I would like to deploy a SecurityGroup with an SecurityGroup ingress rule via cloudformation.
I currently use this in the yaml file:
Security
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Securitygroup with access to itself
SecurityIngress:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !Ref Security
SourceSecurityGroupId: !Ref Security
IpProtocol: tcp
FromPort: -1
This will give me an error, stating that the SucurityGroupId would be malformed. That error happens while creating SecurityIngress. Please note that I have changed my stackname to "Stackname".
Invalid Id: \"Stackname-Security-N12M8127812\" (expecting \"sg-\")
So I guess !Ref does not return the ID of the SecurityGroup, but instead returns the name. Is there a way to get to the id?
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the security group if you specified the VpcId property. Otherwise, it returns the name of the security group. If you omit the VpcId property and need the ID of the security group, use Fn::GetAtt instead.
SourceSecurityGroupId: !GetAtt Security.GroupId