Value of property SecurityGroupIds must be of type List of String error while updating stack

Question 1

I am getting ROLLBACK_COMPLETE while try to updating a stack using the following code. Under events, I am not getting an error as “Value of property SecurityGroupIds must be of type List of String”.please help me to find a solution.

Mycode for first stack:

Resources:
  myvpc:
    Type: AWS::EC2::VPC
    Properties:
        CidrBlock: 10.0.0.0/16
        EnableDnsSupport: true
        EnableDnsHostnames: true
        InstanceTenancy: default
        Tags:
            - Key: Name
              Value: myvpc

 myinternetgateway:
    Type: AWS::EC2::InternetGateway
    Properties:
        Tags: 
            - Key: Name
              Value: mygtwy

 mygatewayattach:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
        InternetGatewayId: !Ref myinternetgateway
        VpcId: !Ref myvpc

 mysubnet1:
    Type: AWS::EC2::Subnet
    Properties:
        AvailabilityZone: us-east-1a
        VpcId: !Ref myvpc
        CidrBlock: 10.0.1.0/24
        MapPublicIpOnLaunch: true

 Routetable:
    Type: AWS::EC2::RouteTable
    Properties:
        VpcId: !Ref myvpc

 Route:
    Type: AWS::EC2::Route
    DependsOn: myinternetgateway
    Properties:
        DestinationCidrBlock: 0.0.0.0/0
        GatewayId: !Ref myinternetgateway
        RouteTableId: !Ref Routetable

 SubnetARouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
        RouteTableId: !Ref Routetable
        SubnetId: !Ref mysubnet1

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

Resources:

myvpc:

Type: AWS::EC2::VPC

Properties:

CidrBlock: 10.0.0.0/16

EnableDnsSupport: true

EnableDnsHostnames: true

InstanceTenancy: default

Tags:

- Key: Name

Value: myvpc

myinternetgateway:

Type: AWS::EC2::InternetGateway

Properties:

Tags:

- Key: Name

Value: mygtwy

mygatewayattach:

Type: AWS::EC2::VPCGatewayAttachment

Properties:

InternetGatewayId: !Ref myinternetgateway

VpcId: !Ref myvpc

mysubnet1:

Type: AWS::EC2::Subnet

Properties:

AvailabilityZone: us-east-1a

VpcId: !Ref myvpc

CidrBlock: 10.0.1.0/24

MapPublicIpOnLaunch: true

Routetable:

Type: AWS::EC2::RouteTable

Properties:

VpcId: !Ref myvpc

Route:

Type: AWS::EC2::Route

DependsOn: myinternetgateway

Properties:

DestinationCidrBlock: 0.0.0.0/0

GatewayId: !Ref myinternetgateway

RouteTableId: !Ref Routetable

SubnetARouteTableAssociation:

Type: AWS::EC2::SubnetRouteTableAssociation

Properties:

RouteTableId: !Ref Routetable

SubnetId: !Ref mysubnet1

On update, I added the following. During this time I am getting the error I mentioned earlier

 Myec2:
    Type: 'AWS::EC2::Instance'
    Properties:
        SecurityGroupIds:
            - !Ref Mysecgroup
        KeyName: !Ref KeyName
        ImageId: ami-0922553b7b0369273
        InstanceType: t2.micro
        SubnetId: !Ref mysubnet1

 Mysecgroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
        GroupDescription: Enable SSH access via port 22
        VpcId: !Ref myvpc
        SecurityGroupIngress:
            - IpProtocol: tcp
              FromPort: '22'
              ToPort: '22'
              CidrIp: 0.0.0.0/0

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

Myec2:

Type: 'AWS::EC2::Instance'

Properties:

SecurityGroupIds:

- !Ref Mysecgroup

KeyName: !Ref KeyName

ImageId: ami-0922553b7b0369273

InstanceType: t2.micro

SubnetId: !Ref mysubnet1

Mysecgroup:

Type: 'AWS::EC2::SecurityGroup'

Properties:

GroupDescription: Enable SSH access via port 22

VpcId: !Ref myvpc

SecurityGroupIngress:

- IpProtocol: tcp

FromPort: '22'

ToPort: '22'

CidrIp: 0.0.0.0/0

Question 2

When you specify an AWS::EC2::SecurityGroup type as an argument to the
Ref function, AWS CloudFormation returns the security group name or
the security group ID (for EC2-VPC security groups that are not in a
default VPC).

Your template is referencing the security group name where you should be referencing the group ID.

Myec2:
    Type: 'AWS::EC2::Instance'
    Properties:
        SecurityGroupIds:
            - !GetAtt "Mysecgroup.GroupId"
        KeyName: !Ref KeyName
        ImageId: ami-0922553b7b0369273
        InstanceType: t2.micro
        SubnetId: !Ref mysubnet1

 Mysecgroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
        GroupDescription: Enable SSH access via port 22
        VpcId: !Ref myvpc
        SecurityGroupIngress:
            - IpProtocol: tcp
              FromPort: '22'
              ToPort: '22'
              CidrIp: 0.0.0.0/0

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

Myec2:

Type: 'AWS::EC2::Instance'

Properties:

SecurityGroupIds:

- !GetAtt "Mysecgroup.GroupId"

KeyName: !Ref KeyName

ImageId: ami-0922553b7b0369273

InstanceType: t2.micro

SubnetId: !Ref mysubnet1

Mysecgroup:

Type: 'AWS::EC2::SecurityGroup'

Properties:

GroupDescription: Enable SSH access via port 22

VpcId: !Ref myvpc

SecurityGroupIngress:

- IpProtocol: tcp

FromPort: '22'

ToPort: '22'

CidrIp: 0.0.0.0/0

Value of property SecurityGroupIds must be of type List of String error while updating stack

Question:

Answer:

Leave a Reply Cancel reply