Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to use --associate-public-ip-address #1019

lutnos opened this issue Nov 21, 2014 · 4 comments

Unable to use --associate-public-ip-address #1019

lutnos opened this issue Nov 21, 2014 · 4 comments


Copy link

@lutnos lutnos commented Nov 21, 2014

I am unable to run an instance within a VPC, with a security group and associate a public IP address in awe cli version 1.5.1 .

When I run:

aws ec2 run-instances --image-id ami-4e75c339 --count 1 --instance-type t2.micro --key-name WTI --security-groups sg-ba71f1df --subnet-id vpc-53677f31 --associate-public-ip-address

I see:

A client error (InvalidParameterCombination) occurred when calling the RunInstances operation: Network interfaces and an instance-level security groups may not be specified on the same request

This look very much like a regression of #479, #502 & #516

I have the same problem on version 1.5.1 and the current version 1.6.3

(As a workaround I have to instead do a run-instances without the --associate-public-ip-address, then do an allocate-address with --domain vpc and then an associate-address .)

Copy link

@jamesls jamesls commented Nov 25, 2014

I believe what's going on here is that we need to update our logic for --asociate-public-ip-address. As in #502, when a user specifies certain parameters along with --asociate-public-ip-address, we need to move parameters such as the --subnet-id over to the --network-interfaces option. It looks like there's a few other cases where we need to apply this same logic. In this specific issue it's the security-groups option. Another workaround is to just use the --network-interfaces argument directly until this logic has been implemented in the AWS CLI.

Copy link

@lutnos lutnos commented Nov 25, 2014

Thanks Jmaes, I would use the --network-interfaces option, but documentation of it is sparce, can you recommend a good source?

When I tried with --network-interface I could not get it to accept a true or false for "Associate an EIP", also it looked as though if I used it I would have to specify an internal IP address explicitly - which would mean calculating a free one.


Copy link

@ewanleith ewanleith commented Jan 27, 2015

This command works for me:

aws ec2 run-instances --image-id ami-f0b11187 --key-name your-ssh-key-name --instance-type t2.micro --network-interfaces '[ { "DeviceIndex": 0, "Groups": ["sg-123456"], "SubnetId": "subnet-123456", "DeleteOnTermination": true, "AssociatePublicIpAddress": true } ]'

you'll obviously need to change the sg- value and the subnet- value to your own, and that particular AMI is Ubuntu in eu-west-1

Copy link

@kyleknap kyleknap commented Mar 24, 2016

I did some work with fixing some issues related to this customization in this PR: #1874. The problem is that you are using the --security-groups parameter instead of --security-group-ids parameter which gets mapped properly. So run something like this:

$ aws ec2 run-instances --image-id ami-4e75c339 --count 1 --instance-type t2.micro --key-name WTI --security-group-ids sg-ba71f1df --subnet-id vpc-53677f31 --associate-public-ip-address

Unfortunately we can never map --security-groups to the network interfaces because it only supports security group ids. I do not think it is possible to implement this and thus, closing.

@kyleknap kyleknap closed this Mar 24, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.