Elasticache security groups, ingress and egress all missing or malformed
chriskl opened this issue · 2 comments
By default, elasticache isn't accessible from the app or the bastion. The security group it tries to set up in elasticache.yml seems invalid and generates blank rules in the console.
I suggest refactoring it to be identical to how aurora is handled?
Just ran into this myself - it's missing the part of the rule to describe the entity to allow in. For me, this was CidrIp - I added that line, and the ingress rule appeared. (I'm using a slightly modified version of this template)
SecurityGroupIngress:
-
IpProtocol: tcp
FromPort: 6379
ToPort: 6379
CidrIp: <-- added this parameter
Fn::ImportValue: !Sub ${LaunchVPC}-CIDR
I guess that CF doesn't trip an error here (but it should) because there are a few conditionally-required entities if you don't use CidrIp: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-rule.html