CODEWITHSUNDEEP
amazon-web-servicesyamlaws-cloudformationaws-security-group
Gabriel Pulga
Gabriel Pulga

Reputation: 293

How do I properly format this YAML snippet?

I have a cloudformation snippet that looks roughly like this :

  ContainerSecurityGroup:
    Type :  AWS::EC2::SecurityGroup
    Properties : 
       InstanceId: !Ref ContainerSG
       GroupDescription :  "ECS Containers Security Group"
       VpcId :  !Sub {{resolve:ssm:/ca/config/network/vpc_id:${ParamVersion}}}
       GroupName :  !Sub   ${Env}-${ServiceName}-sg
       SecurityGroupIngress :
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.49.63.0/24
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.93.0.0/16
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.97.0.0/16
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.50.128.0/21
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.50.144.0/24
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  172.25.0.0/16

What am I doing wrong here? I get the following error:

Template contains errors.: Template format error: YAML not well-formed.

Can someone help me to resolve this one? Is there perhaps a workaround I have not considered?

Upvotes: 0

Views: 253

Answers (1)

JD D
JD D

Reputation: 8097

YAML requires consistent spacing for indention. Make sure you are use the same amount of spacing for each indent. The example you posted indents 2 spaces for some, 3 spaces for others. If you edit a YAML file in a modern IDE (i.e. VSCode), it should format and do the indention for you so you don't have the think about it.

Also, the VpcId line is not correct, the {{resolve:}} mechanism can't be combined with !Sub to parameterize the value presently, this has to be hardcoded. You may want to use the SSM Parameter types instead or just hardcode this.

ContainerSecurityGroup:
  Type: AWS::EC2::SecurityGroup
  Properties:
    InstanceId: !Ref ContainerSG
    GroupDescription: "ECS Containers Security Group"
    VpcId: {{resolve:ssm:/ca/config/network/vpc_id:1}}
    GroupName: !Sub ${Env}-${ServiceName}-sg
    SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: 8080
        ToPort: 8080
        CidrIp: 10.49.63.0/24
      - IpProtocol: tcp
        FromPort: 8080
        ToPort: 8080
        CidrIp: 10.93.0.0/16
      - IpProtocol: tcp
        FromPort: 8080
        ToPort: 8080
        CidrIp: 10.97.0.0/16
      - IpProtocol: tcp
        FromPort: 8080
        ToPort: 8080
        CidrIp: 10.50.128.0/21
      - IpProtocol: tcp
        FromPort: 8080
        ToPort: 8080
        CidrIp: 10.50.144.0/24
      - IpProtocol: tcp
        FromPort: 8080
        ToPort: 8080
        CidrIp: 172.25.0.0/16

Upvotes: 1

Related Questions