I have a cloudformation snippet that looks roughly like this :
ContainerSecurityGroup:
Type : AWS::EC2::SecurityGroup
Properties :
InstanceId: !Ref ContainerSG
GroupDescription : "ECS Containers Security Group"
VpcId :
!Join :
- ""
- - "{{resolve:ssm:"
- /
- "ca"
- /
- "config"
- /
- "network"
- /
- "vpc_id:"
- !Sub "${ParamVersion}"
- "}}"
GroupName : !Sub ${Env}-${ServiceName}-sg
SecurityGroupIngress :
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 10.49.63.0/24
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 10.93.0.0/16
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 10.97.0.0/16
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 10.50.128.0/21
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 10.50.144.0/24
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 172.25.0.0/16
But when I try to run this, I get the following error:
Template contains errors.: Template format error: [/Resources/ContainerSecurityGroup/Type/VpcId] map keys must be strings; received a map instead
Can anybody help me to resolve this one? Is there perhaps a workaround I have not considered? Would appreciate your help on this, thank you.
Why are you even joining? Can't you just use:
ContainerSecurityGroup:
Type : AWS::EC2::SecurityGroup
Properties :
InstanceId: !Ref ContainerSG
GroupDescription : "ECS Containers Security Group"
VpcId : !Sub '{{resolve:ssm:/ca/config/network/vpc_id:${ParamVersion}}}'
GroupName : !Sub ${Env}-${ServiceName}-sg
SecurityGroupIngress :
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 10.49.63.0/24
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 10.93.0.0/16
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 10.97.0.0/16
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 10.50.128.0/21
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 10.50.144.0/24
- IpProtocol : tcp
FromPort : 8080
ToPort : 8080
CidrIp : 172.25.0.0/16