Elasticache security groups, ingress and egress all missing or malformed

[chriskl]

By default, elasticache isn't accessible from the app or the bastion. The security group it tries to set up in elasticache.yml seems invalid and generates blank rules in the console.

I suggest refactoring it to be identical to how aurora is handled?

[john]

Hi @chriskl, thanks for the report, looking into it.

[vacri]

Just ran into this myself - it's missing the part of the rule to describe the entity to allow in. For me, this was CidrIp - I added that line, and the ingress rule appeared. (I'm using a slightly modified version of this template)

          SecurityGroupIngress:
            -
              IpProtocol: tcp
              FromPort: 6379
              ToPort: 6379
              CidrIp:                              <-- added this parameter
                Fn::ImportValue: !Sub ${LaunchVPC}-CIDR

I guess that CF doesn't trip an error here (but it should) because there are a few conditionally-required entities if you don't use CidrIp: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-rule.html