By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cloudformation Stack Deploy Resource handler returned message: "Network interfaces and an instance-level security groups may not be specified on the same request

0

When attempting to deploy my JSON template in Cloudformation, I get the error "Resource handler returned message: "Network interfaces and an instance-level security groups may not be specified on the same request (Service: Ec2, Status Code: 400". I cannot understand what to change to fix this issue.

When I review the Cloudformation user guide under AWS::EC2::Instance (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-instance.html#cfn-ec2-instance-privateipaddress), it tells me

SecurityGroups [Default VPC] The names of the security groups. For a nondefault VPC, you must use security group IDs instead.

You cannot specify this option and the network interfaces option in the same request. The list can contain both the name of existing Amazon EC2 security groups or references to AWS::EC2::SecurityGroup resources created in the template.

Default: Amazon EC2 uses the default security group.

Required: No

My JSON code snippet is:

"Node01": {
			"Type": "AWS::EC2::Instance",
			"Metadata": {
				"Comment": "Node01"
			},
			"Properties": {
				"VpcId": {
					"Ref": "myVPC"
				},
				"AvailabilityZone": "us-east-2a",
				"DisableApiTermination": false,
				"EbsOptimized": false,
				"IamInstanceProfile": "",
				"ImageId": "ami-001328fb3d9e52497",
				"InstanceInitiatedShutdownBehavior": "stop",
				"InstanceType": "t3.xlarge",
				"KeyName": "mykey",
				"Monitoring": true,
				"NetworkInterfaces": [
					{
						"NetworkInterfaceId": {
							"Ref": "Node01NetworkInterface"
						},
						"DeviceIndex": "1"
					}
				],
				"PrivateDnsNameOptions": {
					"EnableResourceNameDnsAAAARecord": false,
					"EnableResourceNameDnsARecord": false,
					"HostnameType": "resource-name"
				},
				"SecurityGroups": [
					{
						"Ref": "NodeClusterSecurityGroup"
					},
					{
						"Ref": "NodeSecurityGroup"
					}
				],
				"SourceDestCheck": false,
				"Tags": [
					{
						"Key": "Name",
						"Value": "node-01"
					}
				]
			}
		},

"ESNode01NetworkInterface": {
			"Type": "AWS::EC2::NetworkInterface",
			"Properties": {
				"VpcId": {
					"Ref": "myVPC"
				},
				"Description": "Node01 Network Network",
				"InterfaceType": "interface",
				"PrivateIpAddress": "10.69.16.50",
				"SourceDestCheck": true,
				"SubnetId": {
					"Ref": "PrivateSubnet2a"
				}
			}
		},
Topics
Networking & Content DeliveryManagement & GovernanceCompute
Tags
Amazon VPCAWS CloudFormationAmazon EC2Security Group
Language
English
SpendGhost
asked a month ago48 views
2 Answers
1
Accepted Answer

Hello.

When configuring "NetworkInterfaces", try configuring security groups within "AWS::EC2::NetworkInterface" instead of using "SecurityGroups".
Try modifying your template as follows:

"Node01": {
			"Type": "AWS::EC2::Instance",
			"Metadata": {
				"Comment": "Node01"
			},
			"Properties": {
				"VpcId": {
					"Ref": "myVPC"
				},
				"AvailabilityZone": "us-east-2a",
				"DisableApiTermination": false,
				"EbsOptimized": false,
				"IamInstanceProfile": "",
				"ImageId": "ami-001328fb3d9e52497",
				"InstanceInitiatedShutdownBehavior": "stop",
				"InstanceType": "t3.xlarge",
				"KeyName": "mykey",
				"Monitoring": true,
				"NetworkInterfaces": [
					{
						"NetworkInterfaceId": {
							"Ref": "Node01NetworkInterface"
						},
						"DeviceIndex": "1"
					}
				],
				"PrivateDnsNameOptions": {
					"EnableResourceNameDnsAAAARecord": false,
					"EnableResourceNameDnsARecord": false,
					"HostnameType": "resource-name"
				},
				"SourceDestCheck": false,
				"Tags": [
					{
						"Key": "Name",
						"Value": "node-01"
					}
				]
			}
		},

"ESNode01NetworkInterface": {
			"Type": "AWS::EC2::NetworkInterface",
			"Properties": {
				"VpcId": {
					"Ref": "myVPC"
				},
				"Description": "Node01 Network Network",
				"InterfaceType": "interface",
				"PrivateIpAddress": "10.69.16.50",
				"SourceDestCheck": true,
                                "GroupSet" : [{ "Ref": "NodeClusterSecurityGroup"},{"Ref": "NodeSecurityGroup"}],
				"SubnetId": {
					"Ref": "PrivateSubnet2a"
				}
			}
		},
profile picture
EXPERT
Riku_Kobayashi
answered a month ago
0

Thank you for the help! This resolved the issue. Now to continue down the JSON Cloudformation debug road.

SpendGhost
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content