AWS SAM template can't reference Security Group resource (created earlier outside the cloudfromation template)

Question

I am writing a SAM template, I am trying to reference the security group id in the VpcConfig section in a lambda function as the following:

      VpcConfig:
        SecurityGroupIds:
          - !GetAtt aurora-mysql.GroupId
        SubnetIds:
          - subnet-1234abcd
          - subnet-abcd1234

where aurora-mysql is the name of the security group created earlier as the following: When I try to deploy the stack it gives the following error message:

Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: Template error: instance of Fn::GetAtt references undefined resource aurora-mysql

It can't see the aurora-mysqlsecurity group.
This security group already exists and was created earlier outside the cloudformation template.
Any solutions please?

AWS PS · Accepted Answer · 2020-01-02T12:50:05.927

2

You can use the "Ref" built-in function to get the resource ID if you created the security in the same template.

If you are wanting to reference an existing security group, then the above won't work. You could pass the security group id as a parameter to the template instead and use the "Ref" built-in to use it where you need it. or you can use cloud formation exports

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html

edited Jan 02 '20 at 12:50

answered Jan 02 '20 at 12:34

AWS PS

4,420
1
9
22

But what is the resource I want to reference is not created in another cloudformation stack. For example: I created the security group via AWS Web Console and I want to reference it using the name and get its ID via getAtt function – m.y.m Jan 02 '20 at 12:47
1

As mentioned the only way is to pass it to the cloud formation by argument, or create function resources to get the ID which makes it even more complicated – AWS PS Jan 02 '20 at 12:49
ignore my last edit to the reply as it was meant with an answer for another question – AWS PS Jan 02 '20 at 12:51
Okay for "create function resources", what do you mean by it? – m.y.m Jan 02 '20 at 12:54
You can create a custom lambda resource that calls a lambda function and return the data https://aws.amazon.com/blogs/infrastructure-and-automation/aws-cloudformation-custom-resource-creation-with-python-aws-lambda-and-crhelper/ – AWS PS Jan 02 '20 at 12:58
Glad to help :) – AWS PS Jan 02 '20 at 14:46

AWS SAM template can't reference Security Group resource (created earlier outside the cloudfromation template)

1 Answers1