I am creating a basic security group using cloud formation on AWS but I am getting Property IpProtocol cannot be empty. error. Following is the yml code I am running:
Resources:
testsecuritygroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: test-group
GroupDescription: test security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
- SourceSecurityGroupId: sg-xxxxxxxxxx
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0
Tags:
- Key: group
Value: test
VpcId: !ImportValue VPC
When I run create-stack command it is running successfully but the stack is rolled back with CREATE_FAILED status and Property IpProtocol cannot be empty error. What I am doing wrong here?
I resolved this issue. To add a security group we have to create an Ingress rule and attach it to the security group instead of defining it in the security group.
Resources:
test:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !ImportValue VPC
GroupName: test-group
GroupDescription: test security group
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Tags:
- Key: group
Value: test
TestInboundRule:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !GetAtt test.GroupId
IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: sg-xxxxxxxxx