[英]CidrIp json template for same security group
I have a security group in my cloudformation template: 我的cloudformation模板中有一个安全组:
"MySecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security Group",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
]
}
}
I would like to change 0.0.0.0/0
to the security group ID dynamically. 我想将
0.0.0.0/0
动态更改为安全组ID。 How do I do that? 我怎么做?
I had almost precisely what Sanket suggested. 我几乎完全了解了Sanket的建议。 But it fails with this error:
但是它失败并显示以下错误:
Invalid id: "Semarchy-AppServerSecurityGroup-1AESXGUBKH5N4" (expecting "sg-...")
Instead, this alternative is what I needed: 相反,这是我需要的替代方法:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Security group for Semarchy MDM Instance",
"VpcId" : { "Ref" : "VpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "1521",
"ToPort" : "1521",
"SourceSecurityGroupId" : { "Fn::GetAtt" : [ "AppServerSecurityGroup", "GroupId" ] }
} ]
}
}
You can use something like mentioned below : 您可以使用如下所述的内容:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP access on the configured port",
"VpcId" : { "Ref" : "VpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : { "Ref" : "WebServerPort" },
"ToPort" : { "Ref" : "WebServerPort" },
"SourceSecurityGroupId" : { "Ref" : "LoadBalancerSecurityGroup" }
} ]
}
}
where SourceSecurityGroupID is reference to already provisioned security group(here LoadBalancerSecurityGroup). 其中SourceSecurityGroupID引用已配置的安全组(此处为LoadBalancerSecurityGroup)。 To make sure your reference security group (LoadBalancerSecurityGroup) is generated before this security group(InstanceSecurityGroup), use "DependsOn".
要确保在此安全组(InstanceSecurityGroup)之前生成了参考安全组(LoadBalancerSecurityGroup),请使用“ DependsOn”。
Thanks 谢谢
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.