使用 AWS CDK 将入口规则添加到安全组
[英]Add Ingress Rule to Security Groups using AWS CDK
问题描述
I'm trying to add an ingress rule to a Security Group via the AWS CDK using Python.
我正在尝试使用 Python 通过 AWS CDK 将入口规则添加到安全组。 As per the documentation here - there's a method add_ingress_rule() on the Class aws_cdk.aws_ec2.根据此处的文档 - 类 aws_cdk.aws_ec2 上有一个方法 add_ingress_rule()。
However - when I try to deploy the stack, I get the following error :但是 - 当我尝试部署堆栈时,出现以下错误:
AttributeError: 'method' object has no attribute ' jsii__type ' Subprocess exited with error 1 AttributeError: 'method' 对象没有属性 ' jsii__type ' 子进程退出,错误 1
Security Group Code snippet below-下面的安全组代码片段-
sg_elb = ec2.SecurityGroup(
self,
id = "sg_elb",
vpc = vpc,
security_group_name = "sg_elb"
)
sg_elb.add_ingress_rule(
peer = ec2.Peer.any_ipv4,
connection = ec2.Port.tcp(443) # This line seems to be a problem.
)
There's even the same example (in TypeScript) given on the official documentation here so I'm not sure what I'm doing wrong. 此处的官方文档中甚至还提供了相同的示例(在 TypeScript 中),因此我不确定自己做错了什么。
Can anyone advise ?任何人都可以建议吗?
Thanks in advance !提前致谢 !
3 个解决方案
解决方案1
19 已采纳 2019-09-18 01:51:47
I got the following to work using TS, hope it helps some.我使用 TS 获得了以下内容,希望对您有所帮助。
const mySG = new ec2.SecurityGroup(this, `${stack}-security-group`, {
vpc: vpc,
allowAllOutbound: true,
description: 'CDK Security Group'
});
mySG.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'SSH frm anywhere');
mySG.addIngressRule(ec2.Peer.ipv4('10.200.0.0/24'), ec2.Port.tcp(5439), 'Redshift Ingress1');
mySG.addIngressRule(ec2.Peer.ipv4('10.0.0.0/24'), ec2.Port.tcp(5439), 'Redshift Ingress2');
Btw, it is not recommended to use an explicit security group name: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.SecurityGroup.html顺便说一句,不建议使用明确的安全组名称: https : //docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.SecurityGroup.html
解决方案2
0 2021-01-26 06:00:46
This worked for me这对我有用
sg = ec2.SecurityGroup(
self,
id="sg_1",
vpc=vpc,
allow_all_outbound=True,
description="CDK Security Group"
# security_group_name = "sg_elb"
# not recommended https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.SecurityGroup.html
)
sg.add_ingress_rule(
peer=ec2.Peer.any_ipv4(),
connection=ec2.Port.tcp(22),
description="ssh",
)
解决方案3
0 2021-07-18 08:26:29
In SDK documentation: "Direct manipulation of the Security Group through addIngressRule and addEgressRule is possible, but mutation through the .connections object is recommended. If you peer two constructs with security groups this way, appropriate rules will be created in both."在 SDK 文档中:“可以通过 addIngressRule 和 addEgressRule 直接操作安全组,但建议通过 .connections 对象进行更改。如果以这种方式将两个构造与安全组对等,将在两者中创建适当的规则。”
So it's better to add rules like this:所以最好添加这样的规则:
sg.connections.allow_from(
Peer.any_ipv4(),
Port.tcp(22),
"ssh"
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.