I have an application that's been running in one region for years with a manually-configured VPC, but recently I updated the security groups to be managed by CloudFormation. The security group template referenced the VPC ID with a parameter that was passed in:
VpcId: !Ref VpcId
When I redeployed my application to another region, I created the VPC with CloudFormation and I modified my security group template to reference that VPC using an output variable:
VpcId: !ImportValue
Fn::Sub: '${VPCStackName}-VPC'
The problem now is that I can't use this security group template for my original deployment. I tried creating a dummy template that pretended to be a VPC stack:
AWSTemplateFormatVersion: "2010-09-09"
Description: "Network: VPC (dummy stack)"
Parameters:
VPCId:
Type: String
Description: >
VPC ID
Resources:
# Templates require a resource, create a dummy one
NullResource:
Type: AWS::CloudFormation::WaitConditionHandle
Outputs:
VPC:
Description: VPC ID
Value: !Ref VPCId
Export:
Name: !Sub "${AWS::StackName}-VPC"
However, when I pointed the security group stack at it, the changeset showed that all of my security groups would be replaced even though the value of the VPC ID didn't change -- only the way it was supplied.
Any other suggestions for how I can deal with this situation? I thought this idea was pretty clever, but maybe too clever for CloudFormation.
