Attached ENI trunk to custom security group in cloudformation

Question

I recently enabled ENI trunking feature in ECS. An extra ENI interface is created and attached to the default security group.

Cloudformation (ec2 launch template) is use to launch the ec2 instance. How do I attached the extra interface with custom security group in launch template?

```
ECSAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: MyECSAutoScalingGroup
      VPCZoneIdentifier: !Ref Subnets
      MixedInstancesPolicy:
        LaunchTemplate:
          LaunchTemplateSpecification:
            LaunchTemplateId: !Ref ECSLaunchTemplate
            Version: !GetAtt ECSLaunchTemplate.LatestVersionNumber
      MinSize: !Ref ClusterSize
      MaxSize: !Ref ClusterMaxSize
      DesiredCapacity: !Ref DesiredSize

ECSLaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateName: MyECSLaunchTemplate
      LaunchTemplateData: 
        KeyName: MyKey
        ImageId: !Ref ImageId
        InstanceType: !Ref InstanceType
        SecurityGroupIds:
          - !Ref SecurityGroup
        IamInstanceProfile:
          Arn: !GetAtt ECSInstanceProfile.Arn
```

Answer

you can use the following - please update accordingly

```
"NetworkInterfaces": [
    {
        "AssociatePublicIpAddress": false,
        "DeviceIndex": "1",
        "GroupSet": [
            "sg-xxxxxx" // add the ID of your custom security group here
        ],
        "NetworkInterfaceId": {
            "Fn::ImportValue": "" // add the name of the exported value for the ENI interface here
        }
    }
]

```

Attached ENI trunk to custom security group in cloudformation

Relevant content