Menu
I see there are Fn::GetAtt and Fn::Select functions but how can I use such or any other that can return VPC CIDR and set to CidrIp property on Egress listed below (cf tempalate)
"OutboundRule": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties":{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp" : "<VPC Cidr>"
}
}
569
If you had already declared your VPC as another resource in the same template, you could use Fn::GetAtt to refer to its CIDR like this (assuming "MyVPC" is the logical name you gave that VPC resource):
{
"OutboundRule": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties":{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp" : { "Fn::GetAtt" : [ "MyVPC", "CidrBlock" ] }
}
}
The attributes which Fn::GetAtt can return are specific to the resource types it is returning them from, and there are a limited amount of resource types and attributes which it supports. You can find the list of supported resources and attributes here.
If you didn't declare the VPC in the same template, another option would be to pass the CIDR in as a CloudFormation parameter and use { "Ref": "<parmeterName>" } in place of Fn::GetAtt.
Update: Announced on Sept 19, 2016, you can use cross-stack references by exporting and importing values to share values between stacks instead of parameters.
Example (in YAML instead of JSON, which was made available in the same announcement):
Partial Template 1:
...
Outputs:
VpcCidrBlock:
Description: My VPC's CIDR block.
Value:
Fn::GetAtt:
- MyVpc
- CidrBlock
Export:
Name: MyVpcCidrBlock
Partial Template 2:
...
Resources:
Type: "AWS::EC2::SecurityGroupEgress"
Properties:
CidrIp:
Fn::ImportValue: MyVpcCidrBlock
FromPort: 80
IpProtocol: tcp
ToPort: 80
Note: a stack would have to be created from template 1 in the same region before a stack could be created from template 2.
178
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
