john
commented
5 years ago Hi @chriskl, thanks for the report, looking into it.
Open chriskl opened 5 years ago
john
commented
5 years ago Hi @chriskl, thanks for the report, looking into it.
vacri
commented
5 years ago Just ran into this myself - it's missing the part of the rule to describe the entity to allow in. For me, this was CidrIp - I added that line, and the ingress rule appeared. (I'm using a slightly modified version of this template)
SecurityGroupIngress:
-
IpProtocol: tcp
FromPort: 6379
ToPort: 6379
CidrIp: <-- added this parameter
Fn::ImportValue: !Sub ${LaunchVPC}-CIDR
I guess that CF doesn't trip an error here (but it should) because there are a few conditionally-required entities if you don't use CidrIp: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-rule.html
By default, elasticache isn't accessible from the app or the bastion. The security group it tries to set up in elasticache.yml seems invalid and generates blank rules in the console.
I suggest refactoring it to be identical to how aurora is handled?