堆栈内存溢出
  简体   繁体   English

具有 50 个 CIDR IP(入口)的安全组的 Cloudformation 模板 (JSON)

[英]Cloudformation template(JSON) for security group with 50 CIDR IPs (Ingress)

 原文  2021-11-27 11:28:21       json/ amazon-web-services/ amazon-cloudformation

问题描述

I am creating Cloud formation template for security group with ingress rule of over 50 CIDR IPs.我正在为具有超过 50 个 CIDR IP 的入口规则的安全组创建云形成模板。 In Parameters, I used Commadelimited list for Multiple CIDR IPs.在参数中,我对多个 CIDR IP 使用了 Commadelimited 列表。 Instead of creating seperate values in SecurityGroupIngress for each CIDR IP, Is it possible to include multiple CidrIps in single code.而不是在 SecurityGroupIngress 中为每个 CIDR IP 创建单独的值,是否可以在单个代码中包含多个 CidrIps。

                    {
                        "IpProtocol" : "tcp",
                        "CidrIp" : "54.183.255.128/26",
                        "FromPort" : "443",
                        "ToPort" : "443"
                    },
                    {
                        "IpProtocol" : "tcp",
                        "CidrIp" : "54.228.16.0/26", 
                        "FromPort" : "443",
                        "ToPort" : "443"
                    },
                    {
                        "IpProtocol" : "tcp",
                        "CidrIp" :  "54.232.40.64/26", 
                        "FromPort" : "443",
                        "ToPort" : "443"
                    },
                    {
                        "IpProtocol" : "tcp",
                        "CidrIp" : "54.241.32.64/26", 
                        "FromPort" : "443",
                        "ToPort" : "443"
                    },

Template I want to use like below.我想使用的模板如下。 But here I can able to get only 1 position CIDR IPs.但在这里我只能获得 1 个 position CIDR IP。

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "HTTPS - Security Group",
    "Parameters": {
        "VPC": {
            "Type": "AWS::EC2::VPC::Id",
            "Description": "VPC where the Security Group will belong"
        },
        "Name": {
            "Type": "String",
            "Description": "Name Tag of the Security Group"
        },
        "DbSubnetIpBlocks": {
            "Description": "Comma-delimited list of CIDR blocks",
            "Type": "CommaDelimitedList"
        }
    },
    "Resources": {
        "MySG": {
            "Type": "AWS::EC2::SecurityGroup",
            "Properties": {
                "GroupDescription": {
                    "Ref": "Description"
                },
                "VpcId": {
                    "Ref": "VPC"
                },
                "SecurityGroupIngress": [
                    {
                        "IpProtocol": "tcp",
                        "CidrIp": {
                            "Fn::Select": [
                                "1",
                                {
                                    "Ref": "DbSubnetIpBlocks"
                                }
                            ]
                        },
                        "FromPort": "443",
                        "ToPort": "443"
                    }
                ]
            }
        }
    },
    "Outputs": {
        "SecurityGroupID": {
            "Description": "Security Group ID",
            "Value": {
                "Ref": "MySG"
            }
        }

1 个解决方案

解决方案1
 0 已采纳  2021-11-27 11:31:12

Sadly its not possible.可悲的是这是不可能的。 One security group (SG) rule applies to only one CIDR range.一个安全组 (SG) 规则仅适用于一个 CIDR 范围。

There is a limit of 60 rules in a SG, which you can request to be increased. SG 中有60条规则的限制,您可以请求增加。

Although a single SG rule can refer to single CIDR, you can create CloudFormation macro or custom resource to automatically create all these rules for you.尽管单个 SG 规则可以引用单个 CIDR,但您可以创建 CloudFormation 自定义资源来自动为您创建所有这些规则。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有VPC,子网和安全组选择的EC2的CloudFormation模板(JSON) - CloudFormation Template (JSON) for EC2 with VPC, Subnet & Security Group Choices 同一安全组的CidrIp json模板 - CidrIp json template for same security group 换行输出CloudFormation Json模板 - New Line output CloudFormation Json Template AWS Cloudformation JSON模板到C#对象 - AWS Cloudformation JSON template to c# object 使用jq解析AWS安全组并添加新的入口规则 - Parse AWS security group with jq and add new ingress rule 如何在 aws cloudformation yaml 模板中格式化数据类型 json 的参数? - How to format parameter of data type json in a aws cloudformation yaml template? 在cloudformation json模板中添加PublicSubnet / PrivateSubnet的正确方法? - Proper way to add PublicSubnet/PrivateSubnet in cloudformation json template? AWS Cloudformation json模板中的“参数”内应是什么,以及“资源”内应是什么? - What should be inside “Parameters” and what in “Resoures” in AWS Cloudformation json template? 使用 JQ 从 CloudFormation.template.json 中删除块 - Using JQ to delete blocks from CloudFormation.template.json 我可以在 AWS Cloudformation json 模板的“参数”中使用“Fn::Join”吗 - Can I use "Fn::Join" in "Parameters" of AWS Cloudformation json template
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM