将ENI中继附加到cloudformation中的自定义安全组

我最近在ECS中启用了ENI集群功能。创建一个额外的ENI接口，并将其附加到默认安全组。

Cloudformation (ec2启动模板)用于启动ec2实例。我如何在启动模板中附加额外的ENI中继接口与自定义安全组?网络接口中分配的组不生效

ECSAutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
AutoScalingGroupName: MyECSAutoScalingGroup
VPCZoneIdentifier: !Ref Subnets
MixedInstancesPolicy:
LaunchTemplate:
LaunchTemplateSpecification:
LaunchTemplateId: !Ref ECSLaunchTemplate
Version: !GetAtt ECSLaunchTemplate.LatestVersionNumber
MinSize: !Ref ClusterSize
MaxSize: !Ref ClusterMaxSize
DesiredCapacity: !Ref DesiredSize
ECSLaunchTemplate:
Type: AWS::EC2::LaunchTemplate
Properties:
LaunchTemplateName: MyECSLaunchTemplate
LaunchTemplateData: 
KeyName: MyKey
ImageId: !Ref ImageId
InstanceType: !Ref InstanceType
SecurityGroupIds:
- !Ref SecurityGroup
IamInstanceProfile:
Arn: !GetAtt ECSInstanceProfile.Arn
NetworkInterfaces:
- AssociatePublicIpAddress: false
DeviceIndex: 1
Groups:
- !Ref SecurityGroup