👀 Views: 1 💬 Answers: 1 📅 Created: 2025-06-08

aws cloudformation vpc security-group peering yaml

I'm updating my dependencies and I'm relatively new to this, so bear with me... I'm trying to create a VPC peering connection along with a security group using AWS CloudFormation, but the stack fails with an 'InvalidParameter' behavior related to the security group configuration. Here’s the relevant snippet of my CloudFormation template: ```yaml Resources: MyVPC: Type: 'AWS::EC2::VPC' Properties: CidrBlock: '10.0.0.0/16' EnableDnsSupport: true EnableDnsHostnames: true MyPeeringConnection: Type: 'AWS::EC2::VPCPeeringConnection' Properties: PeerVpcId: !Ref AnotherVPC VpcId: !Ref MyVPC MySecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: 'My Security Group' VpcId: !Ref MyVPC SecurityGroupIngress: - IpProtocol: 'tcp' FromPort: 80 ToPort: 80 CidrIp: '0.0.0.0/0' SecurityGroupEgress: - IpProtocol: '-1' FromPort: '0' ToPort: '0' CidrIp: '0.0.0.0/0' ``` The behavior I receive is: ``` An behavior occurred (InvalidParameter) when calling the CreateVpcPeeringConnection operation: Value (sg-12345678) for parameter PeerSecurityGroupIds is invalid. ``` I have confirmed that the security group is being created after the peering connection in the template. I tried changing the order of resource creation by utilizing dependencies with `DependsOn`, but that didn’t resolve the scenario. The security group appears to be valid and is associated with the correct VPC. Is there a specific reason for this behavior when creating a VPC peering connection with a security group, or is there a best practice I might be missing? I am using AWS CloudFormation version 1.0.0. Any help would be greatly appreciated! Has anyone else encountered this? This is happening in both development and production on macOS. What are your experiences with this?