AWS Cloudformation !Ref SecurityGroup returns an invalid ID

Question

I would like to deploy a SecurityGroup with an SecurityGroup ingress rule via cloudformation.

I currently use this in the yaml file:

Security
  Type: AWS::EC2::SecurityGroup
  Properties:
    GroupDescription: Securitygroup with access to itself
SecurityIngress:
  Type: AWS::EC2::SecurityGroupIngress
  Properties:
    GroupId: !Ref Security
    SourceSecurityGroupId: !Ref Security
    IpProtocol: tcp
    FromPort: -1

This will give me an error, stating that the SucurityGroupId would be malformed. That error happens while creating SecurityIngress. Please note that I have changed my stackname to "Stackname".

Invalid Id: \"Stackname-Security-N12M8127812\" (expecting \"sg-\")

So I guess !Ref does not return the ID of the SecurityGroup, but instead returns the name. Is there a way to get to the id?

score 11 · Accepted Answer · edited Apr 07 '23 at 19:56

11

Using !Ref will return the resource name. This is clearly mentioned in the documentation. You need to use the !GetAtt to get the one of the resource attributes, including the Security Group id.

SourceSecurityGroupId: !GetAtt Security.GroupId

edited Apr 07 '23 at 19:56

neuquen

3,991
15
58
78

answered Jul 24 '19 at 07:45

WalKh

462
3
8

6

It is not very clear in the documentation. The doco tells you that sometimes you'll get the name, and sometimes the ID. And AWS snippets sometimes assume one, and sometimes the other. So it's a good question. – andrew lorien Jun 11 '20 at 07:23

AWS Cloudformation !Ref SecurityGroup returns an invalid ID

1 Answers1