Univention Bugzilla – Bug 34778
ec2-tools uses security_groups to take both, groups names and groups IDs
Last modified: 2020-09-24 08:52:00 CEST
I am performing some tests with ucs-ec2-tools (0.1.13-1.22.201310310927). When creating a public instance, the script takes the name of the security group as parameter: ---/usr/lib/pymodules/python2.7/univention/ec2/lib.py: security_groups=[self.aws_cfg['ec2_security_group']], --- and when using a private subnet, it expects the same parameter to contain a group ID: ---/usr/lib/pymodules/python2.7/univention/ec2/lib.py security_group_ids=[self.aws_cfg['ec2_security_group']], --- * It seems preferable to use security_group_ids always when calling boto.ec2.connection (the only option that you can use when a subnet is specified). ---ERROR:boto:400 Bad Request ERROR:boto:<?xml version="1.0" encoding="UTF-8"?> <Response><Errors><Error><Code>InvalidParameterCombination</Code><Message>The parameter groupName cannot be used with the parameter subnet</Message></Error></Errors><RequestID>6ad9a24c-77fa-424b-8499-05ee6c78340b</RequestID></Response> ---
This was deliberately by design and is still so even after the migration to Boto3 with Bug #50443: > if self.aws_cfg.get('ec2_subnet_id'): > param['SubnetId'] = self.aws_cfg['ec2_subnet_id'] > param['SecurityGroupIds'] = [self.aws_cfg['ec2_security_group']] > else: > param['SecurityGroups'] = [self.aws_cfg['ec2_security_group']] This might be confusing, but works-for-us as we mostly run our VMs inside a VPN subnet. Using it for public VMs is not the norm.