Can't knife ec2 server create for Australian region

Question

Setting up this service for a client in Australia. Running the below command works for the US default region, when I try for the Australian (ap-southeast-2) region I get an error I can't debug.

knife ec2 server create -G linux,web,database,elasticsearch,redis -I ami-e9e675d3 -f m1.small -i ~/.ec2/myclient.pem -x ubuntu -r 'role[base],role[monitoring],role[app_database_master],role[the_app],role[the_app_task_broker]' -E 'production' -N the-server-3 --region=ap-southeast-2 --availability-zone=ap-southeast-2a --distro=ubuntu12.04-gems --bootstrap-version=11.4.0 -VV

 knife ec2 server create -G linux,web,database,elasticsearch,redis -I ami-e9e675d3 -f m1.small -i ~/.ec2/myclient.pem -x ubuntu -r 'role[base],role[monitoring],role[app_database_master],role[the_app],role[the_app_task_broker]' -E 'production'  -N the-server-3 --region=ap-southeast-2 --availability-zone=ap-southeast-2a --distro=ubuntu12.04-gems --bootstrap-version=11.4.0 -VV
/home/user/.rvm/gems/ruby-2.0.0-p0/gems/excon-0.25.3/lib/excon/middlewares/expects.rb:6:in `response_call': The security group 'redis' does not exist in default VPC 'vpc-ea551283' (Fog::Compute::AWS::NotFound)
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/excon-0.25.3/lib/excon/middlewares/response_parser.rb:8:in `response_call'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/excon-0.25.3/lib/excon/connection.rb:349:in `response'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/excon-0.25.3/lib/excon/connection.rb:247:in `request'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/xml/sax_parser_connection.rb:34:in `request'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/core/deprecated/connection.rb:18:in `request'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/aws/compute.rb:385:in `_request'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/aws/compute.rb:380:in `request'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/aws/requests/compute/run_instances.rb:112:in `run_instances'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/aws/models/compute/server.rb:179:in `save'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/core/collection.rb:52:in `create'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/knife-ec2-0.6.4/lib/chef/knife/ec2_server_create.rb:241:in `run'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/chef-11.4.4/lib/chef/knife.rb:460:in `run_with_pretty_exceptions'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/chef-11.4.4/lib/chef/knife.rb:173:in `run'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/chef-11.4.4/lib/chef/application/knife.rb:123:in `run'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/chef-11.4.4/bin/knife:25:in `<top (required)>'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/bin/knife:19:in `load'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/bin/knife:19:in `<main>'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/bin/ruby_noexec_wrapper:14:in `eval'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/bin/ruby_noexec_wrapper:14:in `<main>'

Just for fun, I'll remove the security groups all together and rerun:

 knife ec2 server create -I ami-e9e675d3 -f m1.small -i ~/.ec2/myclient.pem -x ubuntu -r 'role[base],role[monitoring],role[app_database_master],role[the_app],role[the_app_task_broker]' -E 'production'  -N the-server-3 --region=ap-southeast-2 --availability-zone=ap-southeast-2a --distro=ubuntu12.04-gems --bootstrap-version=11.4.0 -VV
/home/user/.rvm/gems/ruby-2.0.0-p0/gems/excon-0.25.3/lib/excon/middlewares/expects.rb:6:in `response_call': The key pair 'myclient' does not exist (Fog::Compute::AWS::NotFound)
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/excon-0.25.3/lib/excon/middlewares/response_parser.rb:8:in `response_call'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/excon-0.25.3/lib/excon/connection.rb:349:in `response'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/excon-0.25.3/lib/excon/connection.rb:247:in `request'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/xml/sax_parser_connection.rb:34:in `request'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/core/deprecated/connection.rb:18:in `request'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/aws/compute.rb:385:in `_request'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/aws/compute.rb:380:in `request'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/aws/requests/compute/run_instances.rb:112:in `run_instances'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/aws/models/compute/server.rb:179:in `save'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/fog-1.14.0/lib/fog/core/collection.rb:52:in `create'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/knife-ec2-0.6.4/lib/chef/knife/ec2_server_create.rb:241:in `run'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/chef-11.4.4/lib/chef/knife.rb:460:in `run_with_pretty_exceptions'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/chef-11.4.4/lib/chef/knife.rb:173:in `run'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/chef-11.4.4/lib/chef/application/knife.rb:123:in `run'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/gems/chef-11.4.4/bin/knife:25:in `<top (required)>'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/bin/knife:19:in `load'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/bin/knife:19:in `<main>'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/bin/ruby_noexec_wrapper:14:in `eval'
    from /home/user/.rvm/gems/ruby-2.0.0-p0/bin/ruby_noexec_wrapper:14:in `<main>'

it does exist:

ls ~/.ec2/myclient.pem 
/home/user/.ec2/myclient.pem*

knife ec2 server create -G linux,web,database,elasticsearch,redis -I ami-9c78c0f5 -f m1.small -i ~/.ec2/myclient.pem -x ubuntu -r 'role[base],role[monitoring],role[app_database_master],role[the_app],role[the_app_task_broker]' -E 'production'  -N the-server-test --availability-zone=us-east-1a --distro=ubuntu12.04-gems --bootstrap-version=11.4.0
Instance ID: i-xxxxxxxx
Flavor: m1.small
Image: ami-9c78c0f5
Region: us-east-1
Availability Zone: us-east-1a
Security Groups: linux, web, database, elasticsearch, redis
Tags: {"Name"=>"the-server-test"}
SSH Key: myclient

knife ec2 server list

Instance ID  Name         Public IP     Private IP      Flavor    Image         SSH Key   Security Groups                             State  

i-xxxxxx   the-server-1  xxxx  xxxx  m1.small  ami-9c78c0f5  myclient  web, database, linux, elasticsearch, redis  running

This does show that an existing server is up and running.

In addition for my own sanity, I ran the command on the us-east-1a zone and:

knife ec2 server create -G linux,web,database,elasticsearch,redis -I ami-9c78c0f5 -f m1.small -i ~/.ec2/myclient.pem -x ubuntu -r 'role[base],role[monitoring],role[app_database_master],role[the_app],role[the_app_task_broker]' -E 'production'  -N the-server-test --availability-zone=us-east-1a --distro=ubuntu12.04-gems --bootstrap-version=11.4.0

Instance ID: i-xxxxxxx

Flavor: m1.small

Image: ami-9c78c0f5

Region: us-east-1

Availability Zone: us-east-1a

Security Groups: linux, web, database, elasticsearch, redis

Tags: {"Name"=>"the-server-test"}

SSH Key: myclient

It works. So something to do with the new region?

gem list 

*** LOCAL GEMS ***

activesupport (4.0.0, 3.2.14, 3.2.13)
addressable (2.3.5, 2.3.4)
akami (1.2.0)
archive-tar-minitar (0.5.2)
atomic (1.1.12)
berkshelf (2.0.8, 1.4.0)
buff-config (0.3.0)
buff-extensions (0.5.0)
buff-ignore (1.1.0)
buff-ruby_engine (0.1.0)
buff-shell_out (0.1.0)
builder (3.2.2)
bundler (1.3.5)
bundler-unload (1.0.1)
celluloid (0.14.1, 0.13.0)
celluloid-io (0.14.1)
chef (11.4.4)
childprocess (0.3.9)
chozo (0.6.1)
erubis (2.7.0)
excon (0.25.3)
faraday (0.8.8, 0.8.7)
ffi (1.9.0, 1.8.1)
fog (1.14.0)
formatador (0.2.4)
gssapi (1.1.2, 1.0.3)
gyoku (1.1.0)
hashie (2.0.5, 2.0.3)
highline (1.6.19, 1.6.18)
httpclient (2.3.4.1, 2.2.0.2)
httpi (2.1.0, 0.9.7)
hub (1.10.6)
i18n (0.6.4, 0.6.1)
ipaddress (0.8.0)
json (1.8.0, 1.7.7)
knife-ec2 (0.6.4)
little-plugger (1.1.3)
log4r (1.1.10)
logging (1.8.1, 1.6.2)
mime-types (1.23)
mini_portile (0.5.1)
minitar (0.5.4)
minitest (5.0.6, 4.7.5)
mixlib-authentication (1.3.0)
mixlib-cli (1.3.0)
mixlib-config (1.1.2)
mixlib-log (1.6.0)
mixlib-shellout (1.2.0, 1.1.0)
multi_json (1.7.8, 1.7.2)
multipart-post (1.2.0)
net-http-persistent (2.9, 2.8)
net-scp (1.1.2, 1.1.1, 1.0.4)
net-ssh (2.6.8, 2.6.7, 2.2.2)
net-ssh-gateway (1.2.0)
net-ssh-multi (1.2.0, 1.1)
nio4r (0.5.0, 0.4.6)
nokogiri (1.6.0, 1.5.10, 1.5.9)
nori (2.3.0, 1.1.5)
ohai (6.18.0, 6.16.0)
rack (1.5.2)
rake (10.1.0, 10.0.4)
rbzip2 (0.2.0)
rest-client (1.6.7)
retryable (1.3.3, 1.3.2)
ridley (1.5.0, 1.2.5, 0.9.0)
ruby-hmac (0.4.0)
rubygems-bundler (1.2.2, 1.1.1)
rubyntlm (0.3.3, 0.1.1)
rvm (1.11.3.8, 1.11.3.7)
savon (2.3.0, 0.9.5)
solve (0.8.0, 0.4.2)
systemu (2.5.2)
thor (0.18.1)
thread_safe (0.1.2)
timers (1.1.0)
tzinfo (1.0.1, 0.3.37)
uuidtools (2.1.4)
vagrant (1.0.7)
varia_model (0.1.1)
wasabi (3.2.0, 1.0.0)
winrm (1.1.2)
yajl-ruby (1.1.0)

Answer 1

The security group should be configured per VPC. Are you sure that the VPC you created in that region contains the relevant key-pair and security group?

Answer 2

Turns out there is a drop down menu I never noticed (needed to use) in the AWS management console.

1. Selecting the appropriate region in AWS management console
2. creating a new key pair, then
3. recreating security groups in the new region, then
4. updating knife.rb with knife[:aws_ssh_key_id] = "myclient-au", then
5. passing -i ~/.ec2/myclient-au.pem

and everything started working again.