I am trying to build up a simple cloudformation template which creates an EC2 instance & 2 network interfaces and attaches them to Ec2 instance. While I am passing the security groups to the ENIs, I am getting error that the security group id doesn't exists while it does exist.
I think the issue is coming up while transforming the security groups as list of Strings and passing them to groupSet property of AWS::EC2::NetworkInterface . When I choose just one security group, this template works fine but doesn't work as soon as I select multiple SGs.
Cloudformation Teamplate
{
"AWSTemplateFormatVersion":"2010-09-09",
"Description":"AWS Cloudformation Sample Template",
"Parameters":{
"WebServerSecurityGroup" : {
"Type" : "List<AWS::EC2::SecurityGroup::Id>",
"Description" : "The list of security groups in your Virtual Private Cloud (VPC)",
"ConstraintDescription" : "must be the security group id in an existing Virtual Private Cloud."
},
"Subnet" : {
"Type" : "AWS::EC2::Subnet::Id",
"Description" : "The subet in which to launch the instance"
},
"InstanceType":{
"Description":"Webserver EC2 instance type",
"Type":"String",
"Default":"t2.small",
"AllowedValues":[ "t1.micro", "t2.nano", "t2.micro", "t2.small", "t2.medium", "t2.large","t2.2xlarge", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "m3.medium", "m3.large", "m3.xlarge", "m3.2xlarge", "m4.large", "m4.xlarge", "m4.2xlarge", "m4.4xlarge", "m4.10xlarge", "c1.medium", "c1.xlarge", "c3.large", "c3.xlarge", "c3.2xlarge", "c3.4xlarge", "c3.8xlarge", "c4.large", "c4.xlarge", "c4.2xlarge", "c4.4xlarge", "c4.8xlarge", "g2.2xlarge", "g2.8xlarge", "r3.large", "r3.xlarge", "r3.2xlarge", "r3.4xlarge", "r3.8xlarge", "i2.xlarge", "i2.2xlarge", "i2.4xlarge", "i2.8xlarge", "d2.xlarge", "d2.2xlarge", "d2.4xlarge", "d2.8xlarge", "hi1.4xlarge", "hs1.8xlarge", "cr1.8xlarge", "cc2.8xlarge", "cg1.4xlarge"],
"ConstraintDescription":"must be a valid EC2 instance type"
},
"KeyName":{
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
"Type" : "AWS::EC2::KeyPair::KeyName",
"MinLength": "1",
"MaxLength": "255",
"AllowedPattern" : "[\\x20-\\x7E]*",
"ConstraintDescription" : "can contain only ASCII characters."
}
},
"Resources":{
"NIC1" : {
"Type" : "AWS::EC2::NetworkInterface",
"Properties" : {
"SubnetId" : { "Ref" : "Subnet" },
"GroupSet":[
{"Fn::Join":
[",",
{"Ref": "WebServerSecurityGroup"}
]
}
]
}
},
"NIC2" : {
"Type" : "AWS::EC2::NetworkInterface",
"Properties" : {
"SubnetId" : { "Ref" : "Subnet" },
"GroupSet":[
{"Fn::Join":
[",",
{"Ref": "WebServerSecurityGroup"}
]
}
]
}
},
"MyEC2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" :"ami-059ab56ffb17ed971",
"KeyName" : { "Ref" : "KeyName" },
"InstanceType" : { "Ref" : "InstanceType" },
"NetworkInterfaces" : [
{ "NetworkInterfaceId" : { "Ref" : "NIC1" }, "DeviceIndex" : "0" },
{ "NetworkInterfaceId" : { "Ref" : "NIC2" }, "DeviceIndex" : "1" }
]
}
}
}
}
Error
Please help.
