By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Failed to change security groups for network interface

0

I currently have a default security group associated with a network interface identified by the ID eni-XXXXXXXX. To align with recommended security practices, I need to remove an outbound rule from the default security group before deleting it. However, in order to make this change, I must first assign a different security group to the network interface. When attempting to perform this action, I encounter an error message stating, "Failed to change security groups for network interface. You do not have permission to access the specified resource." Despite having both administrator access and AmazonVPCFullAccess attached to my IAM user, I am unable to complete the desired modification.

Note: 1. I have even checked my IAM policies there are no deny's or restrictions in it. 2. The eni was attached to ecs task so i don't think so it is one of Requester-managed network interfaces.

My goals- 1.remove existing default security group of network interface and change it to new security group so that i can remove outbound rule from default security group without any issue.

Topics
Networking & Content DeliveryContainersAWS Well-Architected Framework
Tags
Amazon VPCAmazon Elastic Container ServiceSecuritySecurity GroupECS Service Discovery
Language
English
Sravya_B
asked a year ago3078 views
2 Answers
3

This could be because you are trying to delete a security group that's associated with a requester-managed network interface. Requester-managed network interfaces are automatically created for managed resources, such as Application Load Balancer nodes. Services and resources such as AWS Lambda, Amazon Elastic File System (Amazon EFS), FSx, Redis, Memcached, and Amazon DynamoDB have security groups that are always attached to the Elastic Network Interface. In order to delete or detach these Elastic Network Interfaces, you must delete the resource that the network interface represents. After this is done, the AWS service automatically detaches and deletes the network interface for you. Requester-managed network interfaces - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/requester-managed-eni.html

AWS
bodep
answered a year ago
  • Sravya_B
    a year ago

    that eni was attached to ecs task . is it still the same? i don't think so it isRequester-managed network interfaces

0

I suspect that the security group you want to delete is linked / references to the default security group. You can try removing all items in the inbound and outbound rules of the default security group, and see if you can change the security group.

profile picture
EXPERT
Antonio_Lagrotteria
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content