search

StreisandEffect / streisand

Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
https://twitter.com/streisandvpn
Other
23.17k stars 1.99k forks source link

EC2 Error: "Only Amazon VPC security groups may be used with this operation" #139

Closed BBB closed 9 years ago

BBB commented 9 years ago

I have the following error when trying to provision Streisand with an ec2 instance.

ansible 1.8.3

TASK: [ec2-security-group | Open the SSH port in the EC2 security group] ******
a10_server                    Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
failed: [127.0.0.1 -> 127.0.0.1] => {"failed": true, "parsed": false}
Traceback (most recent call last):
  File "/Users/ollie/.ansible/tmp/ansible-tmp-1427280931.97-111066911038941/ec2_group", line 2174, in <module>
    main()
  File "/Users/ollie/.ansible/tmp/ansible-tmp-1427280931.97-111066911038941/ec2_group", line 340, in main
    cidr_ip=ip)
  File "/usr/local/Cellar/ansible/1.8.3/libexec/vendor/lib/python2.7/site-packages/boto/ec2/connection.py", line 3229, in authorize_security_group_egress
    params, verb='POST')
  File "/usr/local/Cellar/ansible/1.8.3/libexec/vendor/lib/python2.7/site-packages/boto/connection.py", line 1226, in get_status
    raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>InvalidParameterValue</Code><Message>Only Amazon VPC security groups may be used with this operation.</Message></Error></Errors><RequestID>4ef72a0a-f2a3-4f36-918f-0067bfc51135</RequestID></Response>

FATAL: all hosts have already failed -- aborting
BBB commented 9 years ago

Update. This looks to be because my account supports "EC2 Classic". So it's not an issue with streisand.

jlund commented 9 years ago

Yeah, other people have run into this as well. I really wish that I could figure out a workaround, but I don't have access to an EC2 account that has Classic enabled.

You can manually bring up a server in Classic and configure it directly. There are instructions in the README for this, and I will be making the process even easier soon.

Joe8Bit commented 9 years ago

There is a workaround for this, but it's a little unwieldy. AWS accounts that have Classic enabled were created before a certain date, so creating a new AWS account will mean that only VPC is available when provisioning EC2 instances (and therefore Streisand will provision properly).

It's nasty and not possible for everyone, but will work.

jlund commented 8 years ago

This has now been fully patched in #371 thanks to @DavidWittman. Better late than never! :)

ryan-mars commented 7 years ago

What are the proper settings for a VPC and subnet?

I just ran into this issue today. I got further past it by creating my own VPC and subnet however I don't know the correct parameters for these so I'm pretty sure I did it wrong because I cannot access my instance and Streisand errors out at the end that it couldn't reach the instance.

DavidWittman commented 7 years ago

@ryanwmarsh just use the IDs of the VPC (vpc-xxxxxx) and Subnet (subnet-xxxxxx) which you just created.

shawnhank commented 5 years ago

I know this an old issue, but this just popped for me this morning on macOS Mojave 10.14. I'm a first time user/installer and was following the steps in the readme when this happened.

I have EC2 Classic in an AWS account that is about 6-7 years old. Happy to provide an environment to test against if you'd like.

Also, will try the manual vpc and subnet method recommended.