Auto scalling group will not accept Security Group

0

I have an Launch Template which has the security group attached to it. I can launch an instance that works fine from this template. From the template I created an Auto Scaling gorup. When I look at the AS group I do not see the Security Group at all. I just see a dash. When I try to run the AS group it fails to create the instance. When I look at the failed instances they too do not have a security group.

What am I doing wrong??? How do I add the group to the AS Group or get it to pull in the one from the Launch Template.

4 Answers
0

When a launch template is specified for an ASG a version number is specified - see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplatespecification.html. Is it possible your ASG is using an old version of the launch template?

EXPERT
answered a year ago
0

No. I initially created the Launch Template with the SG. So when I setup the ASG it was at version 1 to begin with.

I then updated the Launch Template (version 2) with out the SG hoping that I could configure it in the ASG. So when I told the ASG to use version 2 I found I was unable to configure the SG in the ASG. So I moved the ASG back to version 1 of the template.

As a side note. When I look at the terminated EC2s the ASG tries to create they all have an error in Security about SG cannot be "". Sorry I do not have the exact message right now.

answered a year ago
0

I couldn't see a reason why security group is not getting associated with the instance. Can you verify SG is in fact there for ASG in the 'Launch Template' section. Security Group may have just - (dash) but there should be an id listed under "Security group IDs". Looks fine when I tested it. SG was associated with instance. I even tried removing SG and let ASG add one more instance when SG associated with ASG does not exist and it rightly reported error during instance launch. "Launching a new EC2 instance. Status Reason: The security group 'sg-0888ac0884e71f175' does not exist in VPC. Launching EC2 instance failed." Somehow couldn't reproduce the error you are seeing. Just try creating new ASG from Launch template and see "Security group IDs" has SG ID mentioned there.

profile picture
answered a year ago
0

My problem what that my EBS was encrypted but the KMS key was not allowing the ASG to decrypt the EBS.

I created a new key and gave it permissions for ASG. This allowed the ASG to bring up the instance.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions