Cloudformation: create aws security group referencing another security group

Question

I would like to create an rds security group allowing all access from another security group. I know this is possible in the web ui consul by selecting custom as the source type and then entering the security group id in place of an ip address range. Here is an example of what im attempting to use at the moment:

"SgRds2Ec2SecurityGroup": {
  "Type": "AWS::EC2::SecurityGroup",
  "Properties": {
    "GroupDescription": "rds access from corp",
    "VpcId": {
      "Ref": "VpcId"
    },
    "SecurityGroupIngress": [
      {
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "SecurityGroupID": {
          "Ref": "SgRdsEc2SecurityGroup"
        }
      }
    ]
  }
}

This gives me the error:

2018-01-22 18:48:47 UTC   SgRds2Ec2SecurityGroup   CREATE_FAILED        Encountered unsupported property SecurityGroupID

What should I use in place of SecurityGroupID?

score 2 · Accepted Answer · answered Jan 22 '18 at 19:01

According to the documentation you're looking for SourceSecurityGroupId.

"SecurityGroupIngress": [
  {
    "IpProtocol": "tcp",
    "FromPort": "0",
    "ToPort": "65535",
    "SourceSecurityGroupId": {
      "Ref": "SgRdsEc2SecurityGroup"
    }
  }
]

Cloudformation: create aws security group referencing another security group

1 Answers1