问题描述:

I have a rather annoying issue which I am unable to resolve and will do my best to explain.

The following cut down example works in which I am able to reference a parameter and assign the security groups to my instance via the SecurityGroupIds property:

"Parameters" : {

"pDefaultSg" : {

"Description" : "AWS2 VPC default security groups",

"Type" : "List<AWS::EC2::SecurityGroup::Id>",

"Default" : "sg-245xxxxx,sg-275xxxxx,sg-235xxxxx"

}

}

"Resources" : {

"ec2Instance" : {

"Type" : "AWS::EC2::Instance",

"Properties" : {

"SecurityGroupIds" : { "Ref" : "pDefaultSg" }

}

}

网友答案:

The issue is that when pDefaultSg is accessed via the Ref intrinsic function it returns a list, therefore your SecurityGroupIds Property looks like

[["sg-245xxxxx","sg-275xxxxx","sg-235xxxxx"],"sg-1234DB"]

The solution is to change your SecurityGroupIds Property to Fn::Join the pDefaultSg List to a comma separated string followed by the sgDb:

"SecurityGroupIds": [ 
  {"Fn::Join": 
    [",", 
      {"Ref": "pDefaultSg"}
    ]
  }, 
  { "Fn::GetAtt" : ["sgDb", "GroupId"] } 
]
相关阅读:
Top