Issue with Security Group Ingress Rules Not Applying to VPC in CloudFormation Template

0

I created a VPC using a CloudFormation template where I defined a security group with an inbound rule to enable SSH access on port 22. Below is the relevant part of my template:

Rules

MyEMRSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      VpcId: !Ref MyVPC
      GroupName: "VPC Security Group"
      GroupDescription: Allow SSH and EMR access
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: '0.0.0.0/0'

The CloudFormation stack executes successfully, and the VPC is created as expected. However, the security group ingress rules are not applied to the VPC. When I manually add the same rules through the AWS Management Console, they work as intended.

Additionally, the VPC I am creating from the CloudFormation template is not the default VPC.

2 Answers
2
Accepted Answer

1 Security groups do not apply to the VPC, they apply to EC2 or Amazon RDS instances, in this case it would be to the EMR instances

2 NACLs apply to the VPC

3 Make sure you are adding the ingress rules correctly, and then associate it with the security group https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed a month ago
  • Thanx, Its Working

0

Hello,

The issue seems to be a misunderstanding of how security groups work. Security groups are not directly applied to a VPC; instead, they are associated with resources within the VPC, such as EC2 instances, RDS instances, or in your case, EMR instances.

Here's what you need to check:

  • Security Group Application: Ensure that the security group created in your CloudFormation template is associated with the specific resources EC2 instances within the VPC where you want the inbound SSH access to apply.

  • Correct Ingress Rules: Your CloudFormation template looks correct in terms of defining the ingress rules. Make sure that these rules are associated with the correct instances.

  • NACL vs. Security Groups: Remember that Network Access Control Lists NACLs apply to the VPC as a whole, while security groups apply to individual resources.

check this for clear syntaxes https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroupingress.html

profile picture
EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions