Hi, I do not know how to resolve that issue? I have created `<http://modules.tf . . .

Lukasz Szczepaniak:

I do not know how to resolve that issue? I have created <http://modules.tf|modules.tf> file with that code:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  version = "5.0.0"
  name = "my-vpc"
  cidr = ""

  azs             = ["us-east-1a", "us-east-1f"]
  private_subnets = ["", ""]
  public_subnets  = ["", ""]

  enable_nat_gateway = true
  enable_vpn_gateway = true

  tags = {
    Terraform = "true"
    Environment = "dev"

Also in <http://main.tf|main.tf> file I added aws_security_group :

resource "aws_security_group" "servers" {
  name        = "allowservers"
  description = "Allow TCP:8080 inbound traffic to servers"
  vpc_id      = module.vpc.vpc_id

  ingress {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = [""]

And assigned it to aws_instance

resource "aws_instance" "ubuntu" {
  ami           = "ami-053b0d53c279acc90"
  instance_type = "t2.micro"
  vpc_security_group_ids = [aws_security_group.servers.id]
  user_data = &lt;&lt;-EOF
              echo "Hello, World" &gt; index.html
              nohup busybox httpd -f -p 8080 &amp;

  tags = {
    Name = "HelloWorld"

When I comment that line vpc_security_group_ids = [aws_security_group.servers.id] it works, but I need it to have assigned aws_security_group which means that with uncommented that above line it throws the error:

 Error: creating EC2 Instance: VPCIdNotSpecified: No default VPC for this user. GroupName is only supported for EC2-Classic and default VPC.
│       status code: 400, request id: 0d882d0e-a9d1-4898-91e3-77924b36629b
│   with aws_instance.ubuntu,
│   on <http://main.tf|main.tf> line 164, in resource "aws_instance" "ubuntu":
│  164: resource "aws_instance" "ubuntu" {

Does anyone know why and how to resolve it?

Lukasz Szczepaniak:
It works when I add:
subnet_id = module.vpc.public_subnets[0]
which tells in which subnet I want to have that instance created.

Alistair Mackay:
Security groups are VPC scoped - i.e. they must be associated with a VPC
EC2 Instances must also be associated with a VPC. If you do not provide an argument which tells AWS which VPC an instance goes into (e.g. by giving it a subnet), then it will attempt to launch it in whatever is marked as the default VPC. That might not be the same as the VPC where you created the SG, and as appears to be the case here, you might not have a default VPC (default VPC can, and usually should be deleted)

You should always be specific about which VPC you are launching resources in.

Lukasz Szczepaniak:
Thank you very much Alistair. I like your responses as well your training about the Kube API Server crash which I watched with all the exercises done. If you have more similar over here let me know.