如何将AWS CloudFormation模板中现有的VPC用于新的SecurityGroup

SecurityGroups只能用于默认VPC。由于将VPCID显式分配给InstanceSecurityGroup，因此这将被视为非默认设置，从而导致部署失败。

您必须在您的情况下使用SecurityGroupId(而不是SecurityGroups(，因为您的VPC使用将被视为非默认：

SecurityGroupIds:
- !GetAtt 'InstanceSecurityGroup.GroupId'  

SecurityGroups属性中EC2Instance资源中的错误。SecurityGroups需要一个GroupId数组，但当您使用!Ref InstanceSecurityGroup时，会返回ResourceId。因此，您需要使用GetAtt来获得GroupId。

Parameters:
VPCID:
Description: Name of an existing VPC
Type: AWS::EC2::VPC::Id
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
InstanceType:
Description: EC2 instance type
Type: String
Default: t2.medium
AllowedValues:
- t2.medium
- t2.large
AccessLocation:
Description: The IP address range that can be used to access to the EC2 instances
Type: String
Resources:
EC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: !Ref 'InstanceType'
SecurityGroups:
- !GetAtt InstanceSecurityGroup.GroupId
KeyName: !Ref 'KeyName'
ImageId: !Ref 'ImageId'   
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !Ref VPCID
GroupDescription: Enable SSH 
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: !Ref 'AccessLocation'

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html