AWS Elastic Beanstalk the security group having id does not exist problem

Facebooktwittergoogle_pluslinkedinmailby feather

AWS Elastic Beanstalk

During playing with AWS EB, i noticed that somehow the Security Group from the previous environment was inherited by the new environment. This creates problem, when you want to terminate the old environment, as the security group already exist on another environment. That’s why i deleted the security group from the new environment. Since, i deleted it from the new environment, i cannot make deployment on the new environment because it gives the following error:

Failed Environment update activity. Reason: Configuration validation exception: Invalid option value: ‘sg-8712f4e3’ (Namespace: ‘aws:autoscaling:launchconfiguration’, OptionName: ‘SecurityGroups’): The security group having id ‘sg-8712f4e3’ does not exist

In order to overcome this, you need to change the EB Security Group from AWS CLI, you cannot do it from AWS Web Console.

Considering you have already AWS CLI installed (http://docs.aws.amazon.com/cli/latest/userguide/installing.html) , you need to the following command in order to change the Security Group:,

aws elasticbeanstalk update-environment –environment-name –option-settings Namespace=aws:autoscaling:launchconfiguration,OptionName=SecurityGroups,Value=””

Dilemma about when to feed the data during automated deploys: Code First vs. Model First

Facebooktwittergoogle_pluslinkedinmailby feather

In case you are supposed to feed the initial data to the DB for a code-first project during deploy-time (There are possible ways to do it in the code level of course), there is a problem: You do not know when the database schema is created even if you start the service.

In my case, i have Tomcat environment and i cannot feed the data just after i start the tomcat service. There can be two ways to workaround that:

1. Polling: Check periodically if the schema is created and after feed the data

2. Sleep: Observe the worst-case time and put a "sleep" before the data feed scripts

If there are other practical ways to do that during deploy-time and out of the codebase, please comment!

AWS Elastic Beanstalk how to access to the RDS environment variables under ebextensions and postdeploy hooks

Facebooktwittergoogle_pluslinkedinmailby feather

As a beginning, just to let you know, it is now my 54th deployment (which means around a week) using ebextensions in order to reverse engineering how it works in terms of environment variables!

The RDS environment variables are:





The weird part is, accessing to those environment variables under the following 3 scenarios are different:

1. Directly under ebextensions : This is not possible !

2. Under the scripts triggered by ebextensions : This is possible, you can use them like $RDS_HOSTNAME …

3. Under the hooks  : This was not possible but here is the workaround that i found and worked for my case:

– Store them under a file using a script trigged by ebextensions:

echo RDS_HOSTNAME=$RDS_HOSTNAME >> /etc/environment
echo RDS_USERNAME=$RDS_USERNAME >> /etc/environment
echo RDS_PASSWORD=$RDS_PASSWORD >> /etc/environment

– Parse them from the hook:

RDS_HOSTNAME="$(awk -F= '/RDS_HOSTNAME/{print $2}' /etc/environment)"
RDS_USERNAME="$(awk -F= '/RDS_USERNAME/{print $2}' /etc/environment)"
RDS_PASSWORD="$(awk -F= '/RDS_PASSWORD/{print $2}' /etc/environment)"

What a nasty solution but works!


AWS Elastic Beanstalk ebextensions Security Group firewall rules

Facebooktwittergoogle_pluslinkedinmailby feather

In order to define the firewall rules of the Security Group that the instance will belong to, you need to define the “Resources” like as the following:



    Type: “AWS::EC2::SecurityGroup”


      GroupDescription: “Security group to allow HTTP, HTTPS,SSH”


        – {CidrIp: “”, IpProtocol: “tcp“, FromPort: “8080”, ToPort: “8080”}

        – {CidrIp: “”, IpProtocol: “tcp“, FromPort: “8443”, ToPort: “8443”}

        – {CidrIp: “”, IpProtocol: “tcp“, FromPort: “443”, ToPort: “443”}

        – {CidrIp: “”, IpProtocol: “tcp“, FromPort: “80”, ToPort: “80”}

        – {CidrIp: “”, IpProtocol: “tcp“, FromPort: “22”, ToPort: “22”}

Save the “resources.config” under “.ebextensions” folder and deploy!


AWS Elasticbeanstalk hooking after app deploy

Facebooktwittergoogle_pluslinkedinmailby feather

I need to run a specific command after the app is deployed but there is no relevant key under ebextensions for that purpose. The key “container_commands” is not giving this functionality, runs your command before the deploy, but there is a workaround:

1. Create your own script and place it under .ebextensions directory

2. Under container_commands, add the following lines (preferably in a separate config file):



         command: cp .ebextensions/001_pre_tomcat_start.sh /opt/elasticbeanstalk/hooks/appdeploy/post


         command: chmod 775 /opt/elasticbeanstalk/hooks/appdeploy/post/001_pre_tomcat_start.sh

That’s it!

Connecting to AWS EC2 instances without a private key

Facebooktwittergoogle_pluslinkedinmailby feather

Sometimes this may be required, here is the practical way to do that:


useradd -s /bin/bash -m -d /home/YOURUSER -g root YOURUSER




vi /etc/ssh/sshd_config

PasswordAuthentication yes

/etc/init.d/ssh restart


visited 41 states (18.2%)

Follow me on Strava