Created an elasticache via Ansible - Get an Error "Use of cache security groups is not permitted in this API version for your account"

Archives Ansible Project
1

I was trying to provision a new memcached server via ansible

- name: AWS | Create Redis
      local_action:
        module: elasticache
        region: sa-east-1
        name: "test-please-delete"
        state: present
        engine: memcached
        cache_engine_version: 1.4.14
        node_type: cache.m1.small
        num_nodes: 1
        cache_port: 11211
        cache_security_groups:
           - **default**
        zone: sa-east-1a

When I ran it I get the error " Use of cache security groups is not permitted in this API version for your account." This seems to only occur in Sau Paolo Region and every other reason. With the only exception being US East for example works fine.

Any ideas where I can diagnose this - looking for this error on google shows me no lead thus far

2

This I don’t know, but it seems to be coming from the AWS side of the house and not our code or boto.

If no one else here knows an answer, I’d perhaps inquire with Amazon support if there’s something different about that region.

3

For what it’s worth, I get a different type of error message when I try to run something similar with Redis.
https://github.com/ansible/ansible/issues/7986

4

Thanks for the replies. I have posted a support on AWS Forum, so hopefully I get a reply back.

I have though manage to semi fixed it. It seems in some regions, AWS either ‘cache_security_groups’ to be empty OR ‘security_group_ids’ to be passed empty. The below seems to now work happily with AWS for some reason - my example uses Redis.

  • name: AWS | Create Database in Redis

local_action:
region: sa-east-1
module: elasticache
name: “test-please-delete3”
state: present
engine: redis
cache_engine_version: 2.8.6
node_type: cache.m1.small
num_nodes: 1
cache_port: 6379
cache_security_groups: []
security_group_ids:

  • sg-x1x1x1x1
    zone: sa-east-1a

Passing an empty list to ‘cache_security_groups’ seems to fix it fine. This is in ansible version 1.7.1

5

I get the same error when trying to create a redis cache cluster using Cloud Formation template: “Use of cache security groups is not permitted in this API version for your account.”. I’m creating a AWS::ElastiCache::SecurityGroup so I can allow access from my EC2 instances and it fails to create the SG.

6

Yeah don’t know how to help with this one.

Perhaps worth asking of AWS.

7

Hi Guys

I made a module for this, and submitted a Pull Request here: https://github.com/ansible/ansible-modules-core/pull/1137

Feel free to let me know if it gives you any issues.