2

I'm trying to attach a security group that I created to the network interface of my NAT Gateway.

This gives me the following error:

you do not have permission to access the specified resource

error

I don't know why, since I've created the security group exactly like the one in the official documentation:

enter image description here

Anyone have an idea?

EDIT:

In reply to a question, this is what I'm trying to accomplish:

enter image description here

Quinten Scheppermans
  • 954
  • 1
  • 10
  • 29

1 Answers1

0

This aws answer says that you can't change the security group on the network ENI which it looks like you're trying to change from the first image. The documentation you provided is for a nat instance. Depending on what you're trying to accomplish you can attach the security group to application instances or create a NAT instance and attach it to that?

Datise
  • 3,683
  • 2
  • 11
  • 12
  • I'll get back to you after the weekend, thanks in advance. In the meantime, I've EDITED my post to show you what I'm trying to accomplish. Basically I wan't my Docker containerized microservices to be able to both communicate with eachother (bidrectionally) and with the internet. – Quinten Scheppermans Apr 07 '18 at 13:19
  • I'm not sure I fully understand you. It seems to me like the amazon coworker just contradicts the official documentation? Yes, the documentation I provided is for a NAT instance. It creates a security group for that instance, but it doesn't specify how to attach it. If not to the network interface of that instance, than to what do I attach the security group? – Quinten Scheppermans Apr 09 '18 at 07:50
  • doc actuality vs reality on a lot of platforms can be misleading. That aside, I think you need to attach your security groups to a network interface instead of the nat gateway. In order of creation I think it goes subnet -> nat gateway -> security group -> network interface -> attach network interface to nat gateway -> profit? Admittedly I don't create these manually. I use terraform created from this awesome resource: https://github.com/segmentio/stack The stack sounds similar to what you're trying to accomplish I suggest reading it through – Datise Apr 12 '18 at 19:19
  • thanks for your answer. I've decided to step away from ECS though. I'm using Docker Swarm which is working just fine for me. – Quinten Scheppermans Apr 13 '18 at 08:57