CODEWITHSUNDEEP
amazon-web-servicesaws-cloudformation
Naxi
Naxi

Reputation: 2016

Getting error while passing multiple security groups to Network Interface via Cloudformation

I am trying to build up a simple cloudformation template which creates an EC2 instance & 2 network interfaces and attaches them to Ec2 instance. While I am passing the security groups to the ENIs, I am getting error that the security group id doesn't exists while it does exist.

I think the issue is coming up while transforming the security groups as list of Strings and passing them to groupSet property of AWS::EC2::NetworkInterface . When I choose just one security group, this template works fine but doesn't work as soon as I select multiple SGs.

Cloudformation Teamplate

{
    "AWSTemplateFormatVersion":"2010-09-09",
    "Description":"AWS Cloudformation Sample Template",
    "Parameters":{
        
        "WebServerSecurityGroup" : {
          "Type" : "List<AWS::EC2::SecurityGroup::Id>",
          "Description" : "The list of security groups in your Virtual Private Cloud (VPC)",
          "ConstraintDescription" : "must be the security group id  in an existing Virtual Private Cloud."
        },
        "Subnet" : {
            "Type" : "AWS::EC2::Subnet::Id",
            
            "Description" : "The subet in which to launch the instance"
        },

        
        "InstanceType":{
            "Description":"Webserver EC2 instance type",
            "Type":"String",
            "Default":"t2.small",
            "AllowedValues":[ "t1.micro", "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large","t2.2xlarge", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "g2.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"],
            "ConstraintDescription":"must be a valid EC2 instance type"
        },
        "KeyName":{
            "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
            "Type" : "AWS::EC2::KeyPair::KeyName",
            "MinLength": "1",
            "MaxLength": "255",
            "AllowedPattern" : "[\\x20-\\x7E]*",
            "ConstraintDescription" : "can contain only ASCII characters."
        }
    },
    "Resources":{
    "NIC1" : {
      "Type" : "AWS::EC2::NetworkInterface",
      "Properties" : {
        "SubnetId" : { "Ref" : "Subnet" },
        "GroupSet":[ 
            {"Fn::Join": 
            [",", 
            {"Ref": "WebServerSecurityGroup"}
            ]
            } 
            ]
      }
    },
    "NIC2" : {
      "Type" : "AWS::EC2::NetworkInterface",
      "Properties" : {
        "SubnetId" : { "Ref" : "Subnet" },
        "GroupSet":[ 
            {"Fn::Join": 
            [",", 
            {"Ref": "WebServerSecurityGroup"}
            ]
            } 
            ]
      }
    },
    "MyEC2Instance" : {
    "Type" : "AWS::EC2::Instance",
    "Properties" : {
        "ImageId" :"ami-059ab56ffb17ed971",
        "KeyName" : { "Ref" : "KeyName" },
        "InstanceType" : { "Ref" : "InstanceType" }, 
        "NetworkInterfaces" : [
          { "NetworkInterfaceId" : { "Ref" : "NIC1" }, "DeviceIndex" : "0" },
          { "NetworkInterfaceId" : { "Ref" : "NIC2" }, "DeviceIndex" : "1" }
        ]
    
    }
}

}
}

Error

Error Log

Please help.

Upvotes: 0

Views: 1218

Answers (1)

sayboras
sayboras

Reputation: 5165

As your parameter is already a list, you don't need to join anymore. Please find below the template

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "AWS Cloudformation Sample Template",
  "Parameters": {
    "WebServerSecurityGroup": {
      "Type": "List<AWS::EC2::SecurityGroup::Id>",
      "Description": "The list of security groups in your Virtual Private Cloud (VPC)",
      "ConstraintDescription": "must be the security group id  in an existing Virtual Private Cloud."
    },
    "Subnet": {
      "Type": "AWS::EC2::Subnet::Id",
      "Description": "The subet in which to launch the instance"
    },

    "InstanceType": {
      "Description": "Webserver EC2 instance type",
      "Type": "String",
      "Default": "t2.small",
      "AllowedValues": [
        "t1.micro",
        "t2.nano",
        "t2.micro",
        "t2.small",
        "t2.medium",
        "t2.large",
        "t2.2xlarge",
        "m1.small",
        "m1.medium",
        "m1.large",
        "m1.xlarge",
        "m2.xlarge",
        "m2.2xlarge",
        "m2.4xlarge",
        "m3.medium",
        "m3.large",
        "m3.xlarge",
        "m3.2xlarge",
        "m4.large",
        "m4.xlarge",
        "m4.2xlarge",
        "m4.4xlarge",
        "m4.10xlarge",
        "c1.medium",
        "c1.xlarge",
        "c3.large",
        "c3.xlarge",
        "c3.2xlarge",
        "c3.4xlarge",
        "c3.8xlarge",
        "c4.large",
        "c4.xlarge",
        "c4.2xlarge",
        "c4.4xlarge",
        "c4.8xlarge",
        "g2.2xlarge",
        "g2.8xlarge",
        "r3.large",
        "r3.xlarge",
        "r3.2xlarge",
        "r3.4xlarge",
        "r3.8xlarge",
        "i2.xlarge",
        "i2.2xlarge",
        "i2.4xlarge",
        "i2.8xlarge",
        "d2.xlarge",
        "d2.2xlarge",
        "d2.4xlarge",
        "d2.8xlarge",
        "hi1.4xlarge",
        "hs1.8xlarge",
        "cr1.8xlarge",
        "cc2.8xlarge",
        "cg1.4xlarge"
      ],
      "ConstraintDescription": "must be a valid EC2 instance type"
    },
    "KeyName": {
      "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
      "Type": "AWS::EC2::KeyPair::KeyName",
      "MinLength": "1",
      "MaxLength": "255",
      "AllowedPattern": "[\\x20-\\x7E]*",
      "ConstraintDescription": "can contain only ASCII characters."
    }
  },
  "Resources": {
    "NIC1": {
      "Type": "AWS::EC2::NetworkInterface",
      "Properties": {
        "SubnetId": { "Ref": "Subnet" },
        "GroupSet": { "Ref": "WebServerSecurityGroup" }
      }
    },
    "NIC2": {
      "Type": "AWS::EC2::NetworkInterface",
      "Properties": {
        "SubnetId": { "Ref": "Subnet" },
        "GroupSet": { "Ref": "WebServerSecurityGroup" }
      }
    },
    "MyEC2Instance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": "ami-059ab56ffb17ed971",
        "KeyName": { "Ref": "KeyName" },
        "InstanceType": { "Ref": "InstanceType" },
        "NetworkInterfaces": [
          { "NetworkInterfaceId": { "Ref": "NIC1" }, "DeviceIndex": "0" },
          { "NetworkInterfaceId": { "Ref": "NIC2" }, "DeviceIndex": "1" }
        ]
      }
    }
  }
}

Upvotes: 2

Related Questions