YAML CF 模板,用于具有多个 CIDR IP 的云形成安全组
[英]YAML CF template for Cloud formation security group with multiple CIDR IPs
问题描述
I am creating cloudformation template in YAML for security group with the below aim.
我正在 YAML 中为安全组创建 cloudformation 模板,目标如下。
If I input 3 CIDR IPs(59.188.255.128/26,34.224.81.192/26,35.223.13.224/27) in parameter (IPs), security group should be created with ingress 3 CIDR IPs.如果我在参数(IP)中输入3个CIDR IP(59.188.255.128/26,34.224.81.192/26,35.223.13.224/27),则应该使用入口3个CIDR IP创建安全组。 If I input 2 CIDR IPs(59.188.255.128/26,34.224.81.192/26) in parameter (IPs), security group should be created with those ingress 2 CIDR IPs.如果我在参数(IP)中输入 2 个 CIDR IP(59.188.255.128/26,34.224.81.192/26),则应使用这些入口 2 个 CIDR IP 创建安全组。 If I input 1 CIDR IP(59.188.255.128/26) in parameter (IPs), security group should be created with that ingress 1 CIDR IPs.如果我在参数 (IP) 中输入 1 CIDR IP(59.188.255.128/26),则应使用该入口 1 CIDR IP 创建安全组。
I am getting error while validating my template in Cloudformation designer.在 Cloudformation 设计器中验证我的模板时出现错误。
Template contains errors.: Template format error: YAML not well-formed. (line 17, column 28)
Is the below template fulfil the purpose?以下模板是否达到目的? Also I am unable to detect the error.我也无法检测到错误。 Can someone help me on this.有人可以帮我解决这个问题。
AWSTemplateFormatVersion: 2010-09-09
Description: Security Group for CIDR IPs
Parameters:
VPC:
Type: AWS::EC2::VPC::Id
Description: VPC where the Security Group will belong
Name:
Type: String
Description: Name Tag of the Security Group
Description:
Type: String
Description: Description Tag of the Security Group
IPs:
Description: Comma-delimited list of three CIDR IPs
Type: CommaDelimitedList
Conditions:
IsIPthereA: !Not [!Equals["",!Select [ 0, !Ref IPs ] ]]
IsIPthereB: !Not [!Equals["",!Select [ 1, !Ref IPs ] ]]
IsIPthereC: !Not [!Equals["",!Select [ 2, !Ref IPs ] ]]
Resources:
MYSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: !Ref Description
VpcId: !Ref VPC
SecurityGroupIngress:
- IpProtocol: tcp
CidrIp: !If [IsIPthereA, !Select [ 0, !Ref IPs ], !Ref AWS::NoValue]
FromPort: 443
ToPort: 443
- IpProtocol: tcp
CidrIp: !If [IsIPthereB, !Select [ 1, !Ref IPs ], !Ref AWS::NoValue]
FromPort: 443
ToPort: 443
- IpProtocol: tcp
CidrIp: !If [IsIPthereC, !Select [ 2, !Ref IPs ], !Ref AWS::NoValue]
FromPort: 443
ToPort: 443
Outputs:
SecurityGroupID:
Description: Security Group ID
Value: !Ref MYSG
1 个解决方案
解决方案1
0 2021-11-28 18:55:33
The Validation Error is because there is no space after.Equals.验证错误是因为.Equals 后面没有空格。
Update your condition like this, it will work fine.像这样更新您的条件,它将正常工作。
Conditions:
IsIPthereA:
!Not [!Equals ["",!Select [ 0, !Ref IPs ] ]]
IsIPthereB:
!Not [!Equals ["",!Select [ 1, !Ref IPs ] ]]
IsIPthereC:
!Not [!Equals ["",!Select [ 2, !Ref IPs ] ]]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.