"Exceeded" VPC security groups limit when launching instances with one sg

0

Dear Forum,

I am trying to launch EC2 instances on a managed account (i.e. I am not the admin), and I received this message when attempting to launch six (6) instances in the same request.

"You have exceeded the number of VPC security groups allowed per instance."

There are two things odd about that message:
1/ The request "fails", but I actually get five 5 instances in the EC2 console. If I amend the request to launch five (5) instances instead of 6 while holding everything else the same, the request succeeds and I get 5 instances.
2/ The request contains only one (1) security group per instance. And the instances in both attempts (ask for 6 get error and 5 instances; ask for 5, no errors and get 5 instances) all have the correct (just one) security group attached.

As far as I can see in the EC2 Limits pane: the limit of "Security Group per instance" (the terminology doesn't say "VPC", I don't know if that matters) is eight (8).

So it feels to me that I am hitting an account limit somewhere, but the error message doesn't feel right. I have only one group per instance, less than the limit of eight. I feel that I got the message from a catch call "throw", but it's not the real cause. But in order to discuss the limit with the admin, I have to figure out what's the real limit I have hit.

Has anyone seen this error before and any advice? TIA

asked a year ago303 views
3 Answers
0

Hi there,

It sounds like you’ve simply hit your VPC quota limit. In most cases you can simply request a limit increase. First, I’d recommend taking a look at this page in our VPC docs which goes over limits:

https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html#vpc-limits-security-groups

Here’s how to check your limits in the EC2 console:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html

AWS-Nate

answered a year ago
0

Any advice on which limit I have hit?
I have read the limits documentation and the limits page in the AWS Console for this account. My problem is that it's not immediately obvious which of the 30+ limits I have hit.

I am fairly certain it's not the stated "Security Group per instance" but I don't have any evidence for the others... My gut feel is that I hit the "vCPU for running instance" but the math didn't work out...

answered a year ago
0

Want to close the loop on this: the problem has been identified in our application that uses SDK.
We failed to clear the Security Group list in between loops, so while I thought I was launching 6 instance with 1 group each; I am in reality launching 1 instance with 1 group, 1 instance with 2 groups... And the 6th instance with 6 groups fails.

The only complaint is that the error message was a little misleading:
This is the error:
"errorCode": "Client.SecurityGroupLimitExceeded",
"errorMessage": "You have exceeded the number of VPC security groups allowed per instance.",

But in reality, we didn't hit the "Security groups per instance" limit (which is 8); we hit the "VPC security groups per elastic network interface" limit (which is 5).

Thanks

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions