堆栈内存溢出
  简体   繁体   English

如何在 AWS CDK 中指定源安全组 ID?

[英]How to specify source security group Id in AWS CDK?

 原文  2019-12-03 04:04:45       python/ amazon-web-services/ amazon-cloudformation/ aws-cdk

问题描述

Hi I am working on AWS CDK.您好,我正在研究 AWS CDK。 I am writing security group templates.我正在编写安全组模板。 I am able to write it in Cloud formation.我可以在 Cloud 编队中编写它。 Now I am writing it in AWS CDK.现在我正在用 AWS CDK 编写它。 I dint get any example for including source security group.我没有得到包含源安全组的任何示例。 Below is my cloud formation template wrote earlier.下面是我之前写的云形成模板。

Resources:
  MerchWebServicesSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      Tags:
        - Key: "Name"
          Value: !Ref "AWS::StackName"
      GroupDescription: "EC2 Services Security Group"
      VpcId:
        Fn::ImportValue: "infra-vpc-base::VpcId"
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: "80"
          ToPort: "80"
          SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
        - IpProtocol: tcp
          FromPort: "443"
          ToPort: "443"
          SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
        - IpProtocol: tcp
          FromPort: 31000
          ToPort: 65535
          SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup

  MerchWebServicesLoadBalancerSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      Tags:
        -
          Key: "Name"
          Value: !Ref "AWS::StackName"
      GroupDescription: "MerchWebServices ALB Group"
      VpcId:
        Fn::ImportValue: "infra-vpc-base::VpcId"
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: '172.30.1.0/15'

In the above template I have created SG MerchWebServicesSecurityGroup and I have specified SourceSecurityGroupId as another SG MerchWebServicesLoadBalancerSecurityGroup.在上面的模板中,我创建了 SG MerchWebServicesSecurityGroup,并将 SourceSecurityGroupId 指定为另一个 SG MerchWebServicesLoadBalancerSecurityGroup。

        #create SG MerchWebServicesLoadBalancerSecurityGroup
        mws_vpc_sg_alb  = ec2.SecurityGroup(self,"MerchWebServicesLoadBalancerSecurityGroup",
        description = "MerchWebServices ALB Group",
        security_group_name = "MerchWebServicesLoadBalancerSecurityGroup",
        vpc= vpc);

        mws_vpc_sg_alb.add_ingress_rule(peer = ec2.Peer.ipv4('172.30.0.0/15'), connection = ec2.Port.tcp(80));

        #create SG MerchWebServicesSecurityGroup
        mws_vpc_sg = ec2.SecurityGroup(self,"MerchWebServicesSecurityGroup",
        description="EC2 Services Security Group",
        security_group_name="MerchWebServicesSecurityGroup",
        vpc = vpc);
        mws_vpc_sg.add_ingress_rule(peer = ec2.Peer.ipv4(mws_vpc_sg_alb), connection = ec2.Port.tcp(80));

In the above code I am trying to create SG MerchWebServicesSecurityGroup and below I am adding ingress rules在上面的代码中,我试图创建 SG MerchWebServicesSecurityGroup,下面我正在添加入口规则

mws_vpc_sg.add_ingress_rule(peer = ec2.Peer.ipv4(mws_vpc_sg_alb), connection = ec2.Port.tcp(80));

Here instead of specifying Cidr block I want to specify SourceSecurityGroupId.在这里,我想指定 SourceSecurityGroupId,而不是指定 Cidr 块。 In AWS CDK I am not sure how to use Ref and include SourceSecurityGroupId.在 AWS CDK 中,我不确定如何使用 Ref 并包含 SourceSecurityGroupId。 Can someone help me to complete this?有人可以帮我完成这个吗? Any help would be appreciated.任何帮助,将不胜感激。 Thanks谢谢

1 个解决方案

解决方案1
 5 已采纳  2019-12-03 23:20:07

ec2.SecurityGroup implements IPeer interface, therefore the security group itself can be used as a peer. ec2.SecurityGroup 实现了IPeer 接口,因此安全组本身可以作为peer。

mws_vpc_sg_alb.add_ingress_rule(
     peer=mws_vpc_sg_alb,
     connection=ec2.Port.tcp(80),
     description='ALB access'
)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 python 的 aws cdk 中创建安全组? - How to create security group in aws cdk in python? Python Boto:如何指定子网ID和安全组? - Python Boto: How do you specify a subnet id AND a security group? AWS CDK 如何覆盖 Auto Scaling 组中的默认启动配置? - AWS CDK How to override default launch configuration in auto scaling group? 如何覆盖 AWS CDK 中的资源? - How to override resources in AWS CDK? 如何在资源组中列出 AWS 实例 ID - How to list the AWS instance id in Resource group 使用 AWS CDK 创建 EFS 挂载目标时如何设置子网 ID? - How to set the subnet_id when creating an EFS Mount Target with AWS CDK? 使用 CDK 创建 AWS RDS Postgres 并定义安全组 - Creating AWS RDS Postgres with CDK and defining Security Groups 使用 AWS CDK 将入口规则添加到安全组 - Add Ingress Rule to Security Groups using AWS CDK CDK elbv2.ApplicationLoadBalancer.add_security_group 不起作用 - CDK elbv2.ApplicationLoadBalancer.add_security_group doesn't work 如何遍历所有AWS区域以获取安全组信息 - How to iterate through all aws region to get security group info
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM