Search code examples
amazon-web-servicesaws-cloudformationaws-security-group

Why this Security Group is not being created in CloudFormation Stack?

I am trying to create a Security Group and name it based on Fn::If intrinsic function. 

Parameters:
  Environment:
    Type: String
    Description: Select Environment, Default is DEMO
    Default: DEMO
    AllowedValues: [ PROD, DEMO, QA, PERF, STAGING, INTEGRATION ]
Conditions:
  SGEnvironment: !Equals [!Ref Environment, PROD]

Resources:
  SG:
    Type: AWS::EC2::SecurityGroup
    Condition: SGEnvironment
    Properties:
      GroupName: !If [ SGEnvironment,"PROD-SG","NON-PROD-SG"]

Security Group is created whenever the condition is true but it does not get created when condition is false.

Security Group is not created whenever Environment Parameter is selected other than PROD.

Solution

  • If you want to create SG all the time, please remove Condition: SGEnvironment. With Condition: SGEnvironment, the behaviour is same as what you mentioned.

    1. SGEnvironment == PROD --> create SG
    2. SGEnvironment != PROD --> not create SG

    Please refer here for more information.