Cloud Formation AWS::EC2::SecurityGroup VpcId takes a string?

1
votes

I am trying to write a cloud formation template which sets up a security group for a load balancer. I have the following to select a VPC for the SecurityGroup:

"Parameters" : {
  "VpcId" : {
    "Description" : "VPC associated with the provided subnets",
    "Type" : "List<AWS::EC2::VPC::Id>"
  },
},

And then to create the load balancer security group I have:

"LbSecurityGroup" : {
  "Type" : "AWS::EC2::SecurityGroup",
  "Properties" : {
    "GroupDescription" : "Stack LBs",
    "VpcId" : { "Ref" : "VpcId" }
  }
},

When I launch the stack it fails with:

CREATE_FAILED   AWS::EC2::SecurityGroup LbSecurityGroup
Value of property VpcId must be of type String

First of all, why the heck isn't AWS::EC2::SecurityGroup.VpcId of type AWS::EC2::VPC::Id? And second of all, how do I massage that into a string?

Thanks in advance!

2
amazon-web-servicesamazon-cloudformation

2 Answers

4
votes

The additional, more specific types (like AWS::EC2::SecurityGroup instead of just String) are new, and are only used for parameters - the purpose is to validate that resources exist before trying to create the stack. See Using the New CloudFormation Parameter Types for more information.

In your case I believe the problem is that type of the VpcId parameter is a list of AWS::EC2::SecurityGroup values, though, and not a single AWS::EC2::SecurityGroup value? The VpcId property of AWS::EC2::SecurityGroup resources takes only single strings, not lists of strings - see VpcId.

2
votes

If you want the user to choose one VPC from a dropdown list, then use AWS::EC2::VPC::Id.

If you want the user to select one or more VPCs from a checkboxlist, then use List<AWS::EC2::VPC::Id>.