amazon-cloudformation - 添加多个 SecurityGroupIngress 规则
问题描述
我正在尝试创建循环依赖安全组。所以,首先我要创建两个安全组。然后我正在尝试添加入站规则。但我无法为入站规则添加多个规则。
"SecurityGroup01": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SecurityGroup01",
"VpcId": { "Ref": "VPCID" },
"SecurityGroupEgress": [
{ "IpProtocol": "tcp", "FromPort": "1", "ToPort": "65535", "CidrIp": "0.0.0.0/0" },
{ "IpProtocol": "icmp", "FromPort": "8", "ToPort": "-1", "CidrIp": "0.0.0.0/0" }
],
"Tags": [
{ "Key": "Name", "Value": "SG01" }
]
}
},
"SecurityGroup02": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SecurityGroup02",
"VpcId": {
"Ref": "VPCID"
},
"SecurityGroupEgress": [
{ "IpProtocol": "tcp", "FromPort": "1", "ToPort": "65535", "CidrIp": "0.0.0.0/0" },
{ "IpProtocol": "icmp", "FromPort": "8", "ToPort": "-1", "CidrIp": "0.0.0.0/0" }
],
"Tags": [
{ "Key": "Name", "Value": "SG02" }
]
}
},
"SG01InboundRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": { "Ref": "LocalIPAddress" },
"DestinationSecurityGroupId": { "Fn::GetAtt": [ "SecurityGroup02", "GroupId" ] },
"GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
}
}
预期结果 添加多个规则
"SG01InboundRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": [
"IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": { "Ref": "LocalIPAddress" }, "GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
"IpProtocol": "tcp", "FromPort": "4200", "ToPort": "4200", "CidrIp": { "Ref": "LocalIPAddress" }, "GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
]
}
解决方案
该资源AWS::EC2::SecurityGroupIngress
仅包含一个规则,但您可以创建多个AWS::EC2::SecurityGroupIngress
并将它们附加到同一个安全组。
所以你会有:
"SG01InboundRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": { "Ref": "LocalIPAddress" },
"DestinationSecurityGroupId": { "Fn::GetAtt": [ "SecurityGroup02", "GroupId" ] },
"GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
}
}
"SG02InboundRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"IpProtocol": "tcp", "FromPort": "4200", "ToPort": "4200", "CidrIp": { "Ref": "LocalIPAddress" },
"DestinationSecurityGroupId": { "Fn::GetAtt": [ "SecurityGroup02", "GroupId" ] },
"GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
}
}
推荐阅读
- vba - 在 CreateTextFile 期间获得提示
- database - 远程 Oracle 数据库成功连接到 BIRT,但表未显示
- javascript - React / JS - 如何跟踪 REST API 更改?
- react-intl - 如何配置 react-intl 以使所有方言区域都回退到其母语?
- cypress - 赛普拉斯无法找到元素并提交
- php - 根据单击的选项卡更改 URL
- c# - 如何在 C# 中从另一个私有类调用私有类变量
- flutter - Row 内的 TextField 它破坏了代码
- git - 在 Azure Devops 的现有存储库中导入另一个存储库
- python - 用python查找第一行数据