ansible scritp中的AWS Elb未分配我已分配给我的安全组和子网的vpc ID

Question

We have common vpc created for all our project. I have created the subnets and security group using the vpc manually.

I do the automation for creating ELB. I create the elb using ansible script. If I create elb with the security group and subnets, it is assigning the default vpc instead of the custom vpc we have used for our subnet.

We tried to assign the custom vpc as well as using vpc_id which is not supporting. We get the Security group "sg-0567" does not belong to VPC "vpc-7456as" error. It is trying to create the elb with default vpc.

Please advise how to assign the our custom vpc which is already created by us during the automation

Answer 1

There is no separate parameter to pass the vpc-id when creating ELB. The vpc is assigned based on the subnet-id's you provide in the template.

Sample template snippet :

instance_ids:
  - i-abcd1234
region: us-east-1
subnets:
  - subnet-abcd1234
  - subnet-1a2b3c4d
listeners:
  - protocol: http
    load_balancer_port: 80
    instance_port: 80

If subnet-abcd1234 and subnet-1a2b3c4d are part of vpc-abcd1234 , then the ELB is automatically assigned to that VPC. When you dont pass any security-group, the default security-group of that VPC is assigned to the ELB automatically.

Done forget to pass the region . It is always a good practice. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used.

When you get the Security group "sg-0567" does not belong to VPC "vpc-7456as" error, then it means the security-group which you are passing in the script to the ELB is not part of the VPC which the ELB is assigned. ie. Your security-group and Subnet are NOT part of same VPC.

Remember security-groups can span across multiple subnets but not across multiple VPC.