0

I've wrote a CloudFormation template which creates an AutoScaling Group which in turn starts up servers per environment.

Up until today the company has been working in region us-west-2 and the SecurityGroups mapping looked like so:

"SecurityGroupMap" : {
    "DEV"  : { "sg" : "sg-d111acbe" },
    "Load"  : { "sg" : "sg-d111acbe" },
    "Staging"   : { "sg" : "sg-d123acbe" },
    "Prod-US" : { "sg" : "sg-d145acbe" }
},

Now there's a new motivation, my boss wants us to be able to start build that CloudFormation template in another region.

Since it's another region, I'll need to manually create ahead the required SecurityGroups and update their ID in the template.

I was wondering, if such a writing method would work:

"SecurityGroupMap" : {
    "RegionMap": {
        "us-east-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
        "us-east-2" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
        "us-west-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
        "us-west-2" : { "DEV" : "sg-d143acbe", "Load" : "sg-d143acbe", "Staging" : "sg-d143acbe", "Prod-US" : "sg-d143acbe" },
        "eu-west-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
        "eu-central-1" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" },
        "eu-west-2" : { "DEV" : "sg-1", "Load" : "sg-2", "Staging" : "sg-3", "Prod-US" : "sg-4" }
    },

And if so, how would the [ { "Fn::FindInMap" : } ] will look like?

Itai Ganot
  • 10,644
  • 29
  • 93
  • 146

1 Answers1

1

In your second example you have nested too much your mapping. I suggest you remove RegionMap and have the regions directly under SecurityGroupMap. After you can reference to one security group using the following:

{ "Fn::FindInMap" : [ "SecurityGroupMap", { "Ref" : "AWS::Region" }, "DEV"] }

Laurent Jalbert Simard
  • 178
  • 1
  • 6