When trying to start some EC2 instance through CloudFormation I kept getting the error “The parameter groupName cannot be used with the parameter subnet”.
The (YAML) AWS CloudFormation looks something like this:
Resources: KubernetesControllerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: t10-sg-k8s-controller GroupDescription: t10-sg-k8s-controller ...... Tags: - Key: Name Value: t10-sg-k8s-controller EC2Instance: Type: AWS::EC2::Instance Properties: ImageId: ami-20ee5e5d InstanceType: t2.micro KeyName: t10_kubernetes PrivateIpAddress: 10.0.11.11 SubnetId: Fn::ImportValue: !Sub "t10-vpc-k8s-subnet1-id" SecurityGroupIds: - !Ref KubernetesControllerSecurityGroup Tags: - Key: Name Value: t10-k8s-controller1
So the error ended in a Google search with many hits, many questions, many suggestions, but very few real answers.
Until I saw this answer from johnhunsley:
I believe you have created a Security Group without specifying a VPC ID. You have then attempted to create a launch config which launches instances into a subnet within a VPC. Therefore, when It attempts to assign the security group to those instances it fails because it expects the security group ID rather than the name.
So I think the response from AWS is in the running for the “Worst Error Message Ever” but the solution is very simple. Don’t make the mistake of not specifying your custom VPC ID when creating a new security group.
Resources: KubernetesControllerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: t10-sg-k8s-controller GroupDescription: t10-sg-k8s-controller ...... VpcId: !ImportValue t10-vpc-id Tags: - Key: Name Value: t10-sg-k8s-controller
johnhunsley @ https://github.com/boto/boto/issues/350