Search code examples
amazon-web-servicesaws-cloudformationaws-security-group

How to self-reference SourceSecurityGroup in cloudformation?

i have this code:

Mysql:
Type: 'AWS::EC2::SecurityGroup'
Properties:
  GroupName: Mysql
  GroupDescription: MySQL security group
  SecurityGroupIngress:
    - IpProtocol: tcp
      FromPort: 3306
      SourceSecurityGroupName: Mysql
      ToPort: 3306
  Tags:
    - Key: Name
      Value: MySQL 3306 Access
  VpcId: !ImportValue VPC-ID

this returns this error: The security group 'Mysql' does not exist in default VPC 'vpc-xxx' (Service: AmazonEC2; Status Code: 400; Error Code: InvalidGroup.NotFound; Request ID: xxxxx)

I have had the opportunity to see security groups where if you could self-reference to it, but I can not achieve this rule. Someone who has encountered the same problem?

Solution

  • Use the SecurityGroupIngress or SecurityGroupEgress resources when you need self referencing security groups or security groups that reference each other.

    https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html

    Basically you will create the security group then add a rule to it.