AWS

EC2InvalidSecurityGroupNotFound - EC2 Invalid Security Group Not Found

Getting an **EC2InvalidSecurityGroupNotFound** error means the EC2 security group you specified doesn't exist—the security group might be in a different VPC or region, was deleted, or the ID/name is misspelled. This client-side error (4xx) happens when AWS validates EC2 security group existence. Most common when security group IDs don't exist, but also appears when security group names don't exist, security groups are in different VPCs, security groups are in different regions, or security groups have been deleted.

#Common Causes

  • Identity: IAM policy allows EC2 launch but security group doesn't exist. Service Control Policy (SCP) restricts security group access.
  • Network: VPC endpoint EC2 security group restrictions. Security group in different VPC. Security group in different region.
  • Limits: Security group ID does not exist. Security group name does not exist. Security group in different VPC. Security group in different region. Security group has been deleted.

Solutions

  1. 1Step 1: Diagnose - List all security groups: aws ec2 describe-security-groups --query 'SecurityGroups[*].[GroupId,GroupName,VpcId]' --output table. Check if security group ID or name is in the list.
  2. 2Step 2: Diagnose - List security groups in specific VPC: aws ec2 describe-security-groups --filters "Name=vpc-id,Values=VPC_ID" --query 'SecurityGroups[*].[GroupId,GroupName]' --output table. Verify security group exists in current VPC.
  3. 3Step 3: Diagnose - Search security groups by name: aws ec2 describe-security-groups --filters "Name=group-name,Values=SG_NAME" --query 'SecurityGroups[*].[GroupId,VpcId]' --output table. Find security group in correct VPC.
  4. 4Step 4: Fix - Use correct security group ID or name: Verify security group ID from list. Check for typos. Use exact security group ID (case-sensitive). Verify security group exists in current VPC and region.
  5. 5Step 5: Fix - Create new security group if needed: Create security group: aws ec2 create-security-group --group-name SG_NAME --description "Description" --vpc-id VPC_ID. Or use existing security group in correct VPC.

</>Code Examples

List All EC2 Security Groups to Find Correct ID
1#!/bin/bash
2echo "=== All Security Groups ==="
3aws ec2 describe-security-groups \
4  --query 'SecurityGroups[*].[GroupId,GroupName,VpcId]' \
5  --output table
6
7# Search for specific security group
8SG_ID="sg-1234567890abcdef0"
9echo "\n=== Searching for Security Group: ${SG_ID} ==="
10
11if aws ec2 describe-security-groups --group-ids ${SG_ID} &>/dev/null; then
12  echo "✓ Security group exists"
13  
14  # Get security group details
15  aws ec2 describe-security-groups --group-ids ${SG_ID} \
16    --query 'SecurityGroups[0].[GroupId,GroupName,VpcId,Description]' \
17    --output table
18else
19  echo "✗ Security group not found (EC2InvalidSecurityGroupNotFound)"
20fi
List Security Groups in Specific VPC
1#!/bin/bash
2VPC_ID="vpc-1234567890abcdef0"
3
4echo "=== Security Groups in VPC ==="
5echo "VPC ID: ${VPC_ID}"
6
7aws ec2 describe-security-groups \
8  --filters "Name=vpc-id,Values=${VPC_ID}" \
9  --query 'SecurityGroups[*].[GroupId,GroupName,Description]' \
10  --output table
11
12# Search by name
13SG_NAME="my-security-group"
14echo "\n=== Security Groups with Name: ${SG_NAME} ==="
15aws ec2 describe-security-groups \
16  --filters "Name=group-name,Values=${SG_NAME}" \
17  --query 'SecurityGroups[*].[GroupId,VpcId]' \
18  --output table
Create New Security Group
1#!/bin/bash
2SG_NAME="my-security-group"
3VPC_ID="vpc-1234567890abcdef0"
4DESCRIPTION="My security group"
5
6echo "=== Creating New Security Group ==="
7echo "Group name: ${SG_NAME}"
8echo "VPC ID: ${VPC_ID}"
9
10SG_ID=$(aws ec2 create-security-group \
11  --group-name ${SG_NAME} \
12  --description "${DESCRIPTION}" \
13  --vpc-id ${VPC_ID} \
14  --query 'GroupId' \
15  --output text 2>&1)
16
17if [ $? -eq 0 ] && [ ! -z "${SG_ID}" ]; then
18  echo "\n✓ Security group created: ${SG_ID}"
19  
20  echo "\n=== Security Group Details ==="
21  aws ec2 describe-security-groups --group-ids ${SG_ID} \
22    --query 'SecurityGroups[0].[GroupId,GroupName,VpcId,Description]' \
23    --output table
24else
25  echo "\n✗ Failed to create security group"
26  echo "Error: ${SG_ID}"
27  echo "Security group may already exist (EC2InvalidSecurityGroupNotFound if trying to use)"
28fi

Related Errors

ResourceNotFoundExceptionInvalidParameterValue

Provider Information

This error code is specific to AWS services. For more information, refer to the official AWS documentation.

EC2InvalidSecurityGroupNotFound - EC2 Invalid Security Group Not Found | AWS Error Reference | Error Code Reference