I have a VPC (created through cloudformation) that creates some common shared infrastructure for all the stacks created in this VPC, for example. ssh jumphost and the security group for ssh jumphost.
I have a separate cloud information template for creating Web + App + DB stacks inside an existing VPC.
How to allow incoming ssh 22 to my instances in my stack template from shared ssh jumphost defined in the first template?
According to the docs inside the VPC, I need to specify the SourceSecurityGroupId , which must either have the actual VPC ID, or use the Ref function to find the ID of the security group defined in this .
How can I refer to an existing SG inside the same VPC, but from a different template?
EDIT:
The same question is for outgoing through an NAT instance. A NAT instance is provided at the VPC level, but each stack needs its own security group to provide outbound access to only the NAT instance.
amazon-web-services amazon-vpc amazon-cloudformation
deitch
source share