启动实例:VPC安全组不可用于非VPC启动 [英] Launching Instance: VPC security groups may not be used for a non-VPC launch

问题描述

我正在尝试在另一个区域中创建实例，但出现此错误:

I'm attempting to create an instance in another region, but I get this error:

AWS Error Code: InvalidParameterCombination, AWS Error Message: VPC security groups may not be used for a non-VPC launch

这是我正在执行的代码.

Here is the code I'm executing.

RunInstancesRequest instancereq = new RunInstancesRequest();

instancereq.setInstanceType("m3.medium");
instancereq.setImageId("ami-37b1b45e");
instancereq.setMinCount(1);
instancereq.setMaxCount(1);

ArrayList<String> secgroup = new ArrayList<String>();        
instancereq.setKeyName("testkey");          
secgroup.add("testdefault");          
instancereq.setSecurityGroups(secgroup);

instancereq.setPlacement(getAzPlacement());        
RunInstancesResult instanceresult = ec2.runInstances(instancereq);

我也尝试过使用实际的组ID (sg-########)，而不是使用名称"testdefault"，但是我会收到一条错误消息，指出安全组不存在(这是错误的).其中，基于API文档，如果使用非默认VPC，则应传递实际的groupid，但这样的错误会出现:

I've also tried, instead of using the name "testdefault", using the actual groupid (sg-########), but I'll get an error saying that security group doesn't exist (which is wrong, it does). Which, based on the API doc, if using a non-default VPC, you should pass the actual groupid but I'll get an error like this:

InvalidGroup.NotFound, AWS Error Message: The security group 'sg-########' does not exist

如果我将默认"用作setSecurityGroups，它将使用默认VPC.尽管它是准确的，但看起来好像不像我正在传递的groupid.

If I use "default" as the setSecurityGroups it will use the default VPC. It just doesn't seem like like the groupid I'm passing, despite it being accurate.

此外，如果我注释掉setSecurityGroups代码，并改用setSubnetId并传递子网ID，它将创建该实例很好，但是它将进入默认"安全组，而不是"testdefault"安全组就像我想要的.

Also, if I comment out the setSecurityGroups code, and use setSubnetId instead and pass the subnet id, it will create the instance just fine, but it goes into the "default" security group, not "testdefault" like I want.

我要做的就是创建一个实例，并使其使用已经存在的VPC组.

All I'm trying to accomplish is creating an instance and having it use the already existing VPC group.

推荐答案

我的答案将集中于以下陈述:

My Answer will focus on below statement:

我要做的就是创建一个实例，并使其使用已经存在的VPC组.

All I'm trying to accomplish is creating an instance and having it use the already existing VPC group.

因此，据我了解，您想在非默认VPC中启动实例，并为其分配现有的VPC安全组.

So, as I understand, you want to launch an instance in a non-default VPC and assign it an existing VPC security group to it.

我不是java人，但是我可以按照以下方式在ruby中做您想做的事情.

I am not a java guy, but I could do what you wanted in ruby as below.

require 'aws-sdk-core'
Aws.config = {
  :access_key_id => "my_access_key",
  :secret_access_key => "my_secret_key",
  :region => 'us-west-2'
}

ec2 = Aws::EC2.new

ec2.run_instances(
    min_count: 1,
    max_count: 1,
    image_id: 'ami-8635a9b6',
    instance_type: 't1.micro',
    placement: {
      availability_zone: 'us-west-2a'
    },
    network_interfaces: [
      {
        subnet_id: 'subnet-e881bd63',
        groups: ['sg-fd53bf5e'],
        device_index: 0,
        associate_public_ip_address: true
      }
    ],
    key_name: 'my-key'
).each do |resp|
  resp.instances.each do |x|
    puts x.instance_id
  end
end

尽管这是一个Ruby代码，但它非常简单，应该为您提供一些清晰的提示，说明如何在Java中进行操作，因为所有这些AWS开发工具包都在轮询相同的Web服务API.

Although this is a Ruby code, it is pretty straight forward and should give you some clear hints on how to go about doing it in Java as all these AWS SDKs are polling the same web service APIs.

我想，您应该在上面的代码中集中注意的事情是:

I guess, the things that you should be concentrating in above code is:

  :region => 'us-west-2'

和

placement: {
  availability_zone: 'us-west-2a'
},
network_interfaces: [
  {
    subnet_id: 'subnet-e881bd63',
    groups: ['sg-fd53bf5e'],
    device_index: 0,
    associate_public_ip_address: true
  }
],

1. 确保您明确指定区域.
2. 检查如何定义子网ID和安全组ID.此代码将在我的VPC的subnet-e881bd63中启动我的EC2实例，并将VPC安全组ID sg-fd53bf5e应用于其第0个网络接口.此外，它还将为我的实例分配一个公共IP地址. (默认情况下，在VPC中启动实例时，它不会分配公共IP地址).
3. 仅供参考.在VPC中启动实例时，必须提供安全组ID而不是安全组名称.

1. Make sure you explicitly specify the region.
2. Check how I have defined the subnet ID and security group ID. This code will launch my EC2 instance in subnet-e881bd63 of my VPC and will apply VPC security group ID sg-fd53bf5e to its 0th network interface. Besides, it will also assign a public IP address to my instance. (by default, it will not assign a public IP address when you launch instances in VPC).
3. FYI. When you launch instances in VPC, you must provide Security group ID instead of security group name.

这篇关于启动实例:VPC安全组不可用于非VPC启动的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！