是否可以使用 Cloudformation 删除 aws 安全组默认出口允许所有规则?
[英]Is it possible to delete the aws Security Group Default Egress allow all Rule with Cloudformation?
问题描述
I Know that terraform does remove the default behavior of AWS.But is it possible to do that with the cloudformation?
我知道 terraform 确实删除了 AWS 的默认行为。但是使用 cloudformation 可以做到这一点吗?
1 个解决方案
解决方案1
4 2020-05-24 05:27:17
The CloudFormation documentation has a dedicated section for that: CloudFormation 文档对此有专门的部分:
When you specify a VPC security group, Amazon EC2 creates a default egress rule that allows egress traffic on all ports and IP protocols to any location.
sgwithoutegress:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Limits security group egress traffic
SecurityGroupEgress:
- CidrIp: 127.0.0.1/32
IpProtocol: "-1"
VpcId:
Ref: myVPC
Not that this does not remove physically the egress rule from the security group.并不是说这不会从安全组中物理删除出口规则。 This will lead to the following egress rule being created:这将导致创建以下出口规则:
Instead of the default one:而不是默认的:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.