Elastic Beanstalk: Auto Scaling activity failed with error: The parameter SecurityGroup is not recognized. Launching EC2 instance failed.

Haha, thank you for the context on your experience levels.

First try: Did you change any of the environment settings, or only upload a new application revision? Do you know if you/anyone else may have changed any environment settings since the last new revision that just happened to get enacted now as part of this change? If so, reverting that change will likely fix the issue. If you can go back to a known working state, try making your update through the Beanstalk console. If that works fine, there's probably an issue with the CLI syntax used. You can look in the CloudTrail service to view API calls to compare the console vs CLI command requestParameters. If you're still stuck, then read the rest of my novel below for some more ideas. Specifically, SecurityGroup vs SecurityGroups is a typo I'd look for in the CLI command (see 'back to your issue' for details)

Background info: Beanstalk is an abstraction of the underlying resources to (usually) remove the need to understand those in detail from developers (or highly intelligent Docker mastering dogs). So ignoring Beanstalk for a moment, it usually creates a launch-template which is used by an AutoScaling Group (ASG). The ASG requests instances from EC2 using the settings/application revision uploaded to Beanstalk, and the Launch Template is part of what is passed to EC2 (it contains all the info about the instance being launched, such as the Security Group settings)

Back to your issue: In general, that error happens because there are 3 places/ways to define security groups in a Launch Template

• Within the network interface, under the Groups field
• Outside the network interface, via the SecurityGroupIds field
• Outside the network interface, via the SecurityGroups field

I'm guessing what happened is somehow the wrong field got defined somewhere. Or if this error was directly thrown by the EB CLI, then it could also be a similar issue, since I see --vpc.securitygroups as the setting name in the EB CLI (even if you're defining a single security group).

Places to investigate: Without being able to see your exact resource details, its a bit hard to know for sure what happened, but here's some paths you can look into. If you have a subscription to a support plan, someone can take a look at your exact resources and give a more specific answer.

• You should be able to go to the ASG details + Activity history to find more info. Go to the EC2 service on your AWS console, and there's a section for AutoScaling on both the top middle section, as well as the left sidebar. From there you can find the ASG with your Beanstalk environment name. On the main details tab, the Launch Template ID should be listed, note that for a few steps further down
• Now go to the ASG's activity history tab, you should be able to see any launch failures. Specifically, we want to see if the error you saw in Beanstalk is being pulled from the ASG activity history here, or if it might have come from somewhere else (like for example, a failed UpdateAutoScalingGroup or CreateLaunchTemplate API call)
• If the error is in the activity history, then make a describe-launch-template-versions call using the ID you grabbed in the bullet above this, and edit your question with the results (and comment on this answer to make sure I see it). Make sure to redact anything sensitive like your accountID. I'd guess there's an issue with one of the settings in it.
• If the error is NOT in the activity history, then it's likely that a Beanstalk update tried to update the Launch Template or ASG and failed. Check the CloudTrail service for roughly the time you made the EB CLI call, and filter for "ReadOnly=False" on the console, to see only mutating API calls. See if there's any that errored out