[英]Getting 'Property IpProtocol cannot be empty' error while creating security group using cloud formation
I am creating a basic security group using cloud formation on AWS but I am getting Property IpProtocol cannot be empty. 我正在使用AWS上的云形成来创建一个基本的安全组,但是我得到的Property IpProtocol不能为空。 error.
错误。 Following is the yml code I am running:
以下是我正在运行的yml代码:
Resources:
testsecuritygroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: test-group
GroupDescription: test security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
- SourceSecurityGroupId: sg-xxxxxxxxxx
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0
Tags:
- Key: group
Value: test
VpcId: !ImportValue VPC
When I run create-stack command it is running successfully but the stack is rolled back with CREATE_FAILED status and Property IpProtocol cannot be empty error. 当我运行create-stack命令时,它已成功运行,但是堆栈回滚并显示CREATE_FAILED状态,并且属性IpProtocol不能为空错误。 What I am doing wrong here?
我在这里做错了什么?
Your cidr is not valid. 您的cidr无效。 It should be 0.0.0.0/0
它应该是0.0.0.0/0
I resolved this issue. 我解决了这个问题。 To add a security group we have to create an Ingress rule and attach it to the security group instead of defining it in the security group.
要添加安全组,我们必须创建一个Ingress规则并将其附加到安全组,而不是在安全组中定义它。
Resources:
test:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !ImportValue VPC
GroupName: test-group
GroupDescription: test security group
SecurityGroupEgress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
Tags:
- Key: group
Value: test
TestInboundRule:
Type: AWS::EC2::SecurityGroupIngress
Properties:
GroupId: !GetAtt test.GroupId
IpProtocol: tcp
FromPort: 80
ToPort: 80
SourceSecurityGroupId: sg-xxxxxxxxx
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.