Error: AWS specific parameters and EC2 SecurityGroupIds List String

0 votes

I have a rather annoying issue which I am unable to resolve

The following cut down example works in which I am able to reference a parameter and assign the security groups to my instance via the SecurityGroupIds property:

"Parameters" : {
      "pDefaultSg" : {
        "Description" : "AWS2 VPC default security groups",
        "Type" : "List<AWS::EC2::SecurityGroup::Id>",
        "Default" : "sg-245xxxxx,sg-275xxxxx,sg-235xxxxx" 
      }
    }

    "Resources" : {
      "ec2Instance" : {
        "Type" : "AWS::EC2::Instance",
        "Properties" : {
        "SecurityGroupIds" : { "Ref" : "pDefaultSg" } 
      }
}

The issue begins when I also want to add a second value to the SecurityGroupIds property referencing a security group resource instantiated within the same template:

"Resources" : {
    "ec2Instance" : { ...
        "SecurityGroupIds" : [ { "Ref" : "pDefaultSg" }, { "Fn::GetAtt" : "sgDb", "GroupId" } ],
    ....  

    "sgDb" : {
        "Type" : "AWS::EC2::SecurityGroup",
        "Properties" : { ...

I am then unable to avoid the following error causing the Cloudformation stack to rollback:

Value of property SecurityGroupIds must be of type List of String

Oct 22, 2018 in AWS by findingbugs
• 4,730 points
158 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

The issue is that when pDefaultSg is accessed via the Ref intrinsic function it returns a list, therefore your SecurityGroupIds Property looks like

[["sg-245xxxxx","sg-275xxxxx","sg-235xxxxx"],"sg-1234DB"]

The solution is to change your SecurityGroupIds Property to Fn::Join the pDefaultSg List to a comma separated string followed by the sgDb:

"SecurityGroupIds": [ 
  {"Fn::Join": 
    [",", 
      {"Ref": "pDefaultSg"}
    ]
  }, 
  { "Fn::GetAtt" : ["sgDb", "GroupId"] } 
]
answered Oct 22, 2018 by Priyaj
• 56,120 points

Related Questions In AWS

0 votes
1 answer

Termination Error: Inaccurate AWS EC2 Spot Advisor Interruption Likelihood

You can get a brief by this:- https://aws.amazon.com/ec2/spot/instanc ...READ MORE

answered Oct 15, 2018 in AWS by Priyaj
• 56,120 points
12 views
0 votes
1 answer
+2 votes
2 answers

Is it possible to ping AWS EC2 instance

Start by adding a new EC2 security group inbound ...READ MORE

answered Apr 9, 2018 in AWS by hemant
• 5,750 points
235 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.