Login/Register
Cloudformation: "No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC"
Asked Answered
amazon-web-servicesamazon-ec2aws-cloudformation
C

8

7

I am trying to deploy an EC2 instance using Cloudformation but getting the following error:

No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC

despite having the vpc explicitly set on the security group:

"InstanceSecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName": "SG-AD-TSDB",
        "GroupDescription" : "Enable SSH access via port 22",
        "VpcId": "vpc-<private>",
        "SecurityGroupIngress" : [ {
          "IpProtocol" : "tcp",
          "FromPort" : "22",
          "ToPort" : "22",
          "CidrIp" : { "Ref" : "SSHLocation"}
        } ]
      }
    }

I have no clue what to do with this error.

Circassian answered 27/7, 2022 at 8:18 Comment(2)
Can you provide more of the template? I do not think the error originates from the code you posted. Its source must be somewhere else.Mclaren
could it be that vpc is being created as part of the same stack and there's some race condition, as in VPC is no ready yet by the time the security group is being created.Gumbotil
W
2

I got the same error.

I don't know the real reason, though removing the default VPC and recreating it solved the issue in my case.

If you cannot remove the default VPC, then you should use Admin account to do that.

Whortleberry answered 22/9, 2022 at 11:55 Comment(0)
D
2

In my case it was caused by a missing default VPC in the region. Creating a default VPC solved the issue.

Dalessio answered 10/5 at 9:18 Comment(1)
To create a default VPC, go to the AWS VPC Console, choose the "Your VPCs" menu, select the "Create default VPC" option from the Actions menu. Click Create. AWS referenceWinding
L
1

I had this error when trying to create a separate ENI that attached to an EC2

Resources:
  MyENI:
    Type: AWS::EC2::NetworkInterface
    Properties:
      Description: Separate ENI to attach to the EC2
      SubnetId: !Ref MySubnet
      PrivateIpAddress: !Ref StaticIP
      GroupSet:
        - !Ref MySecurityGroup

 MyEC2:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref AMI
      InstanceType: !Ref InstanceType
      IamInstanceProfile: !Ref InstanceProfile
      NetworkInterfaces:
        - NetworkInterfaceId: !Ref MyENI
          DeviceIndex: 0
          AssociatePublicIpAddress: false

Solution for me was to remove the AssociatePublicIpAddress: false, thank you AWS for a completely useless error.

Lundy answered 1/8, 2023 at 3:42 Comment(0)
S
1

I had the same problem, what I did was

  • adding a VpcId in the SeucurityGroup configuration
  • adding a SubnetId in the EC2Instance configuration

And it lets me deploy the stack, solved my problem.

Resources:
  EC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType:
        Ref: InstanceType
      # SecurityGroups: 
      #   - Ref: InstanceSecurityGroup
      SecurityGroupIds: 
        - !GetAtt InstanceSecurityGroup.GroupId
      SubnetId: subnet-0dccb6xxxxxxxxxx
      ImageId:
        Ref: ImageId
      Tags:
        - Key: Name
          Value: 'Value'
  InstanceSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Enable SSH access via port 22
      SecurityGroupIngress:
        - IpProtocol: tcp
          Description: Allow SSH access via port 22 from anywhere
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
      VpcId: vpc-031fdxxxxxxxxx
Spiteful answered 16/5 at 7:6 Comment(0)
U
0

I believe GroupName is legacy prop used for old-fashion VPC. Just delete it, name field in SG listing seems to be copied from GroupDescription in my cloud.

Utter answered 28/7, 2022 at 12:25 Comment(0)
S
0

As Marcin commented, I believe the problem is in the AWS::EC2::Instance declaration. I also had this error and only after adding SubnetId property to the NetworkInterfaces property of the instance I succeed to deploy the stack without errors. I added this property after I had encountered this clarification.

The full yaml code is:

---
AWSTemplateFormatVersion: '2010-09-09'
Description: Deploy a simple Amazon Linux Instance and allow SSH connectivity.
Parameters:
  KeyName:
    Description: EC2 Key Pair for SSH Access, you must have created these prior to
      running this.
    Type: AWS::EC2::KeyPair::KeyName
  VpcId:
    Description: 'Please insert one of your VPC ID. you can find this info in the
      VPC console '
    Type: AWS::EC2::VPC::Id

  ImageId:
    Description: 'Please insert an Image ID of the AMI you want to use. Leave the field unchanged to use the default Amazon Linux AMI'
    Type: String
    Default: ami-05ff5eaef6149df49
  SubnetId:
    Description: 'Please choose a Subnet Id'
    Type: AWS::EC2::Subnet::Id

Resources:
  SimpleInstance:
    Type: AWS::EC2::Instance
    Properties:
      KeyName:
        Ref: KeyName
      InstanceType: t2.micro
      ImageId: !Ref ImageId
      NetworkInterfaces:
      - GroupSet:
        - Ref: SimpleInstanceSg
        SubnetId: 
          Ref: SubnetId
        AssociatePublicIpAddress: true
        DeviceIndex: '0'
        DeleteOnTermination: true
  SimpleInstanceSg:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      VpcId:
        Ref: VpcId
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0

The original code (without the SubnetId declaration) has taken from here. Note that even the original code does not include any GroupName declaration I had exactly the same error.

Stentor answered 30/9, 2022 at 11:27 Comment(0)
R
0

While deleting just provide the Security group Id.

GroupName (string) -- [EC2-Classic, default VPC] The name of the security group. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, you must specify the security group ID.

For reference see below is example, (Example 3 is for successful deletion)

 import boto3
 ec2Client=boto3.client('ec2', region_name='us-west-1')
 sgName='vsm'
 sgId='sg-03a4977aea20a2b6d'


 ##example 1- with SgId and SgName (FAILED)

 response=ec2Client.delete_security_group(GroupId=sgId, GroupName=sgName)

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 391, in _api_call
    return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 719, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (VPCIdNotSpecified) when calling the DeleteSecurityGroup operation: No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC.

 ##example 2- with SgName (FAILED)

response=ec2Client.delete_security_group(GroupName=sgName)

response
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 391, in _api_call
    return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 719, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (VPCIdNotSpecified) when calling the DeleteSecurityGroup operation: No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC.


##example 3- with SgId (Successful)

response=ec2Client.delete_security_group(GroupId=sgId)

response
{'ResponseMetadata': {'RequestId': '3f2f2b56-d072-41ce-b89a-ccd576ce0189', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '3f2f2b56-d072-41ce-b89a-ccd576ce0189', 'cache-control': 'no-cache, no-store', 'strict-transport-security': 'max-age=31536000; includeSubDomains', 'content-type': 'text/xml;charset=UTF-8', 'content-length': '239', 'date': 'Fri, 14 Oct 2022 06:04:26 GMT', 'server': 'AmazonEC2'}, 'RetryAttempts': 0}}

Reference: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.delete_security_group

Roundy answered 14/10, 2022 at 6:29 Comment(0)
I
0

I was getting error on ec2 instance creation via cloudformation: No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC. (Service: AmazonEC2; Status Code: 400; Error Code: VPCIdNotSpecified; Request ID: 2c177a91-3f2b-4649-ae89-0348b110d3fd; Proxy: null)

fix for this: in existing cloud formation template only added subnet-id highlighted below in ** where you want to create the ec2 instance .

AWSTemplateFormatVersion: "2010-09-09"

Description: "AWS CloudFormation Template to create a non-classic EC2 instance"

Parameters:
  KeyName:
    Description: "Name of an existing EC2 KeyPair to enable SSH access to the instance"
    Type: "AWS::EC2::KeyPair::KeyName"
    ConstraintDescription: "must be the name of an existing EC2 KeyPair."

  InstanceType:
    Description: "EC2 instance type"
    Type: "String"
    Default: "t2.micro"
    AllowedValues: ["t2.micro", "t2.small", "t2.medium"]
    ConstraintDescription: "must be a valid EC2 instance type."

Resources:
  EC2Instance:
    Type: "AWS::EC2::Instance"
    Properties:
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      ImageId: "ami-0438595434530XX"  # Replace with your desired AMI ID
      **SubnetId: "subnet-0438785900XX"**  # Replace with your subnet ID in the desired VPC

Outputs:
  InstanceId:
    Description: "InstanceId of the newly created EC2 instance"
    Value: !Ref EC2Instance
Imide answered 2/2 at 11:23 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.