Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to select Security Group for existing VPC in config. step #512

Open
nkay28 opened this issue Jul 9, 2024 · 5 comments
Open

Ability to select Security Group for existing VPC in config. step #512

nkay28 opened this issue Jul 9, 2024 · 5 comments
Labels
stale

Comments

@nkay28
Copy link

nkay28 commented Jul 9, 2024
edited
Loading

Enterprise customer doesn't allow PRIVATE_ISOLATED for ec2 SubnetType in their AWS account. So, need to pick the security group available in the existing VPC during the config step of deployment (Step 4), after changing PRIVATE_ISOLATED to PRIVATE_WITH_EGRESS in .ts files.

Facing following error during deployment: validation error detected: Value '[]' at 'vpcConfig.securityGroupIds' failed to satisfy constraint: Member must have length greater than or equal to 1 (Service: AmazonSageMaker; Status Code: 400; Error Code: ValidationException; Request ID: 0c2cdffd-07dc-4139-9f1c-3b9f4169c6aa...
@nkay28 nkay28 changed the title Ability to select Security Group for private VPC in config. step Ability to select Security Group for existing VPC in config. step Jul 9, 2024
@massi-ang
Copy link
Collaborator

@nkay28 I deployed the solution modifying the SubnetType here and here. I have also removed the PRIVATE_ISOLATED subnet from the VPC (commented out these lines ).

It deployed without issues.

@nkay28
Copy link
Author

nkay28 commented Jul 19, 2024

Thanks @massi-ang. I tried with commenting out the last VPC component. It gave me a different error, with route tables this time:

CREATE_FAILED        | AWS::EC2::VPCEndpoint                           | SharedVPCS3GatewayEndpoint13AA3DEC
Resource handler returned message: "route table rtb-0913b605c41837278 already has a route with destination-prefix-list-id pl-63a5400a (Service: Ec2, Status Cod
e: 400, Request ID: 320b8cba-347e-4faf-aac0-21ff9d181020)" (RequestToken: 7373b475-22d8-623e-b330-447ea1c7ff9b, HandlerErrorCode: GeneralServiceException)
 
10:29:51 PM | CREATE_FAILED        | AWS::EC2::VPCEndpoint                           | SharedVPCDynamoDBEndpoint7FDC246D
Resource handler returned message: "route table rtb-0913b605c41837278 already has a route with destination-prefix-list-id pl-02cd2c6b (Service: Ec2, Status Cod
e: 400, Request ID: 01b71ac1-3325-40c2-beba-60011f4caa8a)" (RequestToken: 134dbee2-8e63-c45e-6d8e-84801f41b8c3, HandlerErrorCode: GeneralServiceException)

@massi-ang
Copy link
Collaborator

Can you please provide some more information about what modification you did? Ideally, can you provide a forked repo with your modifications so that it is simpler to reproduce the error

@nkay28
Copy link
Author

nkay28 commented Jul 23, 2024

Hi @massi-ang,

Thank you for your continued guidance!

@github-actions GitHub Actions
Copy link

This issue is stale because it has been open for 60 days with no activity.

@github-actions github-actions bot added the stale label Sep 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
AWS GenAI Chatbot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nkay28 @massi-ang