Elasticache security groups, ingress and egress all missing or malformed

Question

Elasticache security groups, ingress and egress all missing or malformed

chriskl opened this issue 6 years ago · 2 comments

By default, elasticache isn't accessible from the app or the bastion. The security group it tries to set up in elasticache.yml seems invalid and generates blank rules in the console.

I suggest refactoring it to be identical to how aurora is handled?

Answer 1 · 2018-11-09T17:14:57.000Z

Hi @chriskl, thanks for the report, looking into it.

Answer 2 · 2019-03-26T23:22:42.000Z

Just ran into this myself - it's missing the part of the rule to describe the entity to allow in. For me, this was CidrIp - I added that line, and the ingress rule appeared. (I'm using a slightly modified version of this template)

          SecurityGroupIngress:
            -
              IpProtocol: tcp
              FromPort: 6379
              ToPort: 6379
              CidrIp:                              <-- added this parameter
                Fn::ImportValue: !Sub ${LaunchVPC}-CIDR

I guess that CF doesn't trip an error here (but it should) because there are a few conditionally-required entities if you don't use CidrIp: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-rule.html