Template format error: Unresolved resource dependencies

amazon-web-services amazon-cloudformation
23,773

!Ref only works for Logical ID that exists within the template. That doesn't mean that you can't reference an existing security group, that just mean that you'll have to reference it in some other way. For your particular use case I suggest you pass the security group as a stack parameter like so:

Parameters:
  KeyName:
    Default: TestKeyPair
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: AWS::EC2::KeyPair::KeyName
  SSHSecurityGroup:
    Description: SecurityGroup that allows access to the instance via SSH
    Type: AWS::EC2::SecurityGroup::Id
Resources:
  Dev:
    Properties:
      ImageId: ami-4e79ed36
      InstanceType: t2.micro
      KeyName: !Ref 'KeyName'
      SecurityGroups:
        - !Ref SSHSecurityGroup
    Type: AWS::EC2::Instance

On the stack creation you just have to pass the SSH Security Group in the appropriated field.

That being said, you won't have a much dynamic setup if you do it this way. You should either define the security group within this template and reference it directly (using !Ref), or you could create a template that manages all security groups and use the Export/Import feature of CloudFormation to reference the security groups between stacks.

Share:
23,773
alessmar
Author by

alessmar

Updated on July 09, 2022

Comments

  • alessmar
    alessmar almost 2 years

    I try to create an EC2 instance with the template below:

    Parameters:
  KeyName:
    Default: TestKeyPair
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
    Type: AWS::EC2::KeyPair::KeyName
Resources:
  Dev:
    Properties:
      ImageId: ami-4e79ed36
      InstanceType: t2.micro
      KeyName: !Ref 'KeyName'
      SecurityGroups:
        - !Ref 'SSH'
    Type: AWS::EC2::Instance

    but I get:

    An error occurred (ValidationError) when calling the CreateChangeSet operation: Template format error: Unresolved resource dependencies [SSH] in the Resources block of the template

    I can't understand what's wrong in the template since the security group named "SSH" is already present:

    $ aws ec2 describe-security-groups --group-names SSH
....
"IpPermissions": [
    {
        "ToPort": 22,
        "IpRanges": [
            {
                "CidrIp": "0.0.0.0/0"
            }
        ],
        "FromPort": 22,
        "IpProtocol": "tcp",
        "UserIdGroupPairs": [],
        "PrefixListIds": [],
        "Ipv6Ranges": []
    }
],
"GroupName": "SSH",
"GroupId": "sg-3b8bc345",
"Description": "Enable SSH access via port 22",
"OwnerId": "150811659115",
"VpcId": "vpc-a84688cf"
....

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Create Nested If else in AWS Cloud Formation Template
AWS cloudformation error: Template validation error: Template error: resource NotificationsTopic does not support attribute type Arn in Fn::GetAtt
AWS::CloudFormation::Init how does it work?
How to add multiple security groups and group names in cloudformation using template?
Non-Windows instances with a virtualization type of 'hvm' are currently not supported for this instance type : [AWS Cloudformation]
How to set DynamoDB Read/write capacity mode to On-demand on CloudFormation
How can I (securely) download a private S3 asset onto a new EC2 instance with cloudinit?
AWS Cloudformation - How to use If Else conditions
AWS cloudformation: One big template file or many small ones?
Trying to pass parameters from Master to child template