Using Cloud Formation provisioned security group with specific subnet
- by Fred Clausen
Summary
I'm attempting to create an AWS CloudFormation template which contains an instance for which I want to select a particular subnet. If I specify the subnet ID then I get the following error The parameter groupName cannot be used with the parameter subnet. From reading this thread it appears I need to provide security group IDs - not names. How can I create a security group in CloudFormation and then get its ID after the fact?
Details
The relevant part of the instance config is as follows
"WebServerHost": {
"Type" : "AWS::EC2::Instance",
<..skipping metadata...>
"Properties": {
"ImageId" : { "ami-1234" },
"InstanceType" : { "Ref" : "WebServerInstanceType" },
"SecurityGroups" : [ {"Ref" : "WebServerSecurityGroup"} ],
"SubnetId" : "subnet-abcdef123",
and the security group looks as follows
"WebServerSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP and SSH",
"SecurityGroupIngress" : [
{"IpProtocol" : "tcp", "FromPort" : "80", "ToPort" : "80", "CidrIp" : "0.0.0.0/0"},
{"IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0"}
]
}
},
How can I create and then get that security group's ID?