Elastic Beanstalk deployment failing because of a dangling security group

11
votes

When doing a deployment with Elastic Beanstalk, we got the following error:

ERROR: Configuration validation exception: Invalid option value: 'sg-fdd33e89' (Namespace: 'aws:autoscaling:launchconfiguration', OptionName: 'SecurityGroups'): The security group having id 'sg-fdd33e89' does not exist.

Things probably related:

  • We have custom security group settings for the ELB in .ebextensions
  • We had earlier cloned this particular EB environment from an older EB environment and had problems with being unable to temrinate the old environment because of this security group.

(Already solved this but sharing the question in case it helps somebody else)

4
amazon-web-servicesamazon-elastic-beanstalkaws-security-group
I ran into the same error and was led here first by Google, but I found that this other SO answer was more applicable to me since I was positive my security group still existed (and was in fact the default VPC security group): stackoverflow.com/questions/40671054/…M.L.

4 Answers

12
votes

I found the Derya Sezen's related blog post AWS Elastic Beanstalk the security group having id does not exist problem that

  • was describing a case where old security group from a the previous environment was inherited to new environment (probably the case with me too)
  • adviced to update EB environment's security group options with AWS CLI

I run the following with AWS CLI following the blog post:

aws elasticbeanstalk update-environment --environment-name my-env-name --option-settings Namespace=aws:autoscaling:launchconfiguration,OptionName=SecurityGroups,Value=""

After that, EB updated the environments for a while and after that I was able to deploy successfully.

3
votes

You can delete the problematic part by running eb config. You will receive editable config for your environment where you can find the non-existent security group and easily delete it.

0
votes

If you made the same mistake as me and terminated the environment, you could not use the AWS CLI for fix this.

$ aws elasticbeanstalk update-environment --environment-name my-kick-ass-env --option-settings Namespace=aws:autoscaling:launchconfiguration,OptionName=SecurityGroups,Value=""

A client error (InvalidParameterValue) occurred when calling the UpdateEnvironment operation: No Environment found for EnvironmentName = 'my-kick-ass-env'.

The only solution is to wait until the terminated environment is totally removed by AWS. It usually takes an hour to be removed after the termination is finished.

0
votes

I bumped into the same error when creating a new environment with EB web console.

Here's what I did to avoid it:

  • make sure your select the appropriate VPC for the instances / have your instances in the appropriate VPC
  • in the web ui, select at least one of the Instance subnets