serverless: EC2 Error Code: InvalidGroup.NotFound. The security group does not exist.

This is a Bug Report

Description

  • What went wrong?

serverless deploy failed with an error, for a project using a pre-existing VPC

  • What did you expect should have happened?

serverless deploy should have completed without error

  • What was the config you used?

My serverless.yml defines provider.vpc.securityGroupIds to a single security group, and provider.vpc.subnetIds to multiple security groups

  • What stacktrace or error message from your provider did you see?

Serverless: Packaging service… Serverless: Uploading CloudFormation file to S3… Serverless: Uploading service .zip file to S3 (23.9 MB)… Serverless: Updating Stack… Serverless: Checking Stack update progress… …Serverless: Deployment failed!

Serverless Error ---------------------------------------

An error occurred while provisioning your stack: RedactedLambdaFunction
- Error occurred while DescribeSecurityGroups. EC2 Error
Code: InvalidGroup.NotFound. EC2 Error Message: The
security group 'sg-redacted' does not exist.

Get Support -------------------------------------------- Docs: docs.serverless.com Bugs: github.com/serverless/serverless/issues

Your Environment Information ----------------------------- OS: darwin Node Version: 6.9.2 Serverless Version: 1.4.0

Similar or dependent issues:

  • n/a

Additional Data

aws ec2 describe-security-groups --group-ids sg-redacted (executed from the same terminal session with the same environment variables as serverless deploy) confirms that the security group exists

aws ec2 describe-subnets --subnet-ids subnet-redacted subnet-redacted confirms that the subnets exist

Comparing the output from these commands confirms that they all belong to the same VPC

  • Serverless Framework Version you’re using: 1.4.0
  • Operating System: macOS Sierra 10.12.3 Beta (16D12b)
  • Stack Trace: see above
  • Provider Error messages: see above

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Reactions: 6
  • Comments: 22 (6 by maintainers)

Most upvoted comments

Thank you. You solved the problem! In going through my config file to get a minimal example I realized I was using the wrong profile setting. That would do it.

Thanks again and sorry for the noob error. 😦

+1
mikemcg52 on Jan 20, 2022

I also faced the similar issue, and I was using a profile that is not my default aws profile.

Description

  • What went wrong? serverless deploy --aws-profile assumed_role failed with an error, for a project using a pre-existing VPC.

  • What did you expect should have happened? serverless deploy --aws-profile assumed_role should have completed without error.

  • What was the config you used? My serverless.yml defines provider.vpc.securityGroupIds to a single security group, and provider.vpc.subnetIds to three security groups.

  • What stacktrace or error message from your provider did you see?

Serverless: Packaging service… Serverless: Excluding development dependencies… Serverless: Injecting required Python packages to package… Serverless: Uploading CloudFormation file to S3… Serverless: Uploading artifacts… Serverless: Uploading service MossService.zip file to S3 (72.05 KB)… Serverless: Validating template… Serverless: Updating Stack… Serverless: Checking Stack update progress… … Serverless: Operation failed! Serverless: View the full error output:

Serverless Error ---------------------------------------

An error occurred: SchedulerLambdaFunction - Error occurred while DescribeSecurityGroups. > EC2 Error Code: InvalidGroup.NotFound. EC2 Error Message: The security group ‘sg-3cfe0674’ > does not exist (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: 6741f2d1-5ca3-4eb0-8148-4db53275a43b).

Get Support -------------------------------------------- Docs: docs.serverless.com Bugs: github.com/serverless/serverless/issues Issues: forum.serverless.com

Your Environment Information --------------------------- Operating System: darwin Node Version: 12.10.0 Framework Version: 1.61.0 Plugin Version: 3.2.7 SDK Version: 2.2.1 Components Core Version: 1.1.2 Components CLI Version: 1.4.0

Additional Data

I have also tried these two commands to confirm both security group and subnets exist. aws ec2 describe-security-groups --group-ids <sg-id> --profile assumed_role aws ec2 describe-subnets --profile assumed_role --subnet-ids subnet-redacted subnet-redacted

  • Serverless Framework Version you’re using:
Framework Core: 1.61.0
Plugin: 3.2.7
SDK: 2.2.1
Components Core: 1.1.2
Components CLI: 1.4.0
  • Operating System: macOS Mojave 10.14.5
  • Stack Trace: see above
  • Provider Error messages: see above
  • AWS configuration: I have made sure both ~/.aws/config and ~/.aws/credentials are set correctly with the profile name and credentials.
+1
yen-shi on Feb 9, 2020

Ok - not sure if this related to what you said @jokeyrhyme but I’ve got it working now.

Serverless doesn’t seem to use my default region (where the VPC is) as listed in ~/.aws/config so was trying to deploy to the Serverless default region us-east-1.

Would be awesome if Serverless would honour this file or maybe make it mandatory to provide a region in your config? Just some ideas.

+1
mikefrancis on Jan 27, 2017
Read more comments on GitHub
← serverless: DX: Helpful output when serverless.yml is malformed
serverless: EC2 permissions for VPC not set on first deploy →