CODEWITHSUNDEEP
amazon-web-servicesaws-cloudformationaws-security-group
Junge
Junge

Reputation: 467

AWS Cloudformation !Ref SecurityGroup returns an invalid ID

I would like to deploy a SecurityGroup with an SecurityGroup ingress rule via cloudformation.

I currently use this in the yaml file:

Security
  Type: AWS::EC2::SecurityGroup
  Properties:
    GroupDescription: Securitygroup with access to itself
SecurityIngress:
  Type: AWS::EC2::SecurityGroupIngress
  Properties:
    GroupId: !Ref Security
    SourceSecurityGroupId: !Ref Security
    IpProtocol: tcp
    FromPort: -1

This will give me an error, stating that the SucurityGroupId would be malformed. That error happens while creating SecurityIngress. Please note that I have changed my stackname to "Stackname".

Invalid Id: \"Stackname-Security-N12M8127812\" (expecting \"sg-\")

So I guess !Ref does not return the ID of the SecurityGroup, but instead returns the name. Is there a way to get to the id?

Upvotes: 6

Views: 6809

Answers (2)

JMarsden
JMarsden

Reputation: 1

Its because you did not specify the VPC ID in the properties in that case !Ref passes the name and you have to use the !GetAtt instead, if you include the VPC ID in the properties you can use !Ref to get the SG ID:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroup.html

Upvotes: 0

WalKh
WalKh

Reputation: 502

Using !Ref will return the resource name. This is clearly mentioned in the documentation. You need to use the !GetAtt to get the one of the resource attributes, including the Security Group id.

SourceSecurityGroupId: !GetAtt Security.GroupId

Upvotes: 15

Related Questions