How do I properly use the Fn::Join object inside a CloudFormation Template?

Question

I am trying to create a Security Group using a Fn::Join function but I'm getting the following error when building my template :

✖ Template validation failed.
An error occurred (ValidationError) when calling the ValidateTemplate operation: Template error: every Fn::Join object requires two parameters, (1) a string delimiter and (2) a list of strings to be joined or a function that returns a list of strings (such as Fn::GetAZs) to be joined.

What am I doing wrong here?

  ContainerSecurityGroup:
    Type :  AWS::EC2::SecurityGroup
    Properties : 
       InstanceId: !Ref ContainerSG
       GroupDescription :  "ECS Containers Security Group"
       VpcId : 
         "Fn::Join" :
                -  ""
                - -  "{{resolve:ssm:"
                -  /
                -  "ca"
                -  /
                -  "config"
                -  /
                -  "network"
                -  /
                -  "vpc_id:"
                -  !Sub   "${ParamVersion}"
                -  "}}"
       GroupName :  !Sub   ${Env}-${ServiceName}-sg
       SecurityGroupIngress :
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.49.63.0/24
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.93.0.0/16
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.97.0.0/16
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.50.128.0/21
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.50.144.0/24
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  172.25.0.0/16

This is a sample that someone've sent me but I can't figure out what's wrong.

Answer 1

The list of strings need to be indented:

ContainerSecurityGroup:
    Type :  AWS::EC2::SecurityGroup
    Properties : 
       InstanceId: !Ref ContainerSG
       GroupDescription :  "ECS Containers Security Group"
       VpcId : 
         !Join :
                -  ""
                - -  "{{resolve:ssm:"
                  -  /
                  -  "ca"
                  -  /
                  -  "config"
                  -  /
                  -  "network"
                  -  /
                  -  "vpc_id:"
                  -  !Sub   "${ParamVersion}"
                  -  "}}"
       GroupName :  !Sub   ${Env}-${ServiceName}-sg
       SecurityGroupIngress :
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.49.63.0/24
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.93.0.0/16
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.97.0.0/16
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.50.128.0/21
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  10.50.144.0/24
        -  IpProtocol :  tcp
           FromPort :  8080
           ToPort :  8080
           CidrIp :  172.25.0.0/16