Troubleshooting InvalidParameter Security group and subnet belong to different networks
I got stuck with the error InvalidParameter: Security group sg-08e153383fca86934 and subnet subnet-00e3adcfceb3cf8ee belong to different networks when I was working on one of AWS project where I need to set-up following using Terraform -
- VPC
- Subnet
- Internet Gate, NAT
- Route Table
- EC2 Instance
- Security group
Here is the screenshot of the error which I got -
Troubleshooting Steps
As the error says there is mismatch in the network of security group and subnet. So we need to carefully look at the following -
- Check the VPC ID of Security Group Configuration
- Check the VPC ID of Subnet Configuration
- Conclusion
1. Check the VPC ID of Security Group Configuration
Since I was using Terraform, so my first check point was to look at the VPC-ID of my Security Configuration. Here is my terraform code where I have highlighted the problematic area with comments -
1# Security Group configuration
2# Root cause - I missed to add vpc_id inside my security config
3# Make sure to check the vpc_id and it should match with the subnet vpc_id
4
5resource "aws_security_group" "sg_vpc_jhooq_eu_central_1" {
6 egress = [
7 {
8 cidr_blocks = [ "0.0.0.0/0", ]
9 description = ""
10 from_port = 0
11 ipv6_cidr_blocks = []
12 prefix_list_ids = []
13 protocol = "-1"
14 security_groups = []
15 self = false
16 to_port = 0
17 }
18 ]
19 ingress = [
20 {
21 cidr_blocks = [ "0.0.0.0/0", ]
22 description = ""
23 from_port = 22
24 ipv6_cidr_blocks = []
25 prefix_list_ids = []
26 protocol = "tcp"
27 security_groups = []
28 self = false
29 to_port = 22
30 }
31 ]
32
33 # Make sure to check the vpc_id and it should match with the subnet vpc_id
34 vpc_id = aws_vpc.vpc-jhooq-eu-central-1.id
35
36 depends_on = [aws_vpc.vpc-jhooq-eu-central-1]
37 tags = {
38 Name = "SG : vpc-jhooq-eu-central-1 "
39 }
40}
41
2. Check the VPC ID of Subnet Configuration
In the subnet configuration you also need to make sure that you are assigning the correct vpc_id. Here is my terraform code where I have specified the same vpc_id which I have used in security configuration.
1# Subnet configuration
2# vpc_id - Make sure to check the vpc_id and it should match with the subnet vpc_id
3
4resource "aws_subnet" "aws_jhooq_private_subnets" {
5 count = length(var.cidr_private_subnet)
6
7 # The vpc_id should be similar to security group's vpc_id
8 vpc_id = aws_vpc.vpc-jhooq-eu-central-1.id
9
10
11 cidr_block = element(var.cidr_private_subnet, count.index)
12 availability_zone = element(var.eu_availability_zone, count.index)
13
14 tags = {
15 Name = "Subnet-Private : Private Subnet ${count.index + 1}"
16 }
17}
Conclusion
The error InvalidParameter: Security group sg-08e153383fca86934 and subnet subnet-00e3adcfceb3cf8ee belong to different networks is relative very simple to troubleshoot but if you do not read the error description carefully then it might take a lot of time to fix.
Hope above mentioned example will help you to troubleshoot your issue.
Posts in this Series
- Securing Sensitive Data in Terraform
- Boost Your AWS Security with Terraform : A Step-by-Step Guide
- How to Load Input Data from a File in Terraform?
- Can Terraform be used to provision on-premises infrastructure?
- Fixing the Terraform Error creating IAM Role. MalformedPolicyDocument Has prohibited field Resource
- In terraform how to handle null value with default value?
- Terraform use module output variables as inputs for another module?
- How to Reference a Resource Created by a Terraform Module?
- Understanding Terraform Escape Sequences
- How to fix private-dns-enabled cannot be set because there is already a conflicting DNS domain?
- Use Terraform to manage AWS IAM Policies, Roles and Users
- How to split Your Terraform main.tf File into Multiple Files
- How to use Terraform variable within variable
- Mastering the Terraform Lookup Function for Dynamic Keys
- Copy files to EC2 and S3 bucket using Terraform
- Troubleshooting Error creating EC2 Subnet InvalidSubnet Range The CIDR is Invalid
- Troubleshooting InvalidParameter Security group and subnet belong to different networks
- Managing strings in Terraform: A comprehensive guide
- How to use terraform depends_on meta argument?
- What is user_data in Terraform?
- Why you should not store terraform state file(.tfstate) inside Git Repository?
- How to import existing resource using terraform import comand?
- Terraform - A detailed guide on setting up ALB(Application Load Balancer) and SSL?
- Testing Infrastructure as Code with Terraform?
- How to remove a resource from Terraform state?
- What is Terraform null Resource?
- In terraform how to skip creation of resource if the resource already exist?
- How to setup Virtual machine on Google Cloud Platform
- How to use Terraform locals?
- Terraform Guide - Docker Containers & AWS ECR(elastic container registry)?
- How to generate SSH key in Terraform using tls_private_key?
- How to fix-Terraform Error acquiring the state lock ConditionalCheckFiledException?
- Terraform Template - A complete guide?
- How to use Terragrunt?
- Terraform and AWS Multi account Setup?
- Terraform and AWS credentials handling?
- How to fix-error configuring S3 Backend no valid credential sources for S3 Backend found?
- Terraform state locking using DynamoDB (aws_dynamodb_table)?
- Managing Terraform states?
- Securing AWS secrets using HashiCorp Vault with Terraform?
- How to use Workspaces in Terraform?
- How to run specific terraform resource, module, target?
- How Terraform modules works?
- Secure AWS EC2s & GCP VMs with Terraform SSH Keys!
- What is terraform provisioner?
- Is terraform destroy needed before terraform apply?
- How to fix terraform error Your query returned no results. Please change your search criteria and try again?
- How to use Terraform Data sources?
- How to use Terraform resource meta arguments?
- How to use Terraform Dynamic blocks?
- Terraform - How to nuke AWS resources and save additional AWS infrastructure cost?
- Understanding terraform count, for_each and for loop?
- How to use Terraform output values?
- How to fix error configuring Terraform AWS Provider error validating provider credentials error calling sts GetCallerIdentity SignatureDoesNotMatch?
- How to fix Invalid function argument on line in provider credentials file google Invalid value for path parameter no file exists
- How to fix error value for undeclared variable a variable named was assigned on the command line?
- What is variable.tf and terraform.tfvars?
- How to use Terraform Variables - Locals,Input,Output
- Terraform create EC2 Instance on AWS
- How to fix Error creating service account googleapi Error 403 Identity and Access Management (IAM) API has not been used in project before or it is disabled
- Install terraform on Ubuntu 20.04, CentOS 8, MacOS, Windows 10, Fedora 33, Red hat 8 and Solaris 11