New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

he parameter groupName cannot be used with the parameter subnet . again #350

Closed
adhorn opened this Issue Sep 22, 2011 · 26 comments

Comments

Projects
None yet
7 participants
@adhorn

adhorn commented Sep 22, 2011

Hi, using HEAD, and having checked Issue 526: VPC 2.0: The parameter groupName cannot be used with the parameter subnet.

I still get the same error:

conn = boto.connect_vpc(aws_access_key_id=
AWS_ACCESS_KEY_ID,aws_secret_access_key=AWS_SECRET_ACCESS_KEY)

res = conn.run_instances(AMI_ID,
... instance_type = 'm1.xlarge',
... key_name = 'AWSEC2key',
... min_count = 1, max_count = 1,
... security_groups=['lm'],
... user_data = None,
... subnet_id = 'subnet_f03c1f99',
... private_ip_address='10.0.0.189',
... security_group_ids=['sg-2c342940'],
... )

Traceback (most recent call last):
File "", line 9, in
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/ec2/connection.py", line 625, in run_instances
return self.get_object('RunInstances', params, Reservation, verb='POST')
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/connection.py", line 871, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request

InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet0a9bac66-e484-4d87-b4bf-62e845016c7e

@garnaat

This comment has been minimized.

Show comment
Hide comment
@garnaat

garnaat Sep 22, 2011

Member

You are still specifying a normal, EC2 security group in the request. I don't think you can do that. If you specify a subnet (i.e. VPC) you MUST use the security_group_ids parameter only and leave the security_groups argument None.

Member

garnaat commented Sep 22, 2011

You are still specifying a normal, EC2 security group in the request. I don't think you can do that. If you specify a subnet (i.e. VPC) you MUST use the security_group_ids parameter only and leave the security_groups argument None.

@adhorn

This comment has been minimized.

Show comment
Hide comment
@adhorn

adhorn Sep 22, 2011

hmm, i am still getting the same:

res = bot.run_instances(AMI_ID,
... instance_type = 'm1.xlarge',
... placement = 'us-east-1c',
... key_name = 'AWSEC2key',
... min_count = 1, max_count = 1,
... subnet_id = 'subnet-f03c1f99',
... private_ip_address='10.0.0.189',
... security_group_ids=['sg_2c342940']
... )
Traceback (most recent call last):
File "", line 8, in
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/ec2/connection.py", line 625, in run_instances
return self.get_object('RunInstances', params, Reservation, verb='POST')
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/connection.py", line 871, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request

InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet69c2d42a-f12e-4727-bebe-0581e67fc6fe

adhorn commented Sep 22, 2011

hmm, i am still getting the same:

res = bot.run_instances(AMI_ID,
... instance_type = 'm1.xlarge',
... placement = 'us-east-1c',
... key_name = 'AWSEC2key',
... min_count = 1, max_count = 1,
... subnet_id = 'subnet-f03c1f99',
... private_ip_address='10.0.0.189',
... security_group_ids=['sg_2c342940']
... )
Traceback (most recent call last):
File "", line 8, in
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/ec2/connection.py", line 625, in run_instances
return self.get_object('RunInstances', params, Reservation, verb='POST')
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/connection.py", line 871, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request

InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet69c2d42a-f12e-4727-bebe-0581e67fc6fe

@garnaat

This comment has been minimized.

Show comment
Hide comment
@garnaat

garnaat Sep 22, 2011

Member

Hmm. I'm stumped. Any chance you could run this with debug output enabled:

import boto
boto.set_stream_logger('foo')
conn = boto.connect_vpc(..., debug=2)

and then post or email the output? If you post it, I would remove the calculated Signature values, just in case.

Member

garnaat commented Sep 22, 2011

Hmm. I'm stumped. Any chance you could run this with debug output enabled:

import boto
boto.set_stream_logger('foo')
conn = boto.connect_vpc(..., debug=2)

and then post or email the output? If you post it, I would remove the calculated Signature values, just in case.

@adhorn

This comment has been minimized.

Show comment
Hide comment
@adhorn

adhorn Sep 22, 2011

Hi, thanks for helping. here is the output:

bot = boto.connect_vpc(aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, debug=2)
res = bot.run_instances(AMI_ID,
... instance_type = 'm1.xlarge',
... placement = 'us-east-1c',
... key_name = 'AWSEC2key',
... min_count = 1, max_count = 1,
... subnet_id = 'subnet-f03c1f99',
... private_ip_address='10.0.0.189',
... security_group_ids=['sg_2c342940']
... )
send: 'POST / HTTP/1.1\r\nHost: ec2.amazonaws.com\r\nAccept-Encoding: identity\r\nContent-Length: 417\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nUser-Agent: Boto/2.0 (darwin)\r\n\r\n'
send: 'AWSAccessKeyId=xxxxx&Action=RunInstances&ImageId=ami-97a263fe&InstanceType=m1.xlarge&KeyName=AWSEC2key&MaxCount=1&MinCount=1&Placement.AvailabilityZone=us-east-1c&PrivateIpAddress=10.0.0.189&SecurityGroupId.1=sg_2c342940&SignatureMethod=HmacSHA256&SignatureVersion=2&SubnetId=subnet-f03c1f99&Timestamp=2011-09-22T19%3A56%3A32Z&Version=2011-01-01&Signature=xxxxxx'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Transfer-Encoding: chunked
header: Date: Thu, 22 Sep 2011 19:56:32 GMT
header: Cneonction: close
header: Server: AmazonEC2
Traceback (most recent call last):
File "", line 8, in
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/ec2/connection.py", line 625, in run_instances
return self.get_object('RunInstances', params, Reservation, verb='POST')
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/connection.py", line 871, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request

InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet6b807633-43db-46f3-88e1-66e557d8d383

On Sep 22, 2011, at 9:49 PM, Mitch Garnaat wrote:

Hmm. I'm stumped. Any chance you could run this with debug output enabled:

import boto
boto.set_stream_logger('foo')
conn = boto.connect_vpc(..., debug=2)

and then post or email the output? If you post it, I would remove the calculated Signature values, just in case.

Reply to this email directly or view it on GitHub:
#350 (comment)

Adrian Hornsby
Director of Engineering at HDmessaging
adrian@hdmessaging.com

adhorn commented Sep 22, 2011

Hi, thanks for helping. here is the output:

bot = boto.connect_vpc(aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY, debug=2)
res = bot.run_instances(AMI_ID,
... instance_type = 'm1.xlarge',
... placement = 'us-east-1c',
... key_name = 'AWSEC2key',
... min_count = 1, max_count = 1,
... subnet_id = 'subnet-f03c1f99',
... private_ip_address='10.0.0.189',
... security_group_ids=['sg_2c342940']
... )
send: 'POST / HTTP/1.1\r\nHost: ec2.amazonaws.com\r\nAccept-Encoding: identity\r\nContent-Length: 417\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nUser-Agent: Boto/2.0 (darwin)\r\n\r\n'
send: 'AWSAccessKeyId=xxxxx&Action=RunInstances&ImageId=ami-97a263fe&InstanceType=m1.xlarge&KeyName=AWSEC2key&MaxCount=1&MinCount=1&Placement.AvailabilityZone=us-east-1c&PrivateIpAddress=10.0.0.189&SecurityGroupId.1=sg_2c342940&SignatureMethod=HmacSHA256&SignatureVersion=2&SubnetId=subnet-f03c1f99&Timestamp=2011-09-22T19%3A56%3A32Z&Version=2011-01-01&Signature=xxxxxx'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Transfer-Encoding: chunked
header: Date: Thu, 22 Sep 2011 19:56:32 GMT
header: Cneonction: close
header: Server: AmazonEC2
Traceback (most recent call last):
File "", line 8, in
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/ec2/connection.py", line 625, in run_instances
return self.get_object('RunInstances', params, Reservation, verb='POST')
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/connection.py", line 871, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request

InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet6b807633-43db-46f3-88e1-66e557d8d383

On Sep 22, 2011, at 9:49 PM, Mitch Garnaat wrote:

Hmm. I'm stumped. Any chance you could run this with debug output enabled:

import boto
boto.set_stream_logger('foo')
conn = boto.connect_vpc(..., debug=2)

and then post or email the output? If you post it, I would remove the calculated Signature values, just in case.

Reply to this email directly or view it on GitHub:
#350 (comment)

Adrian Hornsby
Director of Engineering at HDmessaging
adrian@hdmessaging.com

@adhorn

This comment has been minimized.

Show comment
Hide comment
@adhorn

adhorn Sep 22, 2011

oups, the complet debug:

2011-09-22 22:00:10,275 foo [DEBUG]:Method: POST
2011-09-22 22:00:10,275 foo [DEBUG]:Path: /
2011-09-22 22:00:10,275 foo [DEBUG]:Data:
2011-09-22 22:00:10,275 foo [DEBUG]:Headers: {}
2011-09-22 22:00:10,275 foo [DEBUG]:Host: ec2.amazonaws.com
2011-09-22 22:00:10,276 foo [DEBUG]:establishing HTTPS connection: host=ec2.amazonaws.com, kwargs={}
2011-09-22 22:00:10,276 foo [DEBUG]:using _calc_signature_2
2011-09-22 22:00:10,276 foo [DEBUG]:query string: AWSAccessKeyId=xxx&Action=RunInstances&ImageId=ami-97a263fe&InstanceType=m1.xlarge&KeyName=AWSEC2key&MaxCount=1&MinCount=1&Placement.AvailabilityZone=us-east-1c&PrivateIpAddress=10.0.0.189&SecurityGroupId.1=sg_2c342940&SignatureMethod=HmacSHA256&SignatureVersion=2&SubnetId=subnet-f03c1f99&Timestamp=2011-09-22T20%3A00%3A10Z&Version=2011-01-01
2011-09-22 22:00:10,276 foo [DEBUG]:string_to_sign: POST
ec2.amazonaws.com
/
AWSAccessKeyId=xxxx&Action=RunInstances&ImageId=ami-97a263fe&InstanceType=m1.xlarge&KeyName=AWSEC2key&MaxCount=1&MinCount=1&Placement.AvailabilityZone=us-east-1c&PrivateIpAddress=10.0.0.189&SecurityGroupId.1=sg_2c342940&SignatureMethod=HmacSHA256&SignatureVersion=2&SubnetId=subnet-f03c1f99&Timestamp=2011-09-22T20%3A00%3A10Z&Version=2011-01-01
2011-09-22 22:00:10,277 foo [DEBUG]:len(b64)=44
2011-09-22 22:00:10,277 foo [DEBUG]:base64 encoded digest: xxx=
2011-09-22 22:00:10,277 foo [DEBUG]:query_string: AWSAccessKeyId=xxx&Action=RunInstances&ImageId=ami-97a263fe&InstanceType=m1.xlarge&KeyName=AWSEC2key&MaxCount=1&MinCount=1&Placement.AvailabilityZone=us-east-1c&PrivateIpAddress=10.0.0.189&SecurityGroupId.1=sg_2c342940&SignatureMethod=HmacSHA256&SignatureVersion=2&SubnetId=subnet-f03c1f99&Timestamp=2011-09-22T20%3A00%3A10Z&Version=2011-01-01 Signature: xxx=
send: 'POST / HTTP/1.1\r\nHost: ec2.amazonaws.com\r\nAccept-Encoding: identity\r\nContent-Length: 417\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nUser-Agent: Boto/2.0 (darwin)\r\n\r\n'
send: 'AWSAccessKeyId=AKIAIHUG5ZPNC4Z5ZLJA&Action=RunInstances&ImageId=ami-97a263fe&InstanceType=m1.xlarge&KeyName=AWSEC2key&MaxCount=1&MinCount=1&Placement.AvailabilityZone=us-east-1c&PrivateIpAddress=10.0.0.189&SecurityGroupId.1=sg_2c342940&SignatureMethod=HmacSHA256&SignatureVersion=2&SubnetId=subnet-f03c1f99&Timestamp=2011-09-22T20%3A00%3A10Z&Version=2011-01-01&Signature=xxxxxx'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Transfer-Encoding: chunked
header: Date: Thu, 22 Sep 2011 20:00:10 GMT
header: Cneonction: close
header: Server: AmazonEC2
2011-09-22 22:00:11,181 foo [DEBUG]:
InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet6326a93d-2f56-430f-9126-9f46acc01876
2011-09-22 22:00:11,181 foo [ERROR]:400 Bad Request
2011-09-22 22:00:11,181 foo [ERROR]:
InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet6326a93d-2f56-430f-9126-9f46acc01876
Traceback (most recent call last):
File "", line 8, in
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/ec2/connection.py", line 625, in run_instances
return self.get_object('RunInstances', params, Reservation, verb='POST')
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/connection.py", line 871, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request

InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet6326a93d-2f56-430f-9126-9f46acc01876

On Sep 22, 2011, at 9:49 PM, Mitch Garnaat wrote:

Hmm. I'm stumped. Any chance you could run this with debug output enabled:

import boto
boto.set_stream_logger('foo')
conn = boto.connect_vpc(..., debug=2)

and then post or email the output? If you post it, I would remove the calculated Signature values, just in case.

Reply to this email directly or view it on GitHub:
#350 (comment)

Adrian Hornsby
Director of Engineering at HDmessaging
adrian@hdmessaging.com

adhorn commented Sep 22, 2011

oups, the complet debug:

2011-09-22 22:00:10,275 foo [DEBUG]:Method: POST
2011-09-22 22:00:10,275 foo [DEBUG]:Path: /
2011-09-22 22:00:10,275 foo [DEBUG]:Data:
2011-09-22 22:00:10,275 foo [DEBUG]:Headers: {}
2011-09-22 22:00:10,275 foo [DEBUG]:Host: ec2.amazonaws.com
2011-09-22 22:00:10,276 foo [DEBUG]:establishing HTTPS connection: host=ec2.amazonaws.com, kwargs={}
2011-09-22 22:00:10,276 foo [DEBUG]:using _calc_signature_2
2011-09-22 22:00:10,276 foo [DEBUG]:query string: AWSAccessKeyId=xxx&Action=RunInstances&ImageId=ami-97a263fe&InstanceType=m1.xlarge&KeyName=AWSEC2key&MaxCount=1&MinCount=1&Placement.AvailabilityZone=us-east-1c&PrivateIpAddress=10.0.0.189&SecurityGroupId.1=sg_2c342940&SignatureMethod=HmacSHA256&SignatureVersion=2&SubnetId=subnet-f03c1f99&Timestamp=2011-09-22T20%3A00%3A10Z&Version=2011-01-01
2011-09-22 22:00:10,276 foo [DEBUG]:string_to_sign: POST
ec2.amazonaws.com
/
AWSAccessKeyId=xxxx&Action=RunInstances&ImageId=ami-97a263fe&InstanceType=m1.xlarge&KeyName=AWSEC2key&MaxCount=1&MinCount=1&Placement.AvailabilityZone=us-east-1c&PrivateIpAddress=10.0.0.189&SecurityGroupId.1=sg_2c342940&SignatureMethod=HmacSHA256&SignatureVersion=2&SubnetId=subnet-f03c1f99&Timestamp=2011-09-22T20%3A00%3A10Z&Version=2011-01-01
2011-09-22 22:00:10,277 foo [DEBUG]:len(b64)=44
2011-09-22 22:00:10,277 foo [DEBUG]:base64 encoded digest: xxx=
2011-09-22 22:00:10,277 foo [DEBUG]:query_string: AWSAccessKeyId=xxx&Action=RunInstances&ImageId=ami-97a263fe&InstanceType=m1.xlarge&KeyName=AWSEC2key&MaxCount=1&MinCount=1&Placement.AvailabilityZone=us-east-1c&PrivateIpAddress=10.0.0.189&SecurityGroupId.1=sg_2c342940&SignatureMethod=HmacSHA256&SignatureVersion=2&SubnetId=subnet-f03c1f99&Timestamp=2011-09-22T20%3A00%3A10Z&Version=2011-01-01 Signature: xxx=
send: 'POST / HTTP/1.1\r\nHost: ec2.amazonaws.com\r\nAccept-Encoding: identity\r\nContent-Length: 417\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nUser-Agent: Boto/2.0 (darwin)\r\n\r\n'
send: 'AWSAccessKeyId=AKIAIHUG5ZPNC4Z5ZLJA&Action=RunInstances&ImageId=ami-97a263fe&InstanceType=m1.xlarge&KeyName=AWSEC2key&MaxCount=1&MinCount=1&Placement.AvailabilityZone=us-east-1c&PrivateIpAddress=10.0.0.189&SecurityGroupId.1=sg_2c342940&SignatureMethod=HmacSHA256&SignatureVersion=2&SubnetId=subnet-f03c1f99&Timestamp=2011-09-22T20%3A00%3A10Z&Version=2011-01-01&Signature=xxxxxx'
reply: 'HTTP/1.1 400 Bad Request\r\n'
header: Transfer-Encoding: chunked
header: Date: Thu, 22 Sep 2011 20:00:10 GMT
header: Cneonction: close
header: Server: AmazonEC2
2011-09-22 22:00:11,181 foo [DEBUG]:
InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet6326a93d-2f56-430f-9126-9f46acc01876
2011-09-22 22:00:11,181 foo [ERROR]:400 Bad Request
2011-09-22 22:00:11,181 foo [ERROR]:
InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet6326a93d-2f56-430f-9126-9f46acc01876
Traceback (most recent call last):
File "", line 8, in
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/ec2/connection.py", line 625, in run_instances
return self.get_object('RunInstances', params, Reservation, verb='POST')
File "/Library/Python/2.6/site-packages/boto-2.0-py2.6.egg/boto/connection.py", line 871, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request

InvalidParameterCombinationThe parameter groupName cannot be used with the parameter subnet6326a93d-2f56-430f-9126-9f46acc01876

On Sep 22, 2011, at 9:49 PM, Mitch Garnaat wrote:

Hmm. I'm stumped. Any chance you could run this with debug output enabled:

import boto
boto.set_stream_logger('foo')
conn = boto.connect_vpc(..., debug=2)

and then post or email the output? If you post it, I would remove the calculated Signature values, just in case.

Reply to this email directly or view it on GitHub:
#350 (comment)

Adrian Hornsby
Director of Engineering at HDmessaging
adrian@hdmessaging.com

@garnaat

This comment has been minimized.

Show comment
Hide comment
@garnaat

garnaat Sep 22, 2011

Member

Odd. It's complaining about a parameter groupName and yet that parameter doesn't appear in the parameter of the actual request. Just for kicks, could you try running it without specifying an availability zone?

Member

garnaat commented Sep 22, 2011

Odd. It's complaining about a parameter groupName and yet that parameter doesn't appear in the parameter of the actual request. Just for kicks, could you try running it without specifying an availability zone?

@adhorn

This comment has been minimized.

Show comment
Hide comment
@adhorn

adhorn Sep 22, 2011

same ... it is weird .. really looked all around and could not figure out.
Does boto use memcache ? .. or other caching mechanism ? i doubt but seems weird ..

thanks for helping out
adrian

On Sep 22, 2011, at 10:12 PM, Mitch Garnaat wrote:

Odd. It's complaining about a parameter groupName and yet that parameter doesn't appear in the parameter of the actual request. Just for kicks, could you try running it without specifying an availability zone?

Reply to this email directly or view it on GitHub:
#350 (comment)

adhorn commented Sep 22, 2011

same ... it is weird .. really looked all around and could not figure out.
Does boto use memcache ? .. or other caching mechanism ? i doubt but seems weird ..

thanks for helping out
adrian

On Sep 22, 2011, at 10:12 PM, Mitch Garnaat wrote:

Odd. It's complaining about a parameter groupName and yet that parameter doesn't appear in the parameter of the actual request. Just for kicks, could you try running it without specifying an availability zone?

Reply to this email directly or view it on GitHub:
#350 (comment)

@garnaat

This comment has been minimized.

Show comment
Hide comment
@garnaat

garnaat Sep 22, 2011

Member

I just posted over in the VPC forum. There is no caching in boto other than caching HTTP connections but that shouldn't have any effect.

Member

garnaat commented Sep 22, 2011

I just posted over in the VPC forum. There is no caching in boto other than caching HTTP connections but that shouldn't have any effect.

@garnaat

This comment has been minimized.

Show comment
Hide comment
@garnaat

garnaat Sep 23, 2011

Member

One other thing to try if you have time. Explicitly set the API version to the latest EC2 version and retry, like this:

import boto
conn = boto.connect_ec2(..., api_version='2011-07-15')

Again, it's unlikely to help. I'm grasping at straws, really.

Member

garnaat commented Sep 23, 2011

One other thing to try if you have time. Explicitly set the API version to the latest EC2 version and retry, like this:

import boto
conn = boto.connect_ec2(..., api_version='2011-07-15')

Again, it's unlikely to help. I'm grasping at straws, really.

@adhorn

This comment has been minimized.

Show comment
Hide comment
@adhorn

adhorn Sep 29, 2011

hmm still not. Found a workaround .. start AMI and stop them .. so can use start instance rather than run .. now works. thanks

adhorn commented Sep 29, 2011

hmm still not. Found a workaround .. start AMI and stop them .. so can use start instance rather than run .. now works. thanks

@garnaat

This comment has been minimized.

Show comment
Hide comment
@garnaat

garnaat Sep 29, 2011

Member

I'm still waiting for an answer from my question on AWS forums. My gut feeling is that this is a boto problem but I can't figure out what it is.

Not sure I understand the workaround. How do you initially launch the instance? How do you specify the security group id?

Member

garnaat commented Sep 29, 2011

I'm still waiting for an answer from my question on AWS forums. My gut feeling is that this is a boto problem but I can't figure out what it is.

Not sure I understand the workaround. How do you initially launch the instance? How do you specify the security group id?

@garnaat

This comment has been minimized.

Show comment
Hide comment
@garnaat
Member

garnaat commented Sep 29, 2011

@garnaat

This comment has been minimized.

Show comment
Hide comment
@garnaat

garnaat Sep 30, 2011

Member

As detailed in the AWS forum thread, the actual problem here is that you specified the security group ID as sg_2c342940 rather than sg-2c342940. I think the response from AWS is in the running for the "Worst Error Message Ever" but there's nothing I can do about that. I'm gong to close this one.

Member

garnaat commented Sep 30, 2011

As detailed in the AWS forum thread, the actual problem here is that you specified the security group ID as sg_2c342940 rather than sg-2c342940. I think the response from AWS is in the running for the "Worst Error Message Ever" but there's nothing I can do about that. I'm gong to close this one.

@garnaat garnaat closed this Sep 30, 2011

@sampointer

This comment has been minimized.

Show comment
Hide comment
@sampointer

sampointer Oct 21, 2013

I'm unsure why this was closed given that it isn't yet resolved.

There is a patch floating around that purports to fix this. However, those changes don't seem to have made into boto as of 2.15.0, under which I've observed this problem continue to occur.

This issue, combined with the fact that the current Amazon unified python tool set depends on an older boto version makes the most current version of the CLI tools impossible to use with VPC 2.0 and CloudFormation in non-trivial setups.

I realize Amazon's toolchain that isn't a necessarily a concern here. However, even if one manually applies the patch, given that the calling code isn't "mine" one is then forced to think about manually patching the Amazon toolchain, at which point it all gets a bit untenable to maintain for a team.

sampointer commented Oct 21, 2013

I'm unsure why this was closed given that it isn't yet resolved.

There is a patch floating around that purports to fix this. However, those changes don't seem to have made into boto as of 2.15.0, under which I've observed this problem continue to occur.

This issue, combined with the fact that the current Amazon unified python tool set depends on an older boto version makes the most current version of the CLI tools impossible to use with VPC 2.0 and CloudFormation in non-trivial setups.

I realize Amazon's toolchain that isn't a necessarily a concern here. However, even if one manually applies the patch, given that the calling code isn't "mine" one is then forced to think about manually patching the Amazon toolchain, at which point it all gets a bit untenable to maintain for a team.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Oct 25, 2013

I ran into this very same error. I'm not sure I am doing the same thing as garnaat. I created an autoscaling group using boto and specified availability zones and subnet ids. When I try to set the desired capacity to 1 for that autoscaling group (using the aws-cli), the capacity is set fine, but the starting of the instance fails and I see the same error message about how the "groupName cannot be used with the parameter subnet". Not sure if this is on the aws-cli side or on the boto side but I would be more than willing to help figure this out.

ghost commented Oct 25, 2013

I ran into this very same error. I'm not sure I am doing the same thing as garnaat. I created an autoscaling group using boto and specified availability zones and subnet ids. When I try to set the desired capacity to 1 for that autoscaling group (using the aws-cli), the capacity is set fine, but the starting of the instance fails and I see the same error message about how the "groupName cannot be used with the parameter subnet". Not sure if this is on the aws-cli side or on the boto side but I would be more than willing to help figure this out.

@dgolja

This comment has been minimized.

Show comment
Hide comment
@dgolja

dgolja Oct 30, 2013

Yeah I have still the same issue, however using AWS CLI which rely on boto (didn't know that). I am trying to run-instances in a VPC network and I get "A client error (InvalidParameterCombination) occurred: The parameter groupName cannot be used with the parameter subnet".

I get the error when trying to run:

aws ec2 run-instances --image-id ami-8e987ef9 --count 1 --instance-type 't1.micro' --key-name 'KEY_NAME'
--security-groups 'SECURITY-GROUP' --subnet-id 'subnet-ID'
--instance-initiated-shutdown-behavior 'stop'
--block-device-mappings '[{"DeviceName":"/dev/sdc","Ebs":{"VolumeSize":20,"DeleteOnTermination":false,"VolumeType":"standard"}}]'

However as soon I remove the --security-groups parameter the command run fine. For now I will use the default VPC security group, however there is definitely something wrong.

dgolja commented Oct 30, 2013

Yeah I have still the same issue, however using AWS CLI which rely on boto (didn't know that). I am trying to run-instances in a VPC network and I get "A client error (InvalidParameterCombination) occurred: The parameter groupName cannot be used with the parameter subnet".

I get the error when trying to run:

aws ec2 run-instances --image-id ami-8e987ef9 --count 1 --instance-type 't1.micro' --key-name 'KEY_NAME'
--security-groups 'SECURITY-GROUP' --subnet-id 'subnet-ID'
--instance-initiated-shutdown-behavior 'stop'
--block-device-mappings '[{"DeviceName":"/dev/sdc","Ebs":{"VolumeSize":20,"DeleteOnTermination":false,"VolumeType":"standard"}}]'

However as soon I remove the --security-groups parameter the command run fine. For now I will use the default VPC security group, however there is definitely something wrong.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Oct 30, 2013

So I finally figured it out! If you are trying to start instances in a VPC with autoscaling groups and you want to specify a security group, you MUST pass it the security group ID, NOT the security group name. Also very important is that security groups for EC2 are different from VPC security groups. I created an issue and a pull request revising the Boto documentation, check it out here for a little more detail and some additional links: #1823 . I don't know if this will fix your problem, but it sounds like it might!

ghost commented Oct 30, 2013

So I finally figured it out! If you are trying to start instances in a VPC with autoscaling groups and you want to specify a security group, you MUST pass it the security group ID, NOT the security group name. Also very important is that security groups for EC2 are different from VPC security groups. I created an issue and a pull request revising the Boto documentation, check it out here for a little more detail and some additional links: #1823 . I don't know if this will fix your problem, but it sounds like it might!

@dgolja

This comment has been minimized.

Show comment
Hide comment
@dgolja

dgolja Oct 30, 2013

Hmmm dunno if that is the case. Example I did try to run the same command with --security-groups sg-b14149d3 and I still get the same error. Input/Output bellow:

aws ec2 run-instances --image-id ami-8e987ef9 --count 1 --instance-type 't1.micro' --key-name 'KEY_NAME'
--security-groups sg-b14149d3 --subnet-id 'subnet-ID'
--instance-initiated-shutdown-behavior 'stop'

A client error (InvalidParameterCombination) occurred: The parameter groupName cannot be used with the parameter subnet

However without --security-groups works fine. The security groups ID is associated with the same VPC as the --subnet-id.

dgolja commented Oct 30, 2013

Hmmm dunno if that is the case. Example I did try to run the same command with --security-groups sg-b14149d3 and I still get the same error. Input/Output bellow:

aws ec2 run-instances --image-id ami-8e987ef9 --count 1 --instance-type 't1.micro' --key-name 'KEY_NAME'
--security-groups sg-b14149d3 --subnet-id 'subnet-ID'
--instance-initiated-shutdown-behavior 'stop'

A client error (InvalidParameterCombination) occurred: The parameter groupName cannot be used with the parameter subnet

However without --security-groups works fine. The security groups ID is associated with the same VPC as the --subnet-id.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Oct 30, 2013

If I am not mistaken, I don't think that subnet-id's apply to EC2 instances, I believe they are only used if you are launching scanners in to a VPC. With EC2, I believe you specify availability zones that you want scanners to start up in, not subnets. Try replacing the subnet id with a corresponding availability zone and change the security groups parameter to the NAME and not the ID. Let me know what happens.

ghost commented Oct 30, 2013

If I am not mistaken, I don't think that subnet-id's apply to EC2 instances, I believe they are only used if you are launching scanners in to a VPC. With EC2, I believe you specify availability zones that you want scanners to start up in, not subnets. Try replacing the subnet id with a corresponding availability zone and change the security groups parameter to the NAME and not the ID. Let me know what happens.

@dgolja

This comment has been minimized.

Show comment
Hide comment
@dgolja

dgolja Oct 30, 2013

Hmmm I am not sure about that. From the documentation: --subnet-id "Specifies the subnet ID within which to launch the instance(s) for Amazon Virtual Private Cloud".

So i have to use this parameter and pass my valid VPC subnet ID if not EC2 is spawned in the public network, which I don't want.

dgolja commented Oct 30, 2013

Hmmm I am not sure about that. From the documentation: --subnet-id "Specifies the subnet ID within which to launch the instance(s) for Amazon Virtual Private Cloud".

So i have to use this parameter and pass my valid VPC subnet ID if not EC2 is spawned in the public network, which I don't want.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Oct 30, 2013

Ah, I see .. my bad. I think I may know what your problem is. Try using the '--security-group-ids' parameter instead of '--security-groups' like so:

aws ec2 run-instances --image-id ami-8e987ef9 --count 1 --instance-type 't1.micro' --key-name 'KEY_NAME'
--security-group-ids sg-b14149d3 --subnet-id 'subnet-ID'
--instance-initiated-shutdown-behavior 'stop'

I got this info from here: http://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html

ghost commented Oct 30, 2013

Ah, I see .. my bad. I think I may know what your problem is. Try using the '--security-group-ids' parameter instead of '--security-groups' like so:

aws ec2 run-instances --image-id ami-8e987ef9 --count 1 --instance-type 't1.micro' --key-name 'KEY_NAME'
--security-group-ids sg-b14149d3 --subnet-id 'subnet-ID'
--instance-initiated-shutdown-behavior 'stop'

I got this info from here: http://docs.aws.amazon.com/cli/latest/reference/ec2/run-instances.html

@dgolja

This comment has been minimized.

Show comment
Hide comment
@dgolja

dgolja Oct 30, 2013

I did upgrade to AWS 1.2.2, which also upgraded boto (my previous version was 1.2.0) and as you suggested changed to '--security-group-ids' and that solved the issue.

Nevertheless I opened a ticket with AWS to improve the documentation a bit.

Anyway thank you for all the help.

dgolja commented Oct 30, 2013

I did upgrade to AWS 1.2.2, which also upgraded boto (my previous version was 1.2.0) and as you suggested changed to '--security-group-ids' and that solved the issue.

Nevertheless I opened a ticket with AWS to improve the documentation a bit.

Anyway thank you for all the help.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Oct 30, 2013

Great! Glad I could help.

ghost commented Oct 30, 2013

Great! Glad I could help.

@jmccaffrey42

This comment has been minimized.

Show comment
Hide comment
@jmccaffrey42

jmccaffrey42 Apr 2, 2014

Using 1.3.4, getting this error when passing multiple security groups to --security-group-ids

It seems as though its not parsing that correctly, it works when only one is passed.

jmccaffrey42 commented Apr 2, 2014

Using 1.3.4, getting this error when passing multiple security groups to --security-group-ids

It seems as though its not parsing that correctly, it works when only one is passed.

asfgit pushed a commit to apache/spark that referenced this issue Dec 16, 2014

[SPARK-3405] add subnet-id and vpc-id options to spark_ec2.py
Based on this gist:
https://gist.github.com/amar-analytx/0b62543621e1f246c0a2

We use security group ids instead of security group to get around this issue:
boto/boto#350

Author: Mike Jennings <mvj101@gmail.com>
Author: Mike Jennings <mvj@google.com>

Closes #2872 from mvj101/SPARK-3405 and squashes the following commits:

be9cb43 [Mike Jennings] `pep8 spark_ec2.py` runs cleanly.
4dc6756 [Mike Jennings] Remove duplicate comment
731d94c [Mike Jennings] Update for code review.
ad90a36 [Mike Jennings] Merge branch 'master' of https://github.com/apache/spark into SPARK-3405
1ebffa1 [Mike Jennings] Merge branch 'master' into SPARK-3405
52aaeec [Mike Jennings] [SPARK-3405] add subnet-id and vpc-id options to spark_ec2.py

dgshep pushed a commit to dgshep/spark that referenced this issue Jan 27, 2015

[SPARK-3405] add subnet-id and vpc-id options to spark_ec2.py
Based on this gist:
https://gist.github.com/amar-analytx/0b62543621e1f246c0a2

We use security group ids instead of security group to get around this issue:
boto/boto#350

Author: Mike Jennings <mvj101@gmail.com>
Author: Mike Jennings <mvj@google.com>

Closes #2872 from mvj101/SPARK-3405 and squashes the following commits:

be9cb43 [Mike Jennings] `pep8 spark_ec2.py` runs cleanly.
4dc6756 [Mike Jennings] Remove duplicate comment
731d94c [Mike Jennings] Update for code review.
ad90a36 [Mike Jennings] Merge branch 'master' of https://github.com/apache/spark into SPARK-3405
1ebffa1 [Mike Jennings] Merge branch 'master' into SPARK-3405
52aaeec [Mike Jennings] [SPARK-3405] add subnet-id and vpc-id options to spark_ec2.py

lauraglasu pushed a commit to lauraglasu/aws-provisioning that referenced this issue Mar 13, 2015

lauraglasu
Separating security group to be able to launch instance in the privat…
…e subnet, otherwise it gets launched in the default VPC. boto issue: boto/boto#350

preaudc pushed a commit to preaudc/spark that referenced this issue Apr 17, 2015

[SPARK-3405] add subnet-id and vpc-id options to spark_ec2.py
Based on this gist:
https://gist.github.com/amar-analytx/0b62543621e1f246c0a2

We use security group ids instead of security group to get around this issue:
boto/boto#350

Author: Mike Jennings <mvj101@gmail.com>
Author: Mike Jennings <mvj@google.com>

Closes #2872 from mvj101/SPARK-3405 and squashes the following commits:

be9cb43 [Mike Jennings] `pep8 spark_ec2.py` runs cleanly.
4dc6756 [Mike Jennings] Remove duplicate comment
731d94c [Mike Jennings] Update for code review.
ad90a36 [Mike Jennings] Merge branch 'master' of https://github.com/apache/spark into SPARK-3405
1ebffa1 [Mike Jennings] Merge branch 'master' into SPARK-3405
52aaeec [Mike Jennings] [SPARK-3405] add subnet-id and vpc-id options to spark_ec2.py
@MatthewRalston

This comment has been minimized.

Show comment
Hide comment
@MatthewRalston

MatthewRalston Oct 26, 2015

yeah Ghost's solution of changing subnet name to subnet id. I also don't understand why this is closed..

MatthewRalston commented Oct 26, 2015

yeah Ghost's solution of changing subnet name to subnet id. I also don't understand why this is closed..

@johnhunsley

This comment has been minimized.

Show comment
Hide comment
@johnhunsley

johnhunsley Feb 2, 2016

I believe you have created a Security Group without specifying a VPC ID. You have then attempted to create a launch config which launches instances into a subnet within a VPC. Therefore, when it attempts to assign the security group to those instances it fails because it expects the security group ID rather than the name.

From the CloudFormation LaunchConfig spec' -

"A list that contains the EC2 security groups to assign to the Amazon EC2 instances in the Auto Scaling group. The list can contain the name of existing EC2 security groups or references to AWS::EC2::SecurityGroup resources created in the template. If your instances are launched within VPC, specify Amazon VPC security group IDs."

johnhunsley commented Feb 2, 2016

I believe you have created a Security Group without specifying a VPC ID. You have then attempted to create a launch config which launches instances into a subnet within a VPC. Therefore, when it attempts to assign the security group to those instances it fails because it expects the security group ID rather than the name.

From the CloudFormation LaunchConfig spec' -

"A list that contains the EC2 security groups to assign to the Amazon EC2 instances in the Auto Scaling group. The list can contain the name of existing EC2 security groups or references to AWS::EC2::SecurityGroup resources created in the template. If your instances are launched within VPC, specify Amazon VPC security group IDs."

chapmanb added a commit to chapmanb/toil that referenced this issue Feb 14, 2017

AWS autoscaling: arbitrary VPCs and CWL
- Allow specifying a VPC subnet when launching a cluster. The previous
  code assumed use of a default VPC which is not true for all AWS
  accounts.
- VPC subnet passed to all node creation scripts so everything occurs
  in same configured VPC.
- Using specific VPCs in boto requires sending security groups by ID
  instead of name (boto/boto#350).
- Retrieve cluster name from instance tags instead of security groups
  (fixes #1508)
- Place spot instances in current VPC availability zone.
- Handle spot instances where we can't find pricing history for
  an instance type.
- Use public_dns_name instead of ip_address for ssh. This allows
  tweaking AWS ssh options in `~/.ssh/config` via `Host *.amazonaws.com`
- Update cwltool to latest stable tested version, fixing issue
  with schema-salad in current Toil Docker images.

chapmanb added a commit to chapmanb/toil that referenced this issue Feb 14, 2017

AWS autoscaling: arbitrary VPCs and CWL
- Allow specifying a VPC subnet when launching a cluster. The previous
  code assumed use of a default VPC which is not true for all AWS
  accounts.
- VPC subnet passed to all node creation scripts so everything occurs
  in same configured VPC.
- Using specific VPCs in boto requires sending security groups by ID
  instead of name (boto/boto#350).
- Retrieve cluster name from instance tags instead of security groups
  (fixes #1508)
- Place spot instances in current VPC availability zone.
- Handle spot instances where we can't find pricing history for
  an instance type.
- Use public_dns_name instead of ip_address for ssh. This allows
  tweaking AWS ssh options in `~/.ssh/config` via `Host *.amazonaws.com`

chapmanb added a commit to chapmanb/toil that referenced this issue Feb 14, 2017

AWS autoscaling: allow arbitrary VPCs
- Allow specifying a VPC subnet when launching a cluster. The previous
  code assumed use of a default VPC which is not true for all AWS
  accounts.
- VPC subnet passed to all node creation scripts so everything occurs
  in same configured VPC.
- Using specific VPCs in boto requires sending security groups by ID
  instead of name (boto/boto#350).
- Retrieve cluster name from instance tags instead of security groups
  (fixes #1508)
- Place spot instances in current VPC availability zone.
- Handle spot instances where we can't find pricing history for
  an instance type.
- Use public_dns_name instead of ip_address for ssh. This allows
  tweaking AWS ssh options in `~/.ssh/config` via `Host *.amazonaws.com`

chapmanb added a commit to chapmanb/toil that referenced this issue Feb 15, 2017

AWS autoscaling: allow arbitrary VPCs
- Allow specifying a VPC subnet when launching a cluster. The previous
  code assumed use of a default VPC which is not true for all AWS
  accounts.
- VPC subnet passed to all node creation scripts so everything occurs
  in same configured VPC.
- Using specific VPCs in boto requires sending security groups by ID
  instead of name (boto/boto#350).
- Retrieve cluster name from instance tags instead of security groups
  (fixes #1508)
- Place spot instances in current VPC availability zone.
- Handle spot instances where we can't find pricing history for
  an instance type.
- Use public_dns_name instead of ip_address for ssh. This allows
  tweaking AWS ssh options in `~/.ssh/config` via `Host *.amazonaws.com`

chapmanb added a commit to chapmanb/toil that referenced this issue Feb 16, 2017

AWS autoscaling: allow arbitrary VPCs
- Allow specifying a VPC subnet when launching a cluster. The previous
  code assumed use of a default VPC which is not true for all AWS
  accounts.
- VPC subnet passed to all node creation scripts so everything occurs
  in same configured VPC.
- Using specific VPCs in boto requires sending security groups by ID
  instead of name (boto/boto#350).
- Retrieve cluster name from instance tags instead of security groups
  (fixes #1508)
- Place spot instances in current VPC availability zone.
- Handle spot instances where we can't find pricing history for
  an instance type.
- Use public_dns_name instead of ip_address for ssh. This allows
  tweaking AWS ssh options in `~/.ssh/config` via `Host *.amazonaws.com`

chapmanb added a commit to chapmanb/toil that referenced this issue Feb 16, 2017

AWS autoscaling: allow arbitrary VPCs
- Allow specifying a VPC subnet when launching a cluster. The previous
  code assumed use of a default VPC which is not true for all AWS
  accounts.
- VPC subnet passed to all node creation scripts so everything occurs
  in same configured VPC.
- Using specific VPCs in boto requires sending security groups by ID
  instead of name (boto/boto#350).
- Retrieve cluster name from instance tags instead of security groups
  (fixes #1508)
- Place spot instances in current VPC availability zone.
- Handle spot instances where we can't find pricing history for
  an instance type.
- Use public_dns_name instead of ip_address for ssh. This allows
  tweaking AWS ssh options in `~/.ssh/config` via `Host *.amazonaws.com`

adderan added a commit to adderan/toil that referenced this issue Mar 30, 2017

AWS autoscaling: allow arbitrary VPCs
- Allow specifying a VPC subnet when launching a cluster. The previous
  code assumed use of a default VPC which is not true for all AWS
  accounts.
- VPC subnet passed to all node creation scripts so everything occurs
  in same configured VPC.
- Using specific VPCs in boto requires sending security groups by ID
  instead of name (boto/boto#350).
- Retrieve cluster name from instance tags instead of security groups
  (fixes #1508)
- Place spot instances in current VPC availability zone.
- Handle spot instances where we can't find pricing history for
  an instance type.
- Use public_dns_name instead of ip_address for ssh. This allows
  tweaking AWS ssh options in `~/.ssh/config` via `Host *.amazonaws.com`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment