EC2 build agent security group

I'm trying to set up the cloud integration into EC2, and I've run into a problem. I have everything set up properly, TeamCity is able to start an instance with my AMI, but the agent is unreachable due to the EC2 security group it is in. By default, our corporate account has the default security group locked down for all connections. I've created a 'teamcity' security group that properly allows communication with our TeamCity server, but I cannot find a way to get TeamCity to launch the instance with this security group.

On the 'Agent Cloud' tab of the TC admin page, I have all of the proper settings available, except that the security group option only has the following -

Default security group will be used

How do I fix this? Is there an option I can tweak somewhere to allow launch into a different security group?

4 comments
Comment actions Permalink

As an extra data point, we are using VPC to connect the build agents to a TC server running in our own datacenter.

I was able to successfully manually get a build agent to connect and run several builds - I then used this instance's EBS volume as the source for a new AMI that I created. TC was able to successfully create and start an instance with this AMI, but since it was using the 'default' security group, it's completely unreachable from anywhere.

0
Comment actions Permalink

Hello David,

The list of available security groups is fetched from the EC2 and should be displayed on the configuration page under "Security groups".
You can also trigger a manual update of the values by clicking "Check connection/Fetch parameter values" button.

Please check TeamCity server can access Amazon EC2 servers and you connect to the proper EC2 location with a proper account.

If the issue persists, please attach logs\teamcity-cloud.log and screenshot of your current settings.

You can create an issue in our tracker and create a restricted-visibility attachment or send the logs and screenshot via email if you do not want to post them in this forum.

0
Comment actions Permalink

Yes, I am aware of this. My problem is that these options do not appear when I select that I want the instance to start as a VPC instance. What setting do I need to change on my TeamCity server for it to properly display the set of VPC security groups and not just regular security groups.

0
Comment actions Permalink

David,

OK, I see.
There is indeed a limitation of using the default security group. The workaround is to modify your "default" security group to the required settings.
I see you have already commented  on the feature request to address this: TW-16874

0

Please sign in to leave a comment.