This is an AWS CloudFormation template to create ElastiCache cluster with Redis engine

Question

I'm unable to resolve the error :Value of property VpcSecurityGroupIds must be of type List of String. Template looks like this

AWSTemplateFormatVersion: 2010-09-09

Description: Create ElastiCache and related resources

Parameters:

  VPC:
    Type: String

  PublicSubnet1:
    Type: String
  
  PublicSubnet2:
    Type: String
   
  ClusterName:
    Description: Custom name of the cluster. Auto generated if you don't supply your own.
    Type: String

  CacheNodeType:
    Description: Cache node instance class, e.g. cache.t2.micro. 
    Type: String
    Default: cache.t2.micro
    ConstraintDescription: Node instance class not supported
    AllowedValues:
      - cache.t2.micro
      - cache.t2.small
      - cache.t2.medium
      - cache.m4.large
      - cache.m4.xlarge
      - cache.m4.2xlarge
      - cache.m4.4xlarge
      - cache.m4.10xlarge
      - cache.r4.large
      - cache.r4.xlarge
      - cache.r4.2xlarge
      - cache.r4.4xlarge
      - cache.r4.8xlarge
      - cache.r4.16xlarge

  CacheEngine:
    Description: The underlying cache engine, either Redis or Memcached
    Type: String
    Default: redis
    ConstraintDescription: Node instance class not supported
    AllowedValues:
      - redis
      - memcached

  CacheNodeCount:
    Description: Number of nodes in the cluster. Only used with memcached engine, for redis this value will be set to 1.
    Type: Number
    MinValue: 1
    MaxValue: 15
    ConstraintDescription: Node count must be between 1 and 15
    Default: 1

  AutoMinorVersionUpgrade:
    Description: Whether or not minor version upgrades to the cache engine should be applied automatically during the maintenance window.
    Type: String
    Default: true
    AllowedValues:
      - true
      - false

Conditions:

  IsRedis: !Equals [ !Ref CacheEngine, redis]

Resources:

  SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: ElastiCache Security Group
      VpcId: !Ref VPC
      SecurityGroupIngress:
        -
          IpProtocol: tcp
          FromPort: !If [ IsRedis, 6379, 11211]
          ToPort: !If [ IsRedis, 6379, 11211]
      Tags:
        -
          Key: Name
          Value: "App-SG"

  ElastiCacheCluster:
    Type: AWS::ElastiCache::CacheCluster
    Properties:
      AutoMinorVersionUpgrade: !Ref AutoMinorVersionUpgrade
      Engine: !Ref CacheEngine
      CacheNodeType: !Ref CacheNodeType
      ClusterName : !Ref ClusterName
      NumCacheNodes: !If [ IsRedis, 1, !Ref CacheNodeCount]
      CacheSubnetGroupName: Cache-SG
      VpcSecurityGroupIds: !GetAtt SecurityGroup.GroupId
      Tags:
        - Key: Name
          Value: ElastiCache-Redis
      

Answer 1

It should be:

VpcSecurityGroupIds: [!GetAtt SecurityGroup.GroupId]