https://pulumi.com logo
Title
j

jolly-plumber-1488

07/11/2022, 11:07 AM
Hi guys, has anyone seen this error before when creating eks cluster?
Message_: "Security group(s) [sg-0cb56162e90f5f571] are not in the same VPC as the subnets. Please specify a security group that is associated with the VPC: vpc-0b6bc0745054144c7."
This the python code to create cluster:
cluster = eks.Cluster(
    cluster_name,
    version="1.22",

    skip_default_node_group=True,

    vpc_id=vpc.id,
    public_subnet_ids=vpc.public_subnet_ids,
    node_associate_public_ip_address=False,
    private_subnet_ids=vpc.private_subnet_ids,
    cluster_security_group=cluster_sg,

    service_role=cluster_role,
    instance_roles=[node_role],

    create_oidc_provider=True,

    cluster_tags=common_tags
)
I know EKS will create a separate security group for cluster service, but seems it’s using my default VPC instead of the
vpc.id
that I passed.
m

mammoth-electrician-64525

07/11/2022, 11:20 AM
@jolly-plumber-1488 I’m not sure exactly but looks like your ‘vpc.id’ is empty or is not the same VPC used by your ‘*_subnets_ids’. I suggest you create the VPC in another function before, collect ids from this process and add in your function to create the EKS. Using this approach your infrastructure will create not only the EKS but everything that is necessary to create EKS. If you want to delete this stack you will delete not only EKS but the VPC that EKS was created. for example: https://github.com/pulumi/examples/blob/master/aws-py-eks/__main__.py#L15
j

jolly-plumber-1488

07/11/2022, 11:25 AM
Thanks for your reply, @mammoth-electrician-64525. Yeah, I found the root cause, there is
id
and also
vpc_id
in the output, the description of
id
is:
The provider-assigned unique ID for this managed resource.
What is that?
m

mammoth-electrician-64525

07/11/2022, 11:34 AM
@jolly-plumber-1488 this is the description about id output, as a default description(https://www.pulumi.com/registry/packages/aws-iam/api-docs/provider/)
👍 1
j

jolly-plumber-1488

07/11/2022, 11:38 AM
BTW, is there any suggestion about how to debug issues like this, besides printing logs?
e.g. is there a way to print the raw http request body?
m

mammoth-electrician-64525

07/11/2022, 11:48 AM
I believe that verbose logging can help you a bit: https://www.pulumi.com/docs/support/troubleshooting/#verbose-logging
another suggestion, is maybe you can use AWS Native than AWS Classic or another provider for AWS. Native providers can give you full coverage for your infrastructure as code but keep in mind that it is in the preview version: https://www.pulumi.com/registry/packages/aws-native/
j

jolly-plumber-1488

07/11/2022, 12:11 PM
Thanks a lot, @mammoth-electrician-64525
🕺 1