Intellipaat Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in AWS by (19.1k points)

I've got a CloudFormation script that generates a SecurityGroup and an ELB; I'm trying to reference the SecurityGroup in the ELB creation; here's the resources bit:

    "ELBSecurityGroup" : {

        "Type" : "AWS::EC2::SecurityGroup",

        "Properties" : {

            "GroupDescription" : "Security group for the Arena dev stack",

            "SecurityGroupIngress" : [

                {"IpProtocol" : "tcp", "FromPort" : 80, "ToPort" : 80, "CidrIp" : { "Ref" : "OfficeIp" }}

            ]

        }

    },

    "ProjectLoadBalancerTest" : {

        "Type" : "AWS::ElasticLoadBalancing::LoadBalancer",

        "Properties" : {

            "AvailabilityZones" : { "Fn::GetAZs" : "" },

            "Instances" : [  ],

            "Listeners" : [ {

                "LoadBalancerPort" : "80",

                "InstancePort" : "12345",

                "Protocol" : "HTTP"

            } ],

            "HealthCheck" : {

                "Target" : {

                    "Fn::Join" : [ "", [ "HTTP:", "12345", "/status.json" ] ]

                },

                "HealthyThreshold" : "2",

                "UnhealthyThreshold" : "5",

                "Interval" : "60",

                "Timeout" : "30"

            },

            "SecurityGroups" : [

                { "Ref" : "ELBSecurityGroup" }

            ]

        }

    }

Unfortunately, this fails with:

Invalid id: "sebelbtest2-ELBSecurityGroup-1F5Z5DIIVQKD1" (expecting "sg-...")

So how can I reference ELBSecurityGroup for use as a property in the ELB creation?

1 Answer

0 votes
by (44.4k points)

As mytwocents mentioned, the solution is to use Fn::GetAtt. SecurityGroups are now supported by this function: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html

This works on the ELB:

...

"SecurityGroups" : [

    { "Fn::GetAtt" : [ "ELBSecurityGroup", "GroupId" ] }

]

...

Note. If you're putting this into a non-default VPC you'll also need to specify the VPC for the security group, and a subnet ID for the ELB.

You can read more about Elastic Load Balancing on AWS Elb.

To learn more about CloudFormation, you can visit AWS Cloudformation.

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

31k questions

32.8k answers

501 comments

693 users

Browse Categories

...