We Keep Coding

Some given parameters are not resolved when deploying a stack "not found"

I want to create and deploy a template that itself deploys a product from the AWS service catalog. Here is my template:
Parameters:
ProductId:
Type: String
ProvisioningArtifactName:
Type: String
Description:
Type: String
Region:
Type: CommaDelimitedList
VpcSize:
Type: String
BastionHostKeyName:
Type: String
ProvisioningArtifactName:
Type: String
Resources:
VPCAndMore:
Type: AWS::ServiceCatalog::CloudFormationProvisionedProduct
Properties:
ProductId: ProductId
ProvisioningArtifactName: ProvisioningArtifactName
ProvisioningParameters:
- Key: Description
Value: Description
- Key: AvailabilityZones
Value: Region
- Key: VpcSize
Value: VpcSize
- Key: BastionHostKeyName
Value: BastionHostKeyName
When I try to deploy it manually I enter all parameter values. They are definitely correct and from the correct type. But once I deploy it I get an error like this:
Product ProductId not found. (Service: ServiceCatalog, Status Code: 400, Request ID: 35f27a2a-1317-48d0-815e-16ebe949d039, Extended Request ID: null)
For some reason the ProductId parameter is not resolved it seems like.
What am I missing? Or is CF not supporting parameter resolving outside of ProvisioningParameters?

For Intrinsic function Ref need to reference the values defined like below:
Parameters:
ProductId:
Type: String
ProvisioningArtifactName:
Type: String
Description:
Type: String
Region:
Type: CommaDelimitedList
VpcSize:
Type: String
BastionHostKeyName:
Type: String
ProvisioningArtifactName:
Type: String
Resources:
VPCAndMore:
Type: AWS::ServiceCatalog::CloudFormationProvisionedProduct
Properties:
ProductId: !Ref ProductId
ProvisioningArtifactName: !Ref ProvisioningArtifactName
ProvisioningParameters:
- Key: Description
Value: !Ref Description
- Key: AvailabilityZones
Value: !Ref Region
- Key: VpcSize
Value: !Ref VpcSize
- Key: BastionHostKeyName
Value: !Ref BastionHostKeyName

The problem is that you're only inserting the parameters name without referencing it.
You need to use the intrinsic function !Ref. Like this:
Parameters:
ProductId:
Type: String
ProvisioningArtifactName:
Type: String
Description:
Type: String
Region:
Type: CommaDelimitedList
VpcSize:
Type: String
BastionHostKeyName:
Type: String
ProvisioningArtifactName:
Type: String
Resources:
VPCAndMore:
Type: AWS::ServiceCatalog::CloudFormationProvisionedProduct
Properties:
ProductId: !Ref ProductId
ProvisioningArtifactName: !Ref ProvisioningArtifactName
ProvisioningParameters:
- Key: Description
Value: !Ref Description
- Key: AvailabilityZones
Value: !Ref Region
- Key: VpcSize
Value: !Ref VpcSize
- Key: BastionHostKeyName
Value: !Ref BastionHostKeyName

SCP in Organization to restrict the creation of EC2 instance, volumes without mandatory tags

I have added a SCP in Organization to restrict the creation of EC2 instance, volumes without mandatory tags.
Manual creation of instances with mandatory tags is working fine.
when I pass all the tags inside CloudFormation it fails to create instance.
Policy
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyRunInstanceWithNoProjectTag",
            "Effect": "Deny",
            "Action": "ec2:RunInstances",
            "Resource": [
                "arn:aws:ec2:*:*:instance/*",
                "arn:aws:ec2:*:*:volume/*"
            ],
            "Condition": {
                "Null": {
                    "aws:RequestTag/AppID": "true"
                }
            }
        }
    ]
}
Error Message:
API: ec2:RunInstances You are not authorized to perform this operation. Encoded authorization failure message: ghoOCHN7ZLl0rvdRObGsJeDyE86Nt0lqYYAhVmOHGu7J2zGxbuDWa3VyYl75TfChof_km2U-_Eo4c9Kq6qY_XvmTN-nZa3inB6QEVG0OvOokZuFyFiOS0vSIorhW2uwVmI8w25Fqgf5ueBH0bxq5BnmY7gTCcI9NjCHzEpBY4nudbrNm1iNfQSPldof4CwmibMip_Cs-JgQ2vV76wjo0DgLQDDp6Yzk65-Std9ihGqnlE8DiHBE_dKiUNQtfqXcJ8jsAjjnP-DSmHBprg-IjB-bsOWHElylusj-zCDKby44xiLnG1sv_7pbIhFPcV5gezCaTufGlB9wkZxFuncYPl5Uv6xsL7CmGi_UXHcKeyQpLxMwXRBuo6SWTplsI67_LLskvvj00Kj8_8XDi5kz87B9kkWSiBoykgDHVZPngK6DSMv1YhPAbDu03oVw3wdYxzQO3MwoX-tXGJN63NtYhf-gDo-G9YF599zWSX5kT41FJlmuYDBn7nDPrXpXZLAhIjyulUnQOzuz4aEG_xWDiY-ZAZNuI6o7Df_K0OuI3xU-qKpgssSUt6bR6goHoaQJ_NDSzzoodusYtk69RPv_Pyom5WETfOv9zfGtKAkmn5Sk4NTP7T0rYClOnaUvx_MkKy1Lk6jFGYNfROqs96UIxBsYUhD-QEOjRZQ4-L7GSNIn3cZfCHJ9e5ZuPflQpMQsRiV9tUIessOC8uKnGYRZw4cSeCNzTgjLypcCbFchf01qdFsB4TrTtOTRMzYf1-ImBg4CY3CycmZ8Cduv_wSWTw
Cloudformation:
Description: CloudFormation template to create Windows2016 VM
Parameters:
vpcid:
Type: String
subnetid1:
Type: String
az1:
Type: String
instanceType:
Type: String
Default: t2.micro
ami:
Type: String
CostCenter:
Type: String
ApplicationName:
Type: String
ProjectID:
Type: String
IONumber:
Type: String
Environment:
Type: String
ApplicationOwner:
Type: String
BusinessOwner:
Type: String
BusinessUnit:
Type: String
Hostname:
Type: String
Backup:
Type: String
Default: default
Basesgwindows:
Type: String
AppID:
Type: String
Default: 1234
Resources:
instance1:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref ami
InstanceType: !Ref instanceType
SubnetId: !Ref subnetid1
AvailabilityZone: !Ref az1
SecurityGroupIds:
- !Ref Basesgwindows
Tags:
- Key: "BusinessUnit"
Value: !Ref BusinessUnit
- Key: "CostCenter"
Value: !Ref CostCenter
- Key: "ApplicationName"
Value: !Ref ApplicationName
- Key: "ProjectID"
Value: !Ref ProjectID
- Key: "IONumber"
Value: !Ref IONumber
- Key: "Environment"
Value: !Ref Environment
- Key: "ApplicationOwner"
Value: !Ref ApplicationOwner
- Key: "BusinessOwner"
Value: !Ref BusinessOwner
- Key: "Hostname"
Value: !Ref Hostname
- Key: "Backup"
Value: !Ref Backup
- Key: "AppID"
Value: !Ref AppID

AWSTemplateFormatVersion: 2010-09-09
Description: CloudFormation template to create Windows2016 VM
Parameters:
vpcid:
Type: String
subnetid1:
Type: String
az1:
Type: String
instanceType:
Type: String
Default: t2.micro
ami:
Type: String
CostCenter:
Type: String
ApplicationName:
Type: String
ProjectID:
Type: String
IONumber:
Type: String
Environment:
Type: String
ApplicationOwner:
Type: String
BusinessOwner:
Type: String
BusinessUnit:
Type: String
Hostname:
Type: String
Backup:
Type: String
Default: default
Basesgwindows:
Type: String
AppID:
Type: String
Default: 1234
Resources:
instance1:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref ami
InstanceType: !Ref instanceType
SubnetId: !Ref subnetid1
AvailabilityZone: !Ref az1
SecurityGroupIds:
- !Ref Basesgwindows
Tags:
- Key: "BusinessUnit"
Value: !Ref BusinessUnit
- Key: "CostCenter"
Value: !Ref CostCenter
- Key: "ApplicationName"
Value: !Ref ApplicationName
- Key: "ProjectID"
Value: !Ref ProjectID
- Key: "IONumber"
Value: !Ref IONumber
- Key: "Environment"
Value: !Ref Environment
- Key: "ApplicationOwner"
Value: !Ref ApplicationOwner
- Key: "BusinessOwner"
Value: !Ref BusinessOwner
- Key: "Hostname"
Value: !Ref Hostname
- Key: "Backup"
Value: !Ref Backup
- Key: "AppID"
Value: !Ref AppID

Value of property Parameters must be an object with String (or simple type) properties

I am trying to pass parameters to one of the nested stacks by populating the values from another nested stacks output.
And i do not want any cross-referencing (unless there is no way around it)
The idea is pretty straight forward.
RootStack
-NstdStackVPC
-NstdStackSG
-NstdStackEC2
The problem is on the last nested stack while creating EC2.
If i created the resource in the root stack directly the EC2 gets created
Description: RootStack
Parameters:
MyKeyName:
Type: AWS::EC2::KeyPair::KeyName
Default: my-test-key
EC2ImageId:
Type: AWS::EC2::Image::Id
Default: ami-0dxxxxa
Resources:
NstdStackVPC ......
NstdStackSG ......
EC2Host:
Type: AWS::EC2::Instance
Properties:
SubnetId: !GetAtt NstdStackVPC.Outputs.VPCPubSubnet
ImageId: !Ref EC2ImageId
InstanceType: t2.micro
KeyName: !Ref MyKeyName
SecurityGroupIds:
- !GetAtt NstdStackSG.Outputs.SecGrp4EC2Host
But if i try to create the EC2 as a nested stack
AWSTemplateFormatVersion: '2010-09-09'
Description: NstdStackEC2.
Parameters:
myNstdKeyName:
Type: AWS::EC2::KeyPair::KeyName
myNstdImageId:
Type: AWS::EC2::Image::Id
myNstdSecGrp:
Type: AWS::EC2::SecurityGroup::Id
myNstdEC2HostSubnet:
Type: AWS::EC2::Subnet::Id
Resources:
EC2Host:
Type: AWS::EC2::Instance
Properties:
SubnetId: !Ref myNstdEC2HostSubnet
ImageId: !Ref myNstdImageId
InstanceType: t2.micro
KeyName: !Ref myNstdKeyName
SecurityGroupIds:
- Ref myNstdSecGrp
By changing the root stack as follows
AWSTemplateFormatVersion: '2010-09-09'
Description: RootStack
Parameters:
MyKeyName:
Type: AWS::EC2::KeyPair::KeyName
Default: my-test-key
EC2ImageId:
Type: AWS::EC2::Image::Id
Default: ami-0dxxxxa
Resources:
NstdStackVPC ......
NstdStackSG ......
NstdStackEC2:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: https://bkt.s3.eu-central-1.amazonaws.com/NstdEC2Host.yml
Parameters:
myNstdKeyName: !Ref MyKeyName
myNstdImageId: !Ref EC2ImageId
myNstdSecGrp: !GetAtt NstdStackSG.Outputs.SecGrp4BasHost
myNstdEC2HostSubnet: !GetAtt NstdStackVPC.Outputs.VPCPubSubnet
It gives me the following error:
Value of property Parameters must be an object with String (or simple type) properties
tried removing all the parameters to try one by one. But it fails on everything.
Even for the parameters that are being referenced directly from the root stack i.e., MyKeyName, EC2ImageId

I ran into the same exact error message with a similar problem and solution. I came here and since the issue was slightly different, this question helped me get to my solution. So, not trying to hijack this question, simply hoping to provide what I found additionally useful to the next person visiting.
I was nesting a cluster template very similar to this one and OPs example. Passing Subnets as a list of strings (I believe List<AWS::Some::Type> will also work).
Subnets:
Description: Subnets of the of the cluster availaibility zone
Type: CommaDelimitedList
Default: subnet-0d..de,subnet-0e..7a,subnet-0b..24
And I'm using the above parameters to call the partial child template as follows.
ECS:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: https://xx.amazonaws.com/yy/zz.yaml
Parameters:
SecurityGroups: !Join [",", [!GetAtt SecurityGroups.Outputs.ECSHostSecurityGroup]]
Subnets: !Join [",", !Ref Subnets]
So, In the above example, the SecurityGroups are joined together into a list from the output of the SecurityGroup Nested Template, but the subnets are simply joined together from the comma delimited parameter. There is a knowledge-center article too, if you want more info. TA OP

Ok finally sorted this out myself.
In my NstdStackSG outputs section i was referring to the object itself.
And that is where this goes wrong.
AWSTemplateFormatVersion: 2010-09-09
Description: Security group nested stack
Resources:
MySecGrp
Type: ....
.....
....
Outputs:
MyOtptSecGrp:
#This one is working for me.
Value: !GetAtt MySecGrp.GroupId
#previously i was assigning the following value
#Value: !Re MySecGrp
And now in the RootStack
AWSTemplateFormatVersion: '2010-09-09'
Description: RootStack
Parameters:
MyKeyName:
Type: AWS::EC2::KeyPair::KeyName
Default: my-test-key
EC2ImageId:
Type: AWS::EC2::Image::Id
Default: ami-0dxxxxa
Resources:
NstdStackVPC ......
NstdStackSG ......
NstdStackEC2:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: https://bkt.s3.eu-central-1.amazonaws.com/NstdEC2Host.yml
Parameters:
myNstdKeyName: !Ref MyKeyName
myNstdImageId: !Ref EC2ImageId
myNstdSecGrp: !GetAtt NstdStackSG.Outputs.SecGrp4BasHost
myNstdEC2HostSubnet: !GetAtt NstdStackVPC.Outputs.VPCPubSubnet
And in my nestedEC2Stack
AWSTemplateFormatVersion: 2010-09-09
Description: NstdStackEC2
Parameters:
myNstdSecGrp:
Type: AWS::EC2::SecurityGroup::Id
myNstdEC2HostSubnet:
Type: AWS::EC2::Subnet::Id
myNstdKeyName:
Type: AWS::EC2::KeyPair::KeyName
myNstdImageId:
Type: AWS::EC2::Image::Id
Resources:
EC2Host:
Type: AWS::EC2::Instance
Properties:
SubnetId: !Ref myNstdEC2HostSubnet
ImageId: !Ref myNstdImageId
InstanceType: t2.micro
KeyName: !Ref myNstdKeyName
SecurityGroupIds:
- !Ref myNstdSecGrp
Hope this helps. (If not in solving then at least in pointing the right direction)

AWS + Cloudformation + Elasticbeanstalk

When I do a create stack with the following cloudformation template using the input parameter EnvironmentType "dev", it creates the ebs application, creates the environment inside the application and deploys the sample-app.war file from the S3 bucket.
Then I am doing an update stack using the same template with an input parameter EnvironmentType "stage", this time it removes the existing dev environment and creates the stage environment inside the application.
I also tried to create stack again using the sample template entering sample application name created in the first step and this time it shows application already exist.
My requirement is to retain the dev environment and stage environment to get created inside the sample application using cloudformation.
Any suggestions, please..
---
AWSTemplateFormatVersion: 2010-09-09
Description: 'Create an ElasticBeanstalk Application, Environment and deploy the war file from S3 bucket'
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: 'EBS Application Configuration'
Parameters:
- ApplicationName
- ApplicationDescription
- ApplicationVersion
-
Label:
default: 'EBS Environment Configuration'
Parameters:
- EnvironmentName
- EnvironmentType
- EnvironmentDescription
- EnvironmentCName
- MinInstances
- MaxInstances
Mappings:
PropertiesMap:
IntanceType:
dev: 'SingleInstance'
qa: 'SingleInstance'
stage: 'LoadBalanced'
prod: 'LoadBalanced'
Parameters:
ApplicationName:
Type: String
Description: 'Name of the ElasticBeanstalk Application'
ApplicationDescription:
Type: String
Description: 'ElasticBeanstalk Application Description'
ApplicationVersion:
Type: String
Description: 'Application version description'
EnvironmentName:
Type: String
Description: 'Name of the Environment'
AllowedPattern: '^([A-Za-z]|[0-9]|-)+$'
EnvironmentType:
Type: String
Description: 'Type of the Environment (dev, qa, stage, prod)'
AllowedValues:
- 'dev'
- 'qa'
- 'stage'
- 'prod'
EnvironmentCName:
Type: String
Description: 'CName Prefix for the ElasticBeanstalk environment'
AllowedPattern: '^([A-Za-z]|[0-9]|-)+$'
EnvironmentDescription:
Type: String
Description: 'Description of the ElasticBeanstalk environment'
MinInstances:
Type: Number
Description: 'Minimum load balanced instances (Mandatory for stage/prod)'
Default: 2
MinValue: 2
MaxValue: 10
MaxInstances:
Type: Number
Description: 'Maximum load balanced instances (Mandatory for stage/prod)'
Default: 2
MinValue: 2
MaxValue: 10
Conditions:
IsStageOrProdEnvironment:
!Or [!Equals [stage, !Ref EnvironmentType], !Equals [prod, !Ref EnvironmentType]]
Resources:
EBSApplication:
Type: AWS::ElasticBeanstalk::Application
Properties:
ApplicationName: !Ref ApplicationName
Description: !Ref ApplicationDescription
EBSApplicationVersion:
Type: AWS::ElasticBeanstalk::ApplicationVersion
Properties:
ApplicationName: !Ref EBSApplication
Description: !Ref ApplicationVersion
SourceBundle:
S3Bucket: deployable
S3Key: artifacts/sample-app.war
EBSApplicationConfigurationTemplate:
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
Properties:
ApplicationName: !Ref EBSApplication
Description: 'ElasticBeanstalk Configuration Template'
SolutionStackName: '64bit Amazon Linux 2018.03 v3.0.2 running Tomcat 8.5 Java 8'
OptionSettings:
- Namespace: aws:elasticbeanstalk:environment
OptionName: EnvironmentType
Value: !FindInMap [PropertiesMap, IntanceType, !Ref EnvironmentType]
- Namespace: aws:autoscaling:asg
OptionName: MinSize
Value: !If [IsStageOrProdEnvironment, !Ref MinInstances, !Ref 'AWS::NoValue']
- Namespace: aws:autoscaling:asg
OptionName: MaxSize
Value: !If [IsStageOrProdEnvironment, !Ref MaxInstances, !Ref 'AWS::NoValue']
EBSEnvironment:
Type: AWS::ElasticBeanstalk::Environment
Properties:
ApplicationName: !Ref EBSApplication
CNAMEPrefix: !Ref EnvironmentCName
Description: !Ref EnvironmentDescription
EnvironmentName: !Ref EnvironmentName
TemplateName: !Ref EBSApplicationConfigurationTemplate
VersionLabel: !Ref EBSApplicationVersion
Outputs:
ApplicationURL:
Description: 'ElasticBeanstalk environment endpoint'
Value: !Join
- ''
- - 'http://'
- !GetAtt EBSEnvironment.EndpointURL

ComputeEnvironment went INVALID with error: The security group 'XXXX' does not exist

Below my cloudformation template:
I have added all the resource code, please excuse the indentation issue(copy paste thing), I assured you the template is running.
---
AWSTemplateFormatVersion: '2010-09-09'
Description: Sets up your AWS Batch Environment for running workflows
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Compute Environment Config
Parameters:
- ComputeEnvironmentName
- VpcId
- SubnetIds
- MinvCpus
- MaxvCpus
- DesiredvCpus
- Label:
default: Job Definition
Parameters:
- JobDefinitionName
- DockerImage
- Vcpus
- Memory
- Command
- RetryNumber
- Label:
default: Job Queue
Parameters:
- JobQueueName
Parameters:
VpcId:
Type: 'AWS::EC2::VPC::Id'
Description: >-
VpcId of where the whole batch should be deployed. The VPC should have
2 private subnets.
SubnetIds:
Type: List<AWS::EC2::Subnet::Id>
Description: Subnets you want your batch compute environment to launch in. Recommend private subnets
MinvCpus:
Type: String
Description: Minimum number of CPUs in the compute environment. Default 0.
Default: 0
AllowedPattern: "[0-9]+"
DesiredvCpus:
Type: String
Description: Desired number of CPUs in the compute environment to launch with. Default 0.
Default: 0
AllowedPattern: "[0-9]+"
MaxvCpus:
Type: String
Description: Maximum number of CPUs in the compute environment. Should be >= than MinCpus
Default: 256
AllowedPattern: "[0-9]+"
RetryNumber:
Type: String
Default: "1"
Description: Number of retries for each AWS Batch job. Integer required.
MaxLength: 1
AllowedPattern: "[1-9]"
ConstraintDescription: Value between 1 and 9
DockerImage:
Type: String
Description: Docker image used to run your jobs
Vcpus:
Type: Number
Description: vCPUs available to Jobs. Default is usually fine
Default: 2
Memory:
Type: Number
Description: Memory (in MB) available to Jobs. Default is usually fine
Default: 2000
JobQueueName:
Type: String
Description: Enter job queue Name
JobDefinitionName:
Type: String
Description: Enter JobDefinition Name for the batch
ComputeEnvironmentName:
Type: String
Description: Enter name of the Compute Environment
VPCCidr:
Type: String
Description: 'Cidr Block of the VPC, allows for ssh access internally.'
Default: '10.0.0.0/8'
MinLength: "9"
MaxLength: "18"
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})"
ConstraintDescription: "Must be valid CIDR notation (i.e. x.x.x.x/x)."
Command:
Type: CommaDelimitedList
Description: The command that is passed to the container
CreateNewRepository:
Default: false
Description: >-
Set this to true if you want to create a new Repository, else
it will not create a new one
Type: String
AllowedValues:
- true
- false
RepositoryName:
Type: String
Description: Enter name of the new Repository.
Conditions:
CreateRepository: !Equals
- !Ref CreateNewRepository
- true
isCommandPresent: !Not [!Equals [!Ref CreateNewRepository, '']]
Resources:
JobDefinition:
Type: AWS::Batch::JobDefinition
Properties:
Type: container
JobDefinitionName: !Ref JobDefinitionName
ContainerProperties:
Image: !Ref DockerImage
Vcpus: !Ref Vcpus
Memory: !Ref Memory
Command: !Ref Command
ReadonlyRootFilesystem: true
Privileged: true
RetryStrategy:
Attempts: !Ref RetryNumber
JobQueue:
Type: AWS::Batch::JobQueue
Properties:
ComputeEnvironmentOrder:
- Order: 1
ComputeEnvironment: !Ref MyComputeEnv
State: ENABLED
Priority: 10
JobQueueName: !Ref JobQueueName
myVPCSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: Security group for batch process.
SecurityGroupEgress:
- CidrIp: 0.0.0.0/0
IpProtocol: '-1'
SecurityGroupIngress:
- CidrIp: !Ref VPCCidr
IpProtocol: tcp
FromPort: '22'
ToPort: '22'
VpcId: !Ref VpcId
MyComputeEnv:
Type: AWS::Batch::ComputeEnvironment
Properties:
Type: MANAGED
ServiceRole: !GetAtt awsBatchServiceRole.Arn
ComputeEnvironmentName: !Ref ComputeEnvironmentName
ComputeResources:
MinvCpus: !Ref MinvCpus
MaxvCpus: !Ref MaxvCpus
DesiredvCpus: !Ref DesiredvCpus
SecurityGroupIds: [!GetAtt myVPCSecurityGroup.GroupId]
Type: EC2
Subnets: !Ref SubnetIds
InstanceRole: !GetAtt InstanceProfile.Arn
InstanceTypes:
- optimal
State: ENABLED
awsBatchServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- "batch.amazonaws.com"
Action:
- "sts:AssumeRole"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole
ecsInstanceRole:
Type: AWS::IAM::Role
Properties:
RoleName: InstanceRole
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- "ec2.amazonaws.com"
Action:
- "sts:AssumeRole"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
- "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
InstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
InstanceProfileName: InstanceProfile
Roles:
- !Ref ecsInstanceRole
MyRepository:
Type: AWS::ECR::Repository
Condition: CreateRepository
Properties:
RepositoryName: !Ref RepositoryName
RepositoryPolicyText:
Version: "2012-10-17"
Statement:
-
Sid: AllowPushPull
Effect: Allow
Principal: "*"
Action:
- "ecr:*"
I am getting this error:
Operation failed, ComputeEnvironment went INVALID with error: CLIENT_ERROR - The security group 'sg-d9b85d91' does not exist
I don't know what is wrong with the code but strangely, the SecurityGroupIds created by myVPCSecurityGroup is sg-2869f263 but ComputeEnvironment is trying to find sg-d9b85d91.

taking a stab in the dark here just working for my mobile phone but I think it's because you don't have a V PC to your computer environment possibly

Disabling the Compute Environment in the UI and enabling it back again fixed the issue.