AWS VPC Error: Client.InvalidParameterCombination

When trying to execute an ec2-run-instances command for a VPC, you must specify both which subnet & which security group you want it to belong to:

ec2-run-instances ami-abc123 
 --group sg-abc123 
 --subnet subnet-abc123 
 .... your other params

However, doing so generates this error:

Client.InvalidParameterCombination: Network interfaces and an instance-level security groups may not be specified on the same request

I even found one lowly report of someone else with this issue:

Luckily, my company has premium AWS support and a quick 10 minute chat got the answer I needed.  You must use the --network-attachment param, which takes the place of --group, --private-ip-address, and --subnet

The resulting command looks like this:

ec2-run-instances ami-abc123 
  --network-attachment :0:subnet-abc123::
  .... your other params

Good luck, I hope this helps!

2 thoughts on “AWS VPC Error: Client.InvalidParameterCombination”

  1. Thanks a lot! I ran into the same issue, and your blog helped me solve it. I replied to the forum thread and pointed to this article.

Leave a Reply

Your email address will not be published. Required fields are marked *