Search code examples
amazon-web-servicesaws-cloudformationaws-security-group

How to add multiple security groups and group names in cloudformation using template?

 "dbxSG": 
    {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": 
      {
        "GroupDescription": "Enable dbX Access",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": "22",
            "ToPort": "22",
            "CidrIp": "0.0.0.0/0"
          }
        ]
      }
    },
    "dbxSGIngress" : 
    {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": 
      {
        "GroupName": { "Ref": "dbxSG" },
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "SourceSecurityGroupName": { "Ref": "dbxSG" }
      }
    },

How do I add multiple security group names in above json file? "dbxSG" name is referring in many times. I want to add one more security group with a new name. How do I add it?

Solution

  • Yes, you can attach multiple Security Groups to an EC2 Instance when created using CloudFormation. Below is sample json to accomplish it. I have attached WebSubnetSG & AppSubnetSG to the EC2 Instance.

    {
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Multiple Security Groups - Demo",
  "Resources" : {
  "VPC": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "10.0.0.0/16" ,
        "Tags": [
          {
            "Key": "Name",
            "Value": "Multi Security Group"
          }
        ]
      }
    },
    "WebSubnet": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "CidrBlock": "10.0.10.0/24",
        "Tags": [
          {
            "Key": "Application",
            "Value": "Multi SG Subnet"
          }]
      }
    },
    "WebServerSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "SG for the Web Server",
        "VpcId": {
          "Ref": "VPC"
        },
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "SecurityGroupIngress" : [
            {
            "IpProtocol": "tcp",
            "CidrIp": "0.0.0.0/0",
            "FromPort": "80",
            "ToPort": "80"
          },
          {
            "IpProtocol": "tcp",
            "CidrIp": "0.0.0.0/0",
            "FromPort": "443",
            "ToPort": "443"
          }
        ]
      }
    },
    "AppServerSGIngress": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Ref": "AppServerSG"
        },
        "IpProtocol": "tcp",
        "CidrIp": "0.0.0.0/0",
        "FromPort" : "9090",
        "ToPort" : "9090"
      }
    },
    "AppServerSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "SG for the App Server",
        "VpcId": {
          "Ref": "VPC"
        },
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "SecurityGroupIngress" : [
            {
            "IpProtocol": "tcp",
            "CidrIp": "0.0.0.0/0",
            "FromPort": "8080",
            "ToPort": "8080"
          }
        ]
      }
    },
    
    "MultiSGInstance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": "ami-12345678",
        "KeyName": "your-key-pair",
        "SecurityGroupIds": [
          {
            "Ref": "WebServerSG"
          },
          {
            "Ref": "AppServerSG"
          }
        ],
        "InstanceType": "t2.micro",
        "SubnetId": {
          "Ref": "WebSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "MultiSG"
          }
        ]
      }
    }
  },
  "Outputs" : {}
 }