

  • Its worth checking the CloudTrail event history to find out the request parameters and the IAM user/role being used for the operation. Search for the EventName "CreateNetworkInterface" in your CloudTrail event history and see if that helps!

1 Answer
0

It appears to be a security group related. The automation script used a different security group which has much more limitation. The manual process via web ui used a different security group.

However, I don't understand how security group blocks CreateNetworkInterface.

Thanks.

JM
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions