Terraform throws "groupName cannot be used with the parameter subnet" or "VPC security groups may not be used for a non-VPC launch"

Dennis Hoer picture Dennis Hoer · Jul 22, 2015 · Viewed 9.3k times · Source

When trying to figure out how to configure a aws_instance with AWS VPC the following errors occur:

* Error launching source instance: InvalidParameterCombination: The parameter groupName cannot be used with the parameter subnet
    status code: 400, request id: []

or

* Error launching source instance: InvalidParameterCombination: VPC security groups may not be used for a non-VPC launch
    status code: 400, request id: []

Answer

agbodike picture agbodike · Jan 4, 2016

This is due to how a security group is associated with an instance.

Without a subnet it is OK to associate it using the security group's name:

resource "aws_instance" "server" {
  ...
  security_groups = [ "${aws_security_group.my_security_group.name}" ]
}

In the case where a subnet is also associated you cannot use the name, but should instead use the security group's ID:

security_groups = [ "${aws_security_group.my_security_group.id}" ]
subnet_id = "${aws_subnet.my_subnet.id}"

The above assumes you've created a security group named my_security_group, and a subnet named my_subnet