[英]Update existing security group when creating new ec2 CloudFormation
I have ec2 instance which was created using such cfn template: 我有使用这样的cfn模板创建的ec2实例:
Parameters: 参数:
"VPCId": {
"Type": "AWS::EC2::VPC::Id"
"Description": "The VPC Id to where this instance is being created"
}
"Subnet": {
"Description": "Subnet to put Instance",
"Type": "AWS::EC2::Subnet::Id",
},
Have the following Security Group: 具有以下安全组:
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enables access to instance by port 80",
"VPCId": {
"Ref": "VPCId"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "ClientCIDR"
}
}
]
},
And part of Instance Resource: 实例资源的一部分:
"WebServer": {
"Type": "AWS::EC2::Instance",
"Properties": {
"IamInstanceProfile": "access-profile",
"SecurityGroupIds": [
{ "Fn::GetAtt": [
"InstanceSecurityGroup",
"GroupId"
]
}
],
"SubnetId": {
"Ref": "Subnet"
},
I want to create a few another instances using another template. 我想使用另一个模板创建一些其他实例。 This instances should have access to the above instance by port 22 and connect to it in UserData.
该实例应该可以通过端口22访问上述实例,并在UserData中连接到该实例。
I'm not sure how it can be organized, the one way i see is update security group using aws cli through UserData before establishing ssh connection to the first instance. 我不确定如何组织它,我看到的一种方法是在建立到第一个实例的ssh连接之前,使用aws cli通过UserData更新安全组。 How it can be organized using resources?
如何使用资源进行组织? I didn't find any information or examples regarding this.
我没有找到任何有关此的信息或示例。 Please help!
请帮忙! Thanks!
谢谢!
You can modify the InstanceSecurityGroup
to allow access from the other instances: 您可以修改
InstanceSecurityGroup
以允许从其他实例进行访问:
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enables access to instance by port 80",
"VPCId": {
"Ref": "VPCId"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "80",
"ToPort": "80",
"CidrIp": {
"Ref": "ClientCIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"SourceSecurityGroupId": {
"Ref": "OtherInstancesSecurityGroup"
}
}
]
},
where OtherInstancesSecurityGroup
is a new Security Group you will assign the the other instances. 其中
OtherInstancesSecurityGroup
是新的安全组,您将分配其他实例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.