Reputation: 467
I would like to deploy a SecurityGroup with an SecurityGroup ingress rule via cloudformation.
I currently use this in the yaml file:
Security
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Securitygroup with access to itself
SecurityIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref Security
SourceSecurityGroupId: !Ref Security
IpProtocol: tcp
FromPort: -1
This will give me an error, stating that the SucurityGroupId would be malformed. That error happens while creating SecurityIngress. Please note that I have changed my stackname to "Stackname".
Invalid Id: \"Stackname-Security-N12M8127812\" (expecting \"sg-\")
So I guess !Ref does not return the ID of the SecurityGroup, but instead returns the name. Is there a way to get to the id?
Upvotes: 6
Views: 6809
Reputation: 1
Its because you did not specify the VPC ID in the properties in that case !Ref passes the name and you have to use the !GetAtt instead, if you include the VPC ID in the properties you can use !Ref to get the SG ID:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroup.html
Upvotes: 0
Reputation: 502
Using !Ref
will return the resource name. This is clearly mentioned in the documentation. You need to use the !GetAtt
to get the one of the resource attributes, including the Security Group id.
SourceSecurityGroupId: !GetAtt Security.GroupId
Upvotes: 15