I simply want the instance I'm creating to auto-assign its public IP just as it would if I was creating it through the web console, and ALSO have the instance assigned to the Security Group I created. Here is the relevant part of my template:

EC2Instance:
Type: AWS::EC2::Instance
Properties:
  ImageId: ami-xxxxxxx
  InstanceType: m5.xlarge
  KeyName: xxxxxxx
  Tags:
  - Key: Name
    Value: Instance_A
  NetworkInterfaces:
  - AssociatePublicIpAddress: true
    SubnetId: !Ref PublicSubnetA
    DeviceIndex: 0
    Description: Instance_A_Mgmt_Interface
    SecurityGroupIds: 
    - !Ref PublicSecurityGroup

When it's like this, I get the error "Encountered unsupported property SecurityGroupIds". When I move the SecurityGroupIds to the main Instance Properties section, I get the error, "Network interfaces and an instance-level security groups may not be specified on the same request". I don't understand why that would be and I can't find any answers from searching. When I stand up an instance using the Web Console I can tell it to auto-assign an IP AND put it in a Security Group. That's all I want to do.

CodePudding user response：

If you are using NetworkInterfaces, Security Group IDs are provided using GroupSet:

The IDs of the security groups for the network interface.