Packer: InvalidPermission.Duplicate when creating temporary AWS security group

Created on 11 Feb 2014  ·  42Comments  ·  Source: hashicorp/packer

Using Packer 0.5.1, and the amazon-ebs builder, I'm seeing errors of the form:

--> amazon-ebs: Error creating temporary security group: the specified rule "peer: 0.0.0.0/0, TCP, from port: 22, to port: 22, ALLOW" already exists (InvalidPermission.Duplicate)

It's not happening consistently, so may indicate a race-condition.

bug buildeamazon waiting-reply

Most helpful comment

I just saw the same thing as phillipgoh:

==> ubuntu-east: Creating temporary keypair: packer 5329f401-2227-56eb-4779-da1aba193582
==> ubuntu-east: Creating temporary security group for this instance...
==> ubuntu-east: Authorizing SSH access on the temporary security group...
==> ubuntu-east: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
==> ubuntu-east: Deleting temporary security group...
==> ubuntu-east: Deleting temporary keypair...
Build 'ubuntu-east' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

All 42 comments

Seeing this also. Randomly in different regions, at least one in 3 of my builders does it at the moment.

1392343473,,ui,say,amazon-instance_us-east-1 output will be in this color.
1392343473,,ui,say,amazon-instance_us-west-1 output will be in this color.
1392343473,,ui,say,amazon-instance_us-west-2 output will be in this color.
1392343473,,ui,say,
1392343473,,ui,say,==> amazon-instance_us-west-1: Creating temporary keypair: packer 52fd79b1-ec81-8a41-abd8-0f12c280d50d
1392343473,,ui,say,==> amazon-instance_us-west-2: Creating temporary keypair: packer 52fd79b1-ae0c-4e76-91dd-10bc5ce57415
1392343473,,ui,say,==> amazon-instance_us-east-1: Creating temporary keypair: packer 52fd79b1-cb1b-6a8e-a7c7-6a005fe88880
1392343474,,ui,say,==> amazon-instance_us-west-2: Creating temporary security group for this instance...
1392343474,,ui,say,==> amazon-instance_us-west-1: Creating temporary security group for this instance...
1392343475,,ui,say,==> amazon-instance_us-east-1: Creating temporary security group for this instance...
1392343475,,ui,say,==> amazon-instance_us-west-2: Authorizing SSH access on the temporary security group...
1392343475,,ui,say,==> amazon-instance_us-west-1: Authorizing SSH access on the temporary security group...
1392343476,,ui,say,==> amazon-instance_us-west-1: Launching a source AWS instance...
1392343476,,ui,say,==> amazon-instance_us-west-2: Launching a source AWS instance...
1392343478,,ui,message, amazon-instance_us-west-1: Instance ID: i-c73f4898
1392343479,,ui,message, amazon-instance_us-west-2: Instance ID: i-bd088bb4
1392343479,,ui,say,==> amazon-instance_us-west-1: Waiting for instance (i-c73f4898) to become ready...
1392343480,,ui,say,==> amazon-instance_us-west-2: Waiting for instance (i-bd088bb4) to become ready...
1392343485,,ui,error,==> amazon-instance_us-east-1: The security group 'packer 52fd79b3-b2b5-40c7-ec61-8547f5da6772' already exists for VPC 'vpc-xxxxxx' (InvalidGroup.Duplicate)
1392343485,,ui,say,==> amazon-instance_us-east-1: Deleting temporary keypair...
1392343486,,ui,say,Build 'amazon-instance_us-east-1' finished.

I am experiencing the same thing. It happens intermittently, and is very frustrating when running multiple AWS builds at once.

I don't think so, @dmerrick. That was 4 months ago. I'm experiencing this problem with packer-0.5.1.

Well, yes. As I said, I am experiencing it too.

But apparently 4 months ago this issue was addressed.

Made some changes upstream to the retry mechanisms of our AWS client that should hopefully fix this. In the next release, if it happens again, please let me know.

Thanks, @mitchellh!

I saw this today with packer-0.5.2.
==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

I'm running packer on OS X Mavericks.

I just saw the same thing as phillipgoh:

==> ubuntu-east: Creating temporary keypair: packer 5329f401-2227-56eb-4779-da1aba193582
==> ubuntu-east: Creating temporary security group for this instance...
==> ubuntu-east: Authorizing SSH access on the temporary security group...
==> ubuntu-east: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
==> ubuntu-east: Deleting temporary security group...
==> ubuntu-east: Deleting temporary keypair...
Build 'ubuntu-east' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

I am seeing this in packer 0.6.0.

Error launching source instance: The security group 'sg-32661e56' does not exist in VPC 'vpc-922db3f2' (InvalidGroup.NotFound)

Just saw it again in Packer 0.6.0 myself.

build 08-Jul-2014 02:30:20 1404786620,,ui,error,Build 'amazon_ebs_hvm_precise_us-east-1' errored: Error launching source instance: The security group 'sg-a5eb9cc0' does not exist (InvalidGroup.NotFound)

Perhaps a variant:

==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Error creating temporary security group: the specified rule "peer: 0.0.0.0/0, TCP, from port: 22, to port: 22, ALLOW" already exists (InvalidPermission.Duplicate)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error creating temporary security group: the specified rule "peer: 0.0.0.0/0, TCP, from port: 22, to port: 22, ALLOW" already exists (InvalidPermission.Duplicate)

I got this on Packer 0.6.0 too.

packer build packer_ami.json
amazon-ebs output will be in this color.

==> amazon-ebs: Creating temporary keypair: packer 53c6aa4c-3d4f-c8b2-6d96-685021fc065c
==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

==> Builds finished but no artifacts were created.
make: *** [staging] Error 1

Ditto for 0.6.0:

==> amazon-ebs: Creating temporary keypair: packer 53c8a7e8-8502-1398-a98a-9cfc4b894cf8
==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Error launching source instance: The security group 'sg-5b4df03e' does not exist in VPC 'vpc-c240b7a7' (InvalidGroup.NotFound)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...

got this with 0.6.1

1407432672,,ui,say,amazon-ebs output will be in this color.
1407432672,,ui,say,
1407432672,,ui,say,==> amazon-ebs: Inspecting the source AMI...
1407432673,,ui,say,==> amazon-ebs: Creating temporary keypair: packer 53e3b7e0-ad5b-05b4-b67c-6093d20b64fd
1407432674,,ui,say,==> amazon-ebs: Creating temporary security group for this instance...
1407432674,,ui,say,==> amazon-ebs: Authorizing SSH access on the temporary security group...
1407432696,,ui,error,==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1407432696,,ui,say,==> amazon-ebs: Deleting temporary security group...
1407432696,,ui,say,==> amazon-ebs: Deleting temporary keypair...
1407432697,,ui,error,Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1407432697,,error-count,1
1407432697,,ui,error,\n==> Some builds didn't complete successfully and had errors:
1407432697,amazon-ebs,error,Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1407432697,,ui,error,--> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1407432697,,ui,say,\n==> Builds finished but no artifacts were created.

+1 getting this in 0.6.1 (using ubuntu 14.04)

i also got this error in 0.6.1. I'm on OSX Mavericks.

> ==> amazon-ebs: Creating temporary keypair: packer 53ee9f33-7cfb-88d2-1880-f1fff39e5767
> ==> amazon-ebs: Creating temporary security group for this instance...
> ==> amazon-ebs: Authorizing SSH access on the temporary security group...
> ==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
> ==> amazon-ebs: Deleting temporary security group...
> ==> amazon-ebs: Deleting temporary keypair...
> Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

I got this on 0.7.1 on amazon linux Linux version 3.2.34-55.46.amzn1.x86_64 (mockbuild@gobi-build-31003) (gcc version 4.6.2 20111027 (Red Hat 4.6.2-2) (GCC) )

1422553612,,ui,say,==> amazon-ebs: Creating temporary keypair: packer 54ca720c-7215-2052-3591-b7f155ae4299
1422553612,,ui,say,==> amazon-ebs: Creating temporary security group for this instance...
1422553612,,ui,say,==> amazon-ebs: Authorizing SSH access on the temporary security group...
1422553623,,ui,error,==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1422553623,,ui,say,==> amazon-ebs: Deleting temporary security group...
1422553623,,ui,say,==> amazon-ebs: Deleting temporary keypair...
1422553623,,ui,error,Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1422553623,,error-count,1
1422553623,,ui,error,\n==> Some builds didn't complete successfully and had errors:
1422553623,amazon-ebs,error,Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1422553623,,ui,error,--> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
1422553623,,ui,say,\n==> Builds finished but no artifacts were created.

I'm seeing this on Packer 0.7.5 running on OS X Yosemite. I was trying to create a new AMI based on AMI I had generated with packer just a few minutes before:

==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

==> Builds finished but no artifacts were created.

As with the other cases reported here, it doesn't happen all the time.

I just got this error as well in Packer v0.7.5 on OS X Yosemite.

amazon-ebs output will be in this color.

==> amazon-ebs: Inspecting the source AMI...
==> amazon-ebs: Creating temporary keypair: packer 557f31f1-5928-f518-53e5-1ea6529e9ea1
==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing SSH access on the temporary security group...
==> amazon-ebs: Error creating temporary security group: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error creating temporary security group: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group (InvalidPermission.Duplicate)

I just got this error with packer 0.8.3.

I don't think this has been properly fixed :(

EDIT: I actually think I got this error because amazon was having an outage. I think the error logging is just inaccurate.

This is definitely still happening with packer 0.8.5 on Amazon Linux

==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing access to port 22 the temporary security group...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-56862632' does not exist in VPC 'vpc-65a13300'

@adimarco It looks to me like you have a different issue. Your error message is completely different. If you believe this is a bug, please open a new issue.

@cbednarski Sorry, I meant to leave that comment in #1322. It was closed as a duplicate of this issue, however, and I see the same error message I'm getting in 2 other posts in this issue, so I thought might be related. I'll open a new issue.

From @phinze

Build 'amazon-ebs' errored: Error creating temporary security group: InvalidPermission.Duplicate: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group
status code: 400, request id: []

We should probably catch and ignore this issue since I think the system is in a state where it can continue in spite of the error.

Just got this with 0.8.6:

==> my-ami: Prevalidating AMI Name...
==> my-ami: Inspecting the source AMI...
==> my-ami: Creating temporary keypair: packer xxxx-xxxx-xxxx-xxxx-xxxxx
==> my-ami: Creating temporary security group for this instance...
==> my-ami: Authorizing access to port 22 the temporary security group...
==> my-ami: Launching a source AWS instance...
==> my-ami: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-f635fd8d' does not exist in VPC 'vpc-1111f778'
==> my-ami:   status code: 400, request id: []
==> my-ami: No AMIs to cleanup
==> my-ami: Deleting temporary security group...
==> my-ami: Deleting temporary keypair...
Build 'my-ami' errored: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-f635fd8d' does not exist in VPC 'vpc-1111f778'
  status code: 400, request id: []

Getting the following

==> amazon-ebs: Prevalidating AMI Name...
==> amazon-ebs: Inspecting the source AMI...
==> amazon-ebs: Creating temporary keypair: packer 573cae9f-f6e5-ba08-dc3a-d68aa1e345d3
==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing access to port 22 the temporary security group...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-3d36ea46' does not exist in VPC 'vpc-50b94137'
==> amazon-ebs: status code: 400, request id: []
==> amazon-ebs: No AMIs to cleanup
==> amazon-ebs: Deleting temporary security group...
^C==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-3d36ea46' does not exist in VPC 'vpc-50b94137'
status code: 400, request id: []

Same issue as commented above, running packer version 0.10.1 on AWS Linux.

UPDATE: Just executed the same build script and didn't receive the error on 3rd attempt. Successful after I attempted to use the -debug flag and then ran without it.

According to some comments in #2606 this may happen when there is an API outage. Even if this is not the root cause these issues are likely related.

Agreed, if I retry a minute or so later it runs with no errors. Thanks for the link to #2606!

All - is this issue still ongoing? From the sounds of the conversations in May, it seems like this issue can be closed?

@michaeltlombardi I'm still seeing the Error launching source instance: InvalidGroup.NotFound: The security group 'sg-216d3b5b' does not exist error every so often.

Are you using the current master of Packer? I don't think the fix from here https://github.com/mitchellh/packer/pull/3656 has been cut into a release yet, 0.10.1 was cut before the fix and 0.10.2 was cut last week but doesn't look like it includes that fix.

I'm using 0.10.2 now, from homebrew.

Sent from my iPhone

On Sep 29, 2016, at 2:52 PM, ryanrupp [email protected] wrote:

Are you using the current master of Packer? I don't think the fix from here #3656 has been cut into a release yet, 0.10.1 was cut before the fix and 0.10.2 was cut last week but doesn't look like it includes that fix.


You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

@mwarkentin @ryanrupp 0.10.2 contains exactly the same code as 0.10.1 it was just rebuilt to support macOS Sierra.

This happens for us both through the homebrew version and the compiled version from the Packer site. This is definitely still an issue.

might be able to solve this with something like #3938

@laneatomic Can you confirm which error you're getting? Is it

InvalidGroup.NotFound or InvalidPermission.Duplicate?

was able to reproduce the InvalidGroup.NotFound error. I created an issue to track it. #4368

I'm going to close this since I believe the InvalidPermission.Duplicate error has been resolved. Please feel free to re-open if anyone is still getting this error with the latest build of packer. CC @laneatomic

Unfortunately I can no longer test this error. We refactored how we use Packer in a way to avoid this entirely.

Have just come across this on 0.12.2

==> amazon-ebs: Prevalidating AMI Name...
    amazon-ebs: Found Image ID: ami-512ffc47
==> amazon-ebs: Creating temporary keypair: packer_58b018eb-1577-525a-a81e-af7530a99da8
==> amazon-ebs: Creating temporary security group for this instance...
==> amazon-ebs: Authorizing access to port 22 the temporary security group...
==> amazon-ebs: Error creating temporary security group: InvalidPermission.Duplicate: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group
==> amazon-ebs:     status code: 400, request id: b95f46ab-1eef-48e3-8485-6737bef71d3f
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Error creating temporary security group: InvalidPermission.Duplicate: The permission '0.0.0.0/0-tcp-22-22' has already been authorized on the specified group
    status code: 400, request id: b95f46ab-1eef-48e3-8485-6737bef71d3f

@jgillard Please open a new issue for this. Thanks!

Was this page helpful?
0 / 5 - 0 ratings