I have an AWS Elastic Beanstalk application that needs to send and receive data to/from a database that lives inside of a VPC. To achieve this, I planned to integrate the EB app inside of that same VPC, and configure a security group for this EB app so that I could insert the resulting resource as an inbound rule to the security group of the database, thus allowing for communication between the two.
I have a vpc.config file inside of the respective .ebextensions folder, where I have the next code, which I got from this AWS-given example on the documentation.
option_settings:
- namespace: aws:ec2:vpc
option_name: VPCId
value: vpc-XXXXXXXXXXX
- namespace: aws:autoscaling:launchconfiguration
option_name: SecurityGroups
value: sg-XXXXXXXXXXXX
I know that I'm missing some data, like the ELBSubnets, and I also know that it will result in an error (my plan was to deal with an error at a time to understand all of the things that could go wrong). What I don't understand is why am I also receiving this error message when trying to deploy the env from the EB CLI:
ERROR: ServiceError - Configuration validation exception: Invalid option value: 'sg-xxxxxxxxx' (Namespace: 'aws:autoscaling:launchconfiguration', OptionName: 'SecurityGroups'): The security group 'sg-xxxxxxxxx' does not exist
I have already verified the Security Group ID, checked that the Security Group exists on the same region of the Elastic Beanstalk app, as well as added the required policies for the IAM user that I'm using to access AWS EB from the CLI (AmazonVPCFullAccess and AdministratorAccess-AWSElasticBeanstalk).
I have also looked at several SO and re:Post questions and tried the methods indicated on those without any success.
What are your thoughts on this? What am I missing?