How to refer the existing SecurityGroup in CloudFormation?

0
votes

I created the following CloudFormation but it failed the following error after launching. Is it a way to refer the exist SecurityGroup?

AWSTemplateFormatVersion: "2010-09-09"

Resources:
  VPCESecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties: 
      GroupDescription: "Security group for VPCE ASM"
      GroupName: "vpce-asm"
      VpcId: '{{resolve:ssm:/app/network/VPCId:1}}'

  SSMCMKMSKParam:
    Type: AWS::SSM::Parameter
    Properties:
      Name: /app/network/MSK-ASMsg
      Description: SSM parameter consumed by a CloudFormation template for Apache MSK Spoke.
      Type: String
      Value: !Ref VPCESecurityGroup

Error:

Errors from CloudFormation: [{LogicalResourceId : SC-444401234567-pp-hjsppldnc7ic2, ResourceType : AWS::CloudFormation::Stack, StatusReason : The following resource(s) failed to create: [VPCESecurityGroup]. Rollback requested by user.}, {LogicalResourceId : VPCESecurityGroup, ResourceType : AWS::EC2::SecurityGroup, StatusReason : vpce-asm already exists in stack arn:aws:cloudformation:us-east-1:444401234567:stack/SC-444401234567-pp-d0eshkfvci4au/75695b0a-651b-11ea-83dc-0a9027832da7}, {LogicalResourceId : SC-444401234567-pp-hjsppldnc7jc2, ResourceType : AWS::CloudFormation::Stack, StatusReason : User Initiated}]

The following code is already in another stack. How to ref it from the stack?

  VPCESecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties: 
      GroupDescription: "Security group for VPCE ASM"
      GroupName: "vpce-asm"
      VpcId: '{{resolve:ssm:/app/network/VPCId:1}}'
1
amazon-web-servicesyamlamazon-cloudformationaws-cloudformation-custom-resource

1 Answers

0
votes

This is the kind of error you get when you hard code things in CloudFormation. In your case you have hard coded the name of the Security Group ("vpc-asm"). Either delete the old stack before you re-deploy or change the name of the SG in the new stack, or don't hard code the name of the Security Group.