Value of property SecurityGroupIds must be of type List of String error while updating stack

amazon-web-services amazon-ec2 cloud amazon-cloudformation devops
29,660

Solution 1

When you specify an AWS::EC2::SecurityGroup type as an argument to the Ref function, AWS CloudFormation returns the security group name or the security group ID (for EC2-VPC security groups that are not in a default VPC).

Your template is referencing the security group name where you should be referencing the group ID. 

Myec2:
    Type: 'AWS::EC2::Instance'
    Properties:
        SecurityGroupIds:
            - !GetAtt "Mysecgroup.GroupId"
        KeyName: !Ref KeyName
        ImageId: ami-0922553b7b0369273
        InstanceType: t2.micro
        SubnetId: !Ref mysubnet1

 Mysecgroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
        GroupDescription: Enable SSH access via port 22
        VpcId: !Ref myvpc
        SecurityGroupIngress:
            - IpProtocol: tcp
              FromPort: '22'
              ToPort: '22'
              CidrIp: 0.0.0.0/0

Solution 2

Referencing Security Group by name (instead of SecurityGroupIds) works for me:

EC2SG1IKTA:
    Type: 'AWS::EC2::SecurityGroup'
EC2I1K240:
    Type: 'AWS::EC2::Instance'
    Properties:
      SecurityGroups:
        - !Ref EC2SG1IKTA
Share:
29,660
aroN
Author by

aroN

Iam an open source enthusiast having keen interest on devops. I love to learn new technologies and also having an open mind to share my knowledge and ideas.

Updated on June 04, 2020

Comments

  • aroN
    aroN almost 4 years

    I am getting ROLLBACK_COMPLETE while try to updating a stack using the following code. Under events, I am not getting an error as "Value of property SecurityGroupIds must be of type List of String".please help me to find a solution.

    Mycode for first stack:

    Resources:
  myvpc:
    Type: AWS::EC2::VPC
    Properties:
        CidrBlock: 10.0.0.0/16
        EnableDnsSupport: true
        EnableDnsHostnames: true
        InstanceTenancy: default
        Tags:
            - Key: Name
              Value: myvpc

 myinternetgateway:
    Type: AWS::EC2::InternetGateway
    Properties:
        Tags: 
            - Key: Name
              Value: mygtwy

 mygatewayattach:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
        InternetGatewayId: !Ref myinternetgateway
        VpcId: !Ref myvpc

 mysubnet1:
    Type: AWS::EC2::Subnet
    Properties:
        AvailabilityZone: us-east-1a
        VpcId: !Ref myvpc
        CidrBlock: 10.0.1.0/24
        MapPublicIpOnLaunch: true

 Routetable:
    Type: AWS::EC2::RouteTable
    Properties:
        VpcId: !Ref myvpc

 Route:
    Type: AWS::EC2::Route
    DependsOn: myinternetgateway
    Properties:
        DestinationCidrBlock: 0.0.0.0/0
        GatewayId: !Ref myinternetgateway
        RouteTableId: !Ref Routetable

 SubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
        RouteTableId: !Ref Routetable
        SubnetId: !Ref mysubnet1

    On update, I added the following. During this time I am getting the error I mentioned earlier

     Myec2:
    Type: 'AWS::EC2::Instance'
    Properties:
        SecurityGroupIds:
            - !Ref Mysecgroup
        KeyName: !Ref KeyName
        ImageId: ami-0922553b7b0369273
        InstanceType: t2.micro
        SubnetId: !Ref mysubnet1

 Mysecgroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
        GroupDescription: Enable SSH access via port 22
        VpcId: !Ref myvpc
        SecurityGroupIngress:
            - IpProtocol: tcp
              FromPort: '22'
              ToPort: '22'
              CidrIp: 0.0.0.0/0
  • aroN
    aroN over 5 years
    @George..thanx dude...iam really playing around with this whole day.thanks for the solution.I have one doubt..cloud formation will return security group id only for default vpc..right? otherwise we have to use !GetAtt to get the id.right?
  • George Rushby
    George Rushby over 5 years
    If you are creating assets in a VPC the the GetAtt is fine; if you are using AWS classic then you have to switch to Ref. Bottom line is that your template is creating a VPC so you are safe to use the GetAtt

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

At least one Resources member must be defined ...error in cloud formation ec2
Non-Windows instances with a virtualization type of 'hvm' are currently not supported for this instance type : [AWS Cloudformation]
Amazon EC2: How install glassfish in EC2?
How to get cfnoutputs of AWS stack to a file using AWS-CDK
How to assign EIP to Autoscaling Group of VPC in Cloudformation template
Mounting an Amazon EC2 instance on Mac OS X
How to change the computer name on a server configured by Puppet
Amazon Cloud Formation: Import file from S3 bucket
How do I specify in an AWS Cloudformation template that my t1.micro instances are 64-bit architecture
Assigning a public ip to an ec2 in cloudformation?