Troubleshooting InvalidParameter Security group and subnet belong to different networks

I got stuck with the error InvalidParameter: Security group sg-08e153383fca86934 and subnet subnet-00e3adcfceb3cf8ee belong to different networks when I was working on one of AWS project where I need to set-up following using Terraform -

Here is the screenshot of the error which I got -

InvalidParameter: Security group sg-08e153383fca86934 and subnet subnet-00e3adcfceb3cf8ee belong to different networks

Troubleshooting Steps

As the error says there is mismatch in the network of security group and subnet. So we need to carefully look at the following -

  1. Check the VPC ID of Security Group Configuration
  2. Check the VPC ID of Subnet Configuration
  3. Conclusion

1. Check the VPC ID of Security Group Configuration

Since I was using Terraform, so my first check point was to look at the VPC-ID of my Security Configuration. Here is my terraform code where I have highlighted the problematic area with comments -

 1# Security Group configuration
 2# Root cause - I missed to add vpc_id inside my security config
 3# Make sure to check the vpc_id and it should match with the subnet vpc_id
 4
 5resource "aws_security_group" "sg_vpc_jhooq_eu_central_1" {
 6  egress = [
 7    {
 8      cidr_blocks      = [ "0.0.0.0/0", ]
 9      description      = ""
10      from_port        = 0
11      ipv6_cidr_blocks = []
12      prefix_list_ids  = []
13      protocol         = "-1"
14      security_groups  = []
15      self             = false
16      to_port          = 0
17    }
18  ]
19  ingress                = [
20    {
21      cidr_blocks      = [ "0.0.0.0/0", ]
22      description      = ""
23      from_port        = 22
24      ipv6_cidr_blocks = []
25      prefix_list_ids  = []
26      protocol         = "tcp"
27      security_groups  = []
28      self             = false
29      to_port          = 22
30    }
31  ]
32  
33  # Make sure to check the vpc_id and it should match with the subnet vpc_id
34  vpc_id = aws_vpc.vpc-jhooq-eu-central-1.id
35  
36  depends_on = [aws_vpc.vpc-jhooq-eu-central-1]
37  tags = {
38    Name = "SG : vpc-jhooq-eu-central-1 "
39  }
40}
41 

2. Check the VPC ID of Subnet Configuration

In the subnet configuration you also need to make sure that you are assigning the correct vpc_id. Here is my terraform code where I have specified the same vpc_id which I have used in security configuration.

 1# Subnet configuration
 2# vpc_id - Make sure to check the vpc_id and it should match with the subnet vpc_id
 3
 4resource "aws_subnet" "aws_jhooq_private_subnets" {
 5  count      = length(var.cidr_private_subnet)
 6  
 7  # The vpc_id should be similar to security group's vpc_id
 8  vpc_id     = aws_vpc.vpc-jhooq-eu-central-1.id
 9  
10  
11  cidr_block = element(var.cidr_private_subnet, count.index)
12  availability_zone = element(var.eu_availability_zone, count.index)
13
14  tags = {
15    Name = "Subnet-Private : Private Subnet ${count.index + 1}"
16  }
17}

Conclusion

The error InvalidParameter: Security group sg-08e153383fca86934 and subnet subnet-00e3adcfceb3cf8ee belong to different networks is relative very simple to troubleshoot but if you do not read the error description carefully then it might take a lot of time to fix.

Hope above mentioned example will help you to troubleshoot your issue.

Posts in this Series