AWS VPC Error: Client.InvalidParameterCombination

When trying to execute an ec2-run-instances command for a VPC, you must specify both which subnet & which security group you want it to belong to:

ec2-run-instances ami-abc123 \
 --group sg-abc123 \
 --subnet subnet-abc123 \
 --private-ip-address 10.0.1.10 \
 .... your other params

However, doing so generates this error:

Client.InvalidParameterCombination: Network interfaces and an instance-level security groups may not be specified on the same request

I even found one lowly report of someone else with this issue: https://forums.aws.amazon.com/message.jspa?messageID=368030

Luckily, my company has premium AWS support and a quick 10 minute chat got the answer I needed.  You must use the --network-attachment param, which takes the place of --group, --private-ip-address, and --subnet

The resulting command looks like this:

ec2-run-instances ami-abc123 \
  --network-attachment :0:subnet-abc123::10.0.1.10:sg-abc123::
  .... your other params

Good luck, I hope this helps!

About these ads

2 comments on “AWS VPC Error: Client.InvalidParameterCombination

  1. Thank you, this saved me a call to support! Works like a charm.

  2. Townsend Duong says:

    Thanks a lot! I ran into the same issue, and your blog helped me solve it. I replied to the forum thread and pointed to this article.

Comments are closed.