AWS Cloudformation:允许所有出口的安全组规则
[英]AWS Cloudformation: Security Group Rule to allow all egress
问题描述
I am using the following egress rule in a security group definition of a cloudformation template
我在cloudformation模板的安全组定义中使用以下出口规则
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 0
ToPort: 65535
CidrIp: 0.0.0.0/0
However this does not end up in a rule that allow all outbound traffic;然而,这并没有最终形成一个允许所有出站流量的规则;
What is the proper way to define an allow-all-outbound rule?定义allow-all-outbound规则的正确方法是什么?
2 个解决方案
解决方案1
5 2021-01-25 22:16:11
This is an old thread, but people still find it in searches... True, there are times the default doesn't work well, such as when using cfn_nag_scan to scan the cft.这是一个旧线程,但人们仍然在搜索中找到它......确实,有时默认值不能很好地工作,例如在使用 cfn_nag_scan 扫描 cft 时。
Here is what you are looking for:这是您要寻找的内容:
SecurityGroupEgress:
- Description: Allow all outbound traffic
IpProtocol: "-1"
CidrIp: 0.0.0.0/0
解决方案2
4 2018-08-30 19:44:02
I must add this info from the AWS documentation, as defining such a policy might not be necessary,我必须从 AWS 文档中添加此信息,因为可能不需要定义这样的策略,
"When you create a VPC security group, Amazon EC2 creates a default egress rule that allows egress traffic on all ports and IP protocols to any location. The default rule is removed only when you specify one or more egress rules. " “当您创建 VPC 安全组时,Amazon EC2 会创建一个默认出口规则,允许所有端口和 IP 协议上的出口流量到达任何位置。仅当您指定一个或多个出口规则时,才会删除默认规则。”
here's the link, https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#w2ab1c21c10d473c17这是链接, https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#w2ab1c21c10d473c17
Typically, you define some specific port/protocol.通常,您定义一些特定的端口/协议。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.