Elastic Beanstalk deployment failing because of a dangling security group

Question

When doing a deployment with Elastic Beanstalk, we got the following error:

ERROR: Configuration validation exception: Invalid option value: 'sg-fdd33e89' (Namespace: 'aws:autoscaling:launchconfiguration', OptionName: 'SecurityGroups'): The security group having id 'sg-fdd33e89' does not exist.

Things probably related:

• We have custom security group settings for the ELB in .ebextensions
• We had earlier cloned this particular EB environment from an older EB environment and had problems with being unable to temrinate the old environment because of this security group.

(Already solved this but sharing the question in case it helps somebody else)

Answer 1

I found the Derya Sezen's related blog post AWS Elastic Beanstalk the security group having id does not exist problem that

• was describing a case where old security group from a the previous environment was inherited to new environment (probably the case with me too)
• adviced to update EB environment's security group options with AWS CLI

I run the following with AWS CLI following the blog post:

aws elasticbeanstalk update-environment --environment-name my-env-name --option-settings Namespace=aws:autoscaling:launchconfiguration,OptionName=SecurityGroups,Value=""

After that, EB updated the environments for a while and after that I was able to deploy successfully.

Answer 2

You can delete the problematic part by running eb config. You will receive editable config for your environment where you can find the non-existent security group and easily delete it.