Terraform: provider/aws: confusing error message for malformed vpc_security_group_ids on aws_instance

Created on 3 Apr 2016  ยท  6Comments  ยท  Source: hashicorp/terraform 
benwaters@XXX $ terraform --version
Terraform v0.6.14

* aws_instance.vpn_nat: Error launching source instance: InvalidParameterCombination: The parameter groupName cannot be used with the parameter subnet
        status code: 400, request id:

module.ops.aws_instance.vpn_nat: Creating...
  ami:                                       "" => "ami-91d717d5"
  availability_zone:                         "" => "XXXX"
  disable_api_termination:                   "" => "1"
  ebs_block_device.#:                        "" => "<computed>"
  ephemeral_block_device.#:                  "" => "<computed>"
  instance_initiated_shutdown_behavior:      "" => "stop"
  instance_state:                            "" => "<computed>"
  instance_type:                             "" => "m1.small"
  key_name:                                  "" => "XXXX"
  placement_group:                           "" => "<computed>"
  private_dns:                               "" => "<computed>"
  private_ip:                                "" => "<computed>"
  public_dns:                                "" => "<computed>"
  public_ip:                                 "" => "<computed>"
  root_block_device.#:                       "" => "1"
  root_block_device.0.delete_on_termination: "" => "0"
  root_block_device.0.iops:                  "" => "<computed>"
  root_block_device.0.volume_size:           "" => "40"
  root_block_device.0.volume_type:           "" => "gp2"
  security_groups.#:                         "" => "<computed>"
  source_dest_check:                         "" => "0"
  subnet_id:                                 "" => "subnet-xxxx"
  tags.#:                                    "" => "2"
  tags.Environment:                          "" => "operations"
  tags.Name:                                 "" => "xxx-vpn-nat"
  tenancy:                                   "" => "dedicated"
  vpc_security_group_ids.#:                  "" => "1"
  vpc_security_group_ids.2861944429:         "" => "{aws_security_group.vpn_nat.id}"

And here's the resource

resource "aws_instance" "vpn_nat" {
    ami = "${var.ubuntu_ami}"
    instance_type = "${var.vpn_size}"
    availability_zone = "${var.vpn_az}"
    tenancy = "dedicated"
    disable_api_termination  = true
    instance_initiated_shutdown_behavior = "stop"
    key_name = "${xxxxx}"
    vpc_security_group_ids = ["{aws_security_group.vpn-sg.id}"]
    subnet_id = "${aws_subnet.operations_public_instances.id}"
    source_dest_check = false
    root_block_device {
        volume_type = "gp2"
        volume_size = 40
        delete_on_termination = false
    }

    tags = {
        Environment = "operations"
        Name = "XXXt"

    }
}

security group

resource "aws_security_group" "vpn-sg" {
  tags {
    Name = "sg-vpn-nat"
    Environment = "all"
  }

  name = "xxxxxxx"
  description = "Security group to allow VPN and SSH traffic into instance"
  vpc_id = "${aws_vpc.operations.id}"

BLAH
}

Ran with debug and this was the API request made

Action=RunInstances&BlockDeviceMapping.1.DeviceName=%2Fdev%2Fsda1&BlockDeviceMapping.1.Ebs.DeleteOnTermination=false&BlockDeviceMapping.1.Ebs.VolumeSize=40&BlockDeviceMapping.1.Ebs.VolumeType=gp2&DisableApiTermination=true&EbsOptimized=false&IamInstanceProfile.Name=&ImageId=ami-91d717d5&InstanceInitiatedShutdownBehavior=stop&InstanceType=m1.small&KeyName=XXX&MaxCount=1&MinCount=1&Monitoring.Enabled=false&Placement.AvailabilityZone=XXXXX&Placement.GroupName=&Placement.Tenancy=dedicated&SecurityGroupId.1=%7Baws_security_group.vpn_nat.id%7D&SubnetId=subnet-xxxxx&UserData=&Version=2015-10-01
bug provideaws
Source
picture thebenwaters

All 6 comments

&Placement.GroupName=& could this possibly be the issue??

thebenwaters picture thebenwaters on 3 Apr 2016

forgot $ :cry:

thebenwaters picture thebenwaters on 4 Apr 2016
😄1

Hi @thebenwaters! I'm glad to see that you figured this out, but I'm sad that Terraform gave you such a useless error message here and caused you to get stuck for 10 hours.

I'm re-opening this with a different summary that is about how terrible that error message was. Terraform does some tricky logic to smooth over the differences between EC2-Classic and VPC, and I think this error message is resulting from Terraform handling poorly the case where VPC security group ids have malformed syntax, as was the case for you here due to your missing $.

apparentlymart picture apparentlymart on 4 Apr 2016
👍1

Wow, I just totally did the same thing, and that same error message had me scrambling trying to figure out what was wrong with my SG setup. :smdh:

chiefy picture chiefy on 17 Jun 2016

in my case an incorrect space character was causing the problem:

bad - note the space after the comma:

  security_groups = "${module.security_groups.external_buildbot}, ${module.security_groups.internal_ssh}"

good

  security_groups = "${module.security_groups.external_buildbot},${module.security_groups.internal_ssh}"
timbod7 picture timbod7 on 21 Sep 2016

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 11 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shanmugakarna picture shanmugakarna  ยท  3Comments
carl-youngblood picture carl-youngblood  ยท  3Comments
pawelsawicz picture pawelsawicz  ยท  3Comments
rnowosielski picture rnowosielski  ยท  3Comments
jrnt30 picture jrnt30  ยท  3Comments