You can pass in its ID as a parameter to the stack, and refer to this parameter in your launch configs or ingress rules.
An example from one of my client's stacks:
"Parameters": { "DefaultSG": { "Type": "AWS::EC2::SecurityGroup::Id", "Default": "sg-abc123" },
You can pass in its ID as a parameter to the stack, and refer to this parameter in your launch configs or ingress rules.
An example from one of my client's stacks:
Personally I prefer to create a new SG to replace the default one as it means all of my infrastructure is part of a CF stack, but the parameter method can be used to partially manage (some) non-CF resources.