aws ec2 revoke-security-group-egress is giving errors - amazon-ec2

aws ec2 revoke-security-group-egress --group-id sg-xxxxxxx --protocol
tcp --port 443 --cidr 175.41.128.0/18
Error:
A client error (InvalidPermission.NotFound) occurred when calling the
RevokeSecurityGroupEgress operation: The specified rule does not exist
in this security group.
I have tried with --ip-permissions
aws ec2 revoke-security-group-egress --group-id sg-wwwwwwww
--ip-permissions '[{"IpProtocol": "tcp", "FromPort": 443, "ToPort": 443, "IpRanges": [{"CidrIp": "175.41.128.0/18"}]}]'
Error:
A client error (InvalidPermission.NotFound) occurred when calling the
RevokeSecurityGroupEgress operation: The specified rule does not exist
in this security group.

Suppose you set AWS access key properly. when run aws cli command, always remember to add region, if not on default region.
--region eu-central-1
If you can set boto, and run below commands, what did you get?
import boto.ec2
conn = boto.ec2.connect_to_region('<REPLACE_IT>')
conn.get_all_security_groups()

The response means that the rule you're trying to remove is not present within the security group. Maybe it was already removed. I see you pasted the full error message in the comment above:
The specified rule does not exist in this security group.
So try adding the rule, run the command to remove it, and see if you still get the same error.
Amazon's response error code is definitely confusing in this case, since it contains both "InvalidPermission" (which makes you think you're doing something wrong) and "NotFound". In this case, the "NotFound" is the important part.

Related

import plugin throw error 400 saying InvalidParameterValue: The specified KMS key is not accessible

2 days back everything was working. but now it started giving this error. i am able to reproduce same error in dev environment. for testing i created a s3 without encryption and new kms key. but i am getting same error there.
aws ec2 import-image --description "123" --encrypted --kms-key-id arn:aws:kms:us-east-1:123456789:key/abc-efg-hij-klm-nop-xyz --disk-containers Format=ova,UserBucket="{S3Bucket=,S3Key=}"
An error occurred (InvalidParameterValue) when calling the ImportImage operation: The specified KMS key is not accessible. If this is a default EBS CMK, please retry your request without specifying the key explicitly
any help?

unable to access aws instance through ssh

Whenever I try to access AWS instance by using ssh I the following error:
Connection blocked because server only allows public key authentication. Please contact your network administrator.
Connection to ec2-54-214-97-39.us-west-2.compute.amazonaws.com closed by remote
host.
Connection to ec2-54-214-97-39.us-west-2.compute.amazonaws.com
closed.
I am accessing by ssh enabled command prompt:
chmod 400 virtue.pem
ssh -i "file.pem" ubuntu#ec2-publicIp.us-west-2.compute.amazonaws.com
I am unable to access aws instance vitual machine .
The error is like the one mentioned here:
https://laracasts.com/discuss/channels/servers/ssh-key-no-longer-working
You need confirm that file.pem is the correct key to access to the instances, and use chmod 400 to give permissions to the .pem in your computer. you can view the logs in the AWS console to verify if there is any message about ssh access.
You can launch other instance with other .pem or detach root volume and attach to other instance to validate the config files
This may be a problem caused by (man-in-the-middle attack).
Change your network to a private one and retry!

An error occurred (InvalidParameterValue) when calling the RunInstances operation: Value () for parameter groupId is invalid. The value cannot be empt

I'm getting error when creating ec2 instance from my ami:
aws ec2 run-instances --image-id ami-3e21ed44 --count 1 --instance-type t2.medium --key-name sssoft --security-groups launch-wizard-4
Isn't this example same as in here?
It is giving this error:
An error occurred (InvalidParameterValue) when calling the RunInstances operation: Value () for parameter groupId is invalid. The value cannot be empty
What is wrong?
The error means the security group launch-wizard-4 does not exist in your account.
If that security group does exist in your account, check the AWS CLI profile you're using. It uses default by default. But if you need to use a different profile, just add --profile my-profile-name to the command.
For more information on profiles: AWS CLI Named Profiles
Silly mistake. In the command line the default zone was different from that of the AMI

Why am I getting a connectionTimeout error while trying to update my chef node?

I keep getting this error on the Chef tutorial while trying to update my node. Its very strange because I was able to bootstrap in and ssh in using the same credentials. I have also confirmed that my security for inbound ports for 80, 20 and 443 were open. For the life of me I can't understand why it's holding up here. I am using MacOSX and terminal with an AWS virtual.
WARNING: Failed to connect to 172.31.46.107 -- Net::SSH::ConnectionTimeout: Net::SSH::ConnectionTimeout
knife ssh 'name:node1-centos' 'sudo chef-client' --ssh-user centos --identity-file /Users/gavindevops/.ssh/GavinChefKeyPair.pem --attribute ipaddress
SSH uses port 22. Was that a typo in the question or in the security group?
Okay so turns out even if you're using key based authentication, scroll down to the user name and password instructions part of the tutorial because it tells you to use "cloud.public_hostname" in place of "ipaddress" if you are using a service like AWS.

Error when I try to create a new account with "deis register" command

I've a fresh install of Deis on AWS but I get this error when I try to register an user:
http://deis.XXXX.com does not appear to be a valid Deis controller.
Also, when I try to make a curl to the ELB or any node it return a timeout, but I think that it's a normal behaviour due to the security group configutarion.
It could be a proxy configuration error? Because when I installed Deis I got this error:
Enabling proxy protocol failed, please enable proxy protocol manually after finishing your deis cluster installation.
And I enabled it manually with:
deisctl config router set proxyProtocol=1
Thanks!
Once you have enabled proxyProtocol on the router you should be able to run deisctl install platform without issues.
Is that not the case?
I had this issue when I hadn't registered my deis cluster domain with global dns - i.e., I had only added it to a Route 53 hosted zone that wasn't actually public.
I fixed it by adding an A ALIAS record in Route 53 pointing a wildcard sub-domain under my existing domain to the deiswebelb host.
Name:
*.apps.example.com
Type: A
Value: ALIAS dualstack.deis-deiswebelb-1abcdefghijkl-1234567890.us-east-1.elb.amazonaws.com

Resources