Question 102370 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – Cloudformation: "No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC"

I am trying to deploy an EC2 instance using Cloudformation but getting the following error:

No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC

despite having the vpc explicitly set on the security group:

"InstanceSecurityGroup" : {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName": "SG-AD-TSDB",
        "GroupDescription" : "Enable SSH access via port 22",
        "VpcId": "vpc-<private>",
        "SecurityGroupIngress" : [ {
          "IpProtocol" : "tcp",
          "FromPort" : "22",
          "ToPort" : "22",
          "CidrIp" : { "Ref" : "SSHLocation"}
        } ]
      }
    }

I have no clue what to do with this error.

Tags:

4

Answers


  1. 0

    I believe GroupName is legacy prop used for old-fashion VPC. Just delete it, name field in SG listing seems to be copied from GroupDescription in my cloud.

    Login or Signup to reply.
  2. 0

    I got the same error.

    I don’t know the real reason, though removing the default VPC and recreating it solved the issue in my case.

    If you cannot remove the default VPC, then you should use Admin account to do that.

    Login or Signup to reply.
  3. 0

    As Marcin commented, I believe the problem is in the AWS::EC2::Instance declaration. I also had this error and only after adding SubnetId property to the NetworkInterfaces property of the instance I succeed to deploy the stack without errors. I added this property after I had encountered this clarification.

    The full yaml code is:

    ---
AWSTemplateFormatVersion: '2010-09-09'
Description: Deploy a simple Amazon Linux Instance and allow SSH connectivity.
Parameters:
  KeyName:
    Description: EC2 Key Pair for SSH Access, you must have created these prior to
      running this.
    Type: AWS::EC2::KeyPair::KeyName
  VpcId:
    Description: 'Please insert one of your VPC ID. you can find this info in the
      VPC console '
    Type: AWS::EC2::VPC::Id

  ImageId:
    Description: 'Please insert an Image ID of the AMI you want to use. Leave the field unchanged to use the default Amazon Linux AMI'
    Type: String
    Default: ami-05ff5eaef6149df49
  SubnetId:
    Description: 'Please choose a Subnet Id'
    Type: AWS::EC2::Subnet::Id

Resources:
  SimpleInstance:
    Type: AWS::EC2::Instance
    Properties:
      KeyName:
        Ref: KeyName
      InstanceType: t2.micro
      ImageId: !Ref ImageId
      NetworkInterfaces:
      - GroupSet:
        - Ref: SimpleInstanceSg
        SubnetId: 
          Ref: SubnetId
        AssociatePublicIpAddress: true
        DeviceIndex: '0'
        DeleteOnTermination: true
  SimpleInstanceSg:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Enable SSH access via port 22
      VpcId:
        Ref: VpcId
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 22
        ToPort: 22
        CidrIp: 0.0.0.0/0

    The original code (without the SubnetId declaration) has taken from here. Note that even the original code does not include any GroupName declaration I had exactly the same error.

    Login or Signup to reply.
  4. 0

    While deleting just provide the Security group Id.

    GroupName (string) — [EC2-Classic, default VPC] The name of the security group. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, you must specify the security group ID.

    For reference see below is example, (Example 3 is for successful deletion)

     import boto3
 ec2Client=boto3.client('ec2', region_name='us-west-1')
 sgName='vsm'
 sgId='sg-03a4977aea20a2b6d'


 ##example 1- with SgId and SgName (FAILED)

 response=ec2Client.delete_security_group(GroupId=sgId, GroupName=sgName)

Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 391, in _api_call
    return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 719, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (VPCIdNotSpecified) when calling the DeleteSecurityGroup operation: No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC.

 ##example 2- with SgName (FAILED)

response=ec2Client.delete_security_group(GroupName=sgName)

response
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 391, in _api_call
    return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 719, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (VPCIdNotSpecified) when calling the DeleteSecurityGroup operation: No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC.


##example 3- with SgId (Successful)

response=ec2Client.delete_security_group(GroupId=sgId)

response
{'ResponseMetadata': {'RequestId': '3f2f2b56-d072-41ce-b89a-ccd576ce0189', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '3f2f2b56-d072-41ce-b89a-ccd576ce0189', 'cache-control': 'no-cache, no-store', 'strict-transport-security': 'max-age=31536000; includeSubDomains', 'content-type': 'text/xml;charset=UTF-8', 'content-length': '239', 'date': 'Fri, 14 Oct 2022 06:04:26 GMT', 'server': 'AmazonEC2'}, 'RetryAttempts': 0}}

    Reference:
    https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html#EC2.Client.delete_security_group

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search