Unable to use --associate-public-ip-address

[lutnos]

I am unable to run an instance within a VPC, with a security group and associate a public IP address in awe cli version 1.5.1 .

When I run:

aws ec2 run-instances --image-id ami-4e75c339 --count 1 --instance-type t2.micro --key-name WTI --security-groups sg-ba71f1df --subnet-id vpc-53677f31 --associate-public-ip-address

I see:

A client error (InvalidParameterCombination) occurred when calling the RunInstances operation: Network interfaces and an instance-level security groups may not be specified on the same request

This look very much like a regression of #479, #502 & #516

I have the same problem on version 1.5.1 and the current version 1.6.3

(As a workaround I have to instead do a run-instances without the --associate-public-ip-address, then do an allocate-address with --domain vpc and then an associate-address .)

[jamesls]

I believe what's going on here is that we need to update our logic for --asociate-public-ip-address. As in #502, when a user specifies certain parameters along with --asociate-public-ip-address, we need to move parameters such as the --subnet-id over to the --network-interfaces option. It looks like there's a few other cases where we need to apply this same logic. In this specific issue it's the security-groups option. Another workaround is to just use the --network-interfaces argument directly until this logic has been implemented in the AWS CLI.

[lutnos]

Thanks Jmaes, I would use the --network-interfaces option, but documentation of it is sparce, can you recommend a good source?

When I tried with --network-interface I could not get it to accept a true or false for "Associate an EIP", also it looked as though if I used it I would have to specify an internal IP address explicitly - which would mean calculating a free one.

ATB

[ewanleith]

This command works for me:

aws ec2 run-instances --image-id ami-f0b11187 --key-name your-ssh-key-name --instance-type t2.micro --network-interfaces '[ { "DeviceIndex": 0, "Groups": ["sg-123456"], "SubnetId": "subnet-123456", "DeleteOnTermination": true, "AssociatePublicIpAddress": true } ]'

you'll obviously need to change the sg- value and the subnet- value to your own, and that particular AMI is Ubuntu in eu-west-1

[kyleknap]

I did some work with fixing some issues related to this customization in this PR: #1874. The problem is that you are using the --security-groups parameter instead of --security-group-ids parameter which gets mapped properly. So run something like this:

$ aws ec2 run-instances --image-id ami-4e75c339 --count 1 --instance-type t2.micro --key-name WTI --security-group-ids sg-ba71f1df --subnet-id vpc-53677f31 --associate-public-ip-address

Unfortunately we can never map --security-groups to the network interfaces because it only supports security group ids. I do not think it is possible to implement this and thus, closing.