`Invalid security group` shown when tried to create an SG and RDS by CloudFormation

Question

I made following simple CloudFormation template. It tries to create one security group and one RDS, with RDS using the created security group as its security group config.

AWSTemplateFormatVersion: 2010-09-09
Parameters:
  TestDBMasterUserPassword:
    Type: String
    NoEcho: true
Resources:
  TestDB:
    Type: 'AWS::RDS::DBInstance'
    Properties:
      Engine: mysql
      DBInstanceClass: db.t2.micro
      AllocatedStorage: 20
      MasterUsername: root
      MasterUserPassword: !Ref TestDBMasterUserPassword
      VPCSecurityGroups:
        - !Ref TestDBSecurityGroup
  TestDBSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Security Group for TestDB

Creating a stack from this template results in an error, as shown below:

16:58:43 UTC+0900   CREATE_FAILED   AWS::RDS::DBInstance    TestDB  Invalid security group , groupId= inoue-test-stack-testdbsecuritygroup-10t6gvze4gs5k, groupName=. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 16c7e4c5-9201-4dc7-b5b4-8f536c6b807d)

I can't figure out why such error occurs..

Question:

What's wrong with this simple cloud formation template?
- How can I create an specified security group and assign it to RDS on CloudFormation?

John Nicely John Nicely · Accepted Answer · 2018-05-29T08:30:20

When you do !Ref AWS::EC2::SecurityGroup in the VPCSecurityGroups property, this returns the name of the security group and not the ID, which is what the VPCSecurityGroups property requires. Try using - Fn::GetAtt: [ TestDBSecurityGroup, GroupId ] instead.

`Invalid security group` shown when tried to create an SG and RDS by CloudFormation

Question:

1 Answers