I had almost precisely what Sanket suggested. But it fails with this error:
Invalid id: "Semarchy-AppServerSecurityGroup-1AESXGUBKH5N4" (expecting "sg-...")
Instead, this alternative is what I needed:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Security group for Semarchy MDM Instance",
"VpcId" : { "Ref" : "VpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "1521",
"ToPort" : "1521",
"SourceSecurityGroupId" : { "Fn::GetAtt" : [ "AppServerSecurityGroup", "GroupId" ] }
} ]
}
}