Value of property SecurityGroupIds must be of type List of String error while updating stack
Solution 1
When you specify an AWS::EC2::SecurityGroup type as an argument to the Ref function, AWS CloudFormation returns the security group name or the security group ID (for EC2-VPC security groups that are not in a default VPC).
Your template is referencing the security group name where you should be referencing the group ID.
Myec2:
Type: 'AWS::EC2::Instance'
Properties:
SecurityGroupIds:
- !GetAtt "Mysecgroup.GroupId"
KeyName: !Ref KeyName
ImageId: ami-0922553b7b0369273
InstanceType: t2.micro
SubnetId: !Ref mysubnet1
Mysecgroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable SSH access via port 22
VpcId: !Ref myvpc
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: 0.0.0.0/0
Solution 2
Referencing Security Group by name (instead of SecurityGroupIds
) works for me:
EC2SG1IKTA:
Type: 'AWS::EC2::SecurityGroup'
EC2I1K240:
Type: 'AWS::EC2::Instance'
Properties:
SecurityGroups:
- !Ref EC2SG1IKTA
aroN
Iam an open source enthusiast having keen interest on devops. I love to learn new technologies and also having an open mind to share my knowledge and ideas.
Updated on June 04, 2020Comments
-
aroN almost 4 years
I am getting ROLLBACK_COMPLETE while try to updating a stack using the following code. Under events, I am not getting an error as "Value of property SecurityGroupIds must be of type List of String".please help me to find a solution.
Mycode for first stack:
Resources: myvpc: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsSupport: true EnableDnsHostnames: true InstanceTenancy: default Tags: - Key: Name Value: myvpc myinternetgateway: Type: AWS::EC2::InternetGateway Properties: Tags: - Key: Name Value: mygtwy mygatewayattach: Type: AWS::EC2::VPCGatewayAttachment Properties: InternetGatewayId: !Ref myinternetgateway VpcId: !Ref myvpc mysubnet1: Type: AWS::EC2::Subnet Properties: AvailabilityZone: us-east-1a VpcId: !Ref myvpc CidrBlock: 10.0.1.0/24 MapPublicIpOnLaunch: true Routetable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref myvpc Route: Type: AWS::EC2::Route DependsOn: myinternetgateway Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref myinternetgateway RouteTableId: !Ref Routetable SubnetARouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref Routetable SubnetId: !Ref mysubnet1
On update, I added the following. During this time I am getting the error I mentioned earlier
Myec2: Type: 'AWS::EC2::Instance' Properties: SecurityGroupIds: - !Ref Mysecgroup KeyName: !Ref KeyName ImageId: ami-0922553b7b0369273 InstanceType: t2.micro SubnetId: !Ref mysubnet1 Mysecgroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Enable SSH access via port 22 VpcId: !Ref myvpc SecurityGroupIngress: - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: 0.0.0.0/0
-
aroN over 5 years@George..thanx dude...iam really playing around with this whole day.thanks for the solution.I have one doubt..cloud formation will return security group id only for default vpc..right? otherwise we have to use !GetAtt to get the id.right?
-
George Rushby over 5 yearsIf you are creating assets in a VPC the the
GetAtt
is fine; if you are using AWS classic then you have to switch toRef
. Bottom line is that your template is creating a VPC so you are safe to use theGetAtt