Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Cross account security group reference in Cloudformation

Tags:

amazon-web-services

aws-cloudformation

Similar to this question: How do I add a cloudformation security group ingress rule that refers to another security group?

Is it possible to reference a security group that lies within another AWS Account?

Ideally I'd like to take a string input parameter like this: {account-id}/{security-group-id}

This doesn't work, but not sure why not..

"SecurityGroupEgress": [
            {
                "Description": "test referencing cross account sg",
                "DestinationSecurityGroupId": "1234455677/sg-124455",
                "IpProtocol": "icmp",
                "FromPort": "-1",
                "ToPort": "-1"
            }
        ],

And then reference that within the Template ingress/egress rules.

like image 451
comfytoday Avatar asked Jan 31 '26 10:01

comfytoday

1 Answers

You can use this syntax (yaml) to be able to reference a security group from another AWS account:

LoadBalancerSecurityGroup
Type: 'AWS::EC2::SecurityGroup'
Properties:
  GroupDescription: 'Load Balancer SG'
  VpcId: !Ref VpcId
  SecurityGroupIngress:
  - IpProtocol: tcp
    FromPort: 443
    ToPort: 443
    SourceSecurityGroupOwnerId: '01234567890'
    SourceSecurityGroupId: 'sg-0123456789exampleid'

It's an ingress example, for egress, you usually do it the other way around, allowing the access on the other sg (modifying it's ingress).

like image 105
Gabriel Avatar answered Feb 02 '26 00:02

Gabriel
Sign in to Comment

Related questions

How do I create an AWS Access Point Policy, without getting "Error Policy has invalid resource"?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!