CidrIp json template for same security group

Question

I have a security group in my cloudformation template:

"MySecurityGroup": {
   "Type": "AWS::EC2::SecurityGroup",
        "Properties": {
            "GroupDescription": "Security Group",
            "SecurityGroupIngress": [
                {
                    "IpProtocol": "tcp",
                    "FromPort": "22",
                    "ToPort": "22",
                    "CidrIp": "0.0.0.0/0"
                }
             ]
         }
 }

I would like to change 0.0.0.0/0 to the security group ID dynamically. How do I do that?

Answer 1

I had almost precisely what Sanket suggested. But it fails with this error:

Invalid id: "Semarchy-AppServerSecurityGroup-1AESXGUBKH5N4" (expecting "sg-...")

Instead, this alternative is what I needed:

"InstanceSecurityGroup" : {
   "Type" : "AWS::EC2::SecurityGroup",
   "Properties" : {
      "GroupDescription" : "Security group for Semarchy MDM Instance",
      "VpcId" : { "Ref" : "VpcId" },
      "SecurityGroupIngress" : [ {
        "IpProtocol" : "tcp", 
        "FromPort" :   "1521", 
        "ToPort" :     "1521", 
        "SourceSecurityGroupId" : { "Fn::GetAtt" : [ "AppServerSecurityGroup", "GroupId" ] } 
      } ]
   }
}

Answer 2

You can use something like mentioned below :

"InstanceSecurityGroup" : {
   "Type" : "AWS::EC2::SecurityGroup",
   "Properties" : {
      "GroupDescription" : "Enable HTTP access on the configured port",
      "VpcId" : { "Ref" : "VpcId" },
      "SecurityGroupIngress" : [ {
         "IpProtocol" : "tcp",
         "FromPort" : { "Ref" : "WebServerPort" },
         "ToPort" : { "Ref" : "WebServerPort" },
         "SourceSecurityGroupId" : { "Ref" : "LoadBalancerSecurityGroup" }
      } ]
   }
}

where SourceSecurityGroupID is reference to already provisioned security group(here LoadBalancerSecurityGroup). To make sure your reference security group (LoadBalancerSecurityGroup) is generated before this security group(InstanceSecurityGroup), use "DependsOn".

Thanks