Terraform: aws_instance fail with VPCIdNotSpecified even when vpc_security_group_ids is in place

Created on 15 May 2017  ยท  8Comments  ยท  Source: hashicorp/terraform

Trying to create an EC2 instance on a non-default VPC fails even when including vpc_security_group_ids

Terraform Version

$ terraform -v
Terraform v0.9.5

Affected Resource(s)

  • aws_instance

Terraform Configuration Files

resource "aws_instance" "aws_instance" {
  ami           = "${data.aws_ami.amazon-ecs-optimized.id}"
  instance_type = "${data.terraform_remote_state.output.instance_type}"
  key_name      = "${data.terraform_remote_state.output.key_name}"
  iam_instance_profile = "${aws_iam_role.aws_iam_role.name}"
  availability_zone = "${aws_ebs_volume.aws_ebs_volume.availability_zone}"
  vpc_security_group_ids = ["${module.aws_security_group.id}"]
  tags {
    "Name" = "${var.name}"
  }
}

Expected Behavior

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.```

### Actual Behavior
```Error applying plan:

1 error(s) occurred:

* module.nexus.aws_instance.aws_instance: 1 error(s) occurred:

* aws_instance.aws_instance: Error launching source instance: VPCIdNotSpecified: No default VPC for this user
        status code: 400, request id: 8e40d76f-c9a6-4f4e-85dd-ecc4a066769e

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Steps to Reproduce

  1. terraform apply

Important Factoids

  • No default VPC on the account
bug provideaws
Source
picture grebois

Most helpful comment

For me, t2.micro worked only thing is I need to provide vpc_security_group_id and subnet_id
resource "aws_instance" "nginx" {
ami = "ami-c58c1dd3"
instance_type = "t2.micro"
key_name = "${var.key_name}"
vpc_security_group_ids=["sg-7cad580b","sg-91edb3e4"]
subnet_id="subnet-e6db8dad"

picture gurunathchoukekar on 26 Jan 2018
👍6 🎉3 🚀11

All 8 comments

Thanks for the report @grebois . I believe the Instance actually derives it's VPC from the subnet, can you verify that specifying a subnet_id in a VPC works as designed?

Unfortunately this is hard to detect or prevent before apply time, as we don't know if there's a default VPC or not in the region you're using, and subnet_id is optional (you could specify an availability zone instead, IIRC)

catsby picture catsby on 15 May 2017
👍2

@catsby actually yes, using subnet_id it works fine, but shouldn't vpc_security_group_ids work as well?

Regretfully there isn't a subnet data source from where I can get a list of subnets of a given VPC.

grebois picture grebois on 16 May 2017

@grebois I would hope that specifying vpc_security_group_ids would be enough, but unfortunately it's not, according to the AWS API documentation:

[EC2-VPC] If you don't specify a subnet ID, we choose a default subnet from your default VPC for you. If you don't have a default VPC, you must specify a subnet ID in the request.

I suppose vpc_security_group_ids tells AWS what VPC to live in, but not what subnet.

Regretfully there isn't a subnet data source from where I can get a list of subnets of a given VPC.

Terraform v0.9.5 includes both a aws_subnet and aws_subnet_ids data source:

Hopefully one of those can be helpful here!

catsby picture catsby on 16 May 2017

@catsby sure, thanks!

grebois picture grebois on 16 May 2017

Im getting this error
InvalidVpcID.NotFound: The vpc ID 'vpc-daf818b1' does not exist
status code: 400, request id: ec48c53a-0140-43f1-899b-24c451f9cdb6

The same Terraform plan works for other aws account. Also, this VPC exists and the same error repeats for all VPC'S of this account

ritu2593 picture ritu2593 on 20 Dec 2017

For me, t2.micro worked only thing is I need to provide vpc_security_group_id and subnet_id
resource "aws_instance" "nginx" {
ami = "ami-c58c1dd3"
instance_type = "t2.micro"
key_name = "${var.key_name}"
vpc_security_group_ids=["sg-7cad580b","sg-91edb3e4"]
subnet_id="subnet-e6db8dad"

gurunathchoukekar picture gurunathchoukekar on 26 Jan 2018
👍6 🎉3 🚀11

Thank you so much!!! gurunathchoukekar commented on Jan 26, 2018 WORKING!!!

maksym-hladkykh picture maksym-hladkykh on 1 May 2019

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 26 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ketzacoatl picture ketzacoatl  ยท  3Comments
c4milo picture c4milo  ยท  3Comments
thebenwaters picture thebenwaters  ยท  3Comments
carl-youngblood picture carl-youngblood  ยท  3Comments
Seraf picture Seraf  ยท  3Comments