stackoom
  简体   繁体   中英

Update existing security group when creating new ec2 CloudFormation

 原文  2016-10-03 17:25:49       amazon-web-services/ amazon-ec2/ amazon-cloudformation

Question

I have ec2 instance which was created using such cfn template:

Parameters: 

"VPCId": {
    "Type":  "AWS::EC2::VPC::Id"
    "Description": "The VPC Id to where this instance is being created"
}
"Subnet": {
  "Description": "Subnet to put Instance",
  "Type": "AWS::EC2::Subnet::Id",
},

Have the following Security Group: 

"InstanceSecurityGroup": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "Enables access to instance by port 80",
        "VPCId": {
            "Ref": "VPCId"
        },
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": "80",
            "ToPort": "80",
            "CidrIp": {
              "Ref": "ClientCIDR"
            }
          }
        ]
      },

And part of Instance Resource: 

"WebServer": {
  "Type": "AWS::EC2::Instance",
  "Properties": {
    "IamInstanceProfile": "access-profile",
    "SecurityGroupIds": [
      { "Fn::GetAtt": [
          "InstanceSecurityGroup",
          "GroupId"
        ]
      }
    ],
    "SubnetId": {
      "Ref": "Subnet"
    },

I want to create a few another instances using another template. This instances should have access to the above instance by port 22 and connect to it in UserData.

I'm not sure how it can be organized, the one way i see is update security group using aws cli through UserData before establishing ssh connection to the first instance. How it can be organized using resources? I didn't find any information or examples regarding this. Please help! Thanks!

1 answers

solution1
 2 ACCPTED  2016-10-03 17:46:17

You can modify the InstanceSecurityGroup to allow access from the other instances: 

"InstanceSecurityGroup": {
  "Type": "AWS::EC2::SecurityGroup",
  "Properties": {
    "GroupDescription": "Enables access to instance by port 80",
    "VPCId": {
        "Ref": "VPCId"
    },
    "SecurityGroupIngress": [
      {
        "IpProtocol": "tcp",
        "FromPort": "80",
        "ToPort": "80",
        "CidrIp": {
          "Ref": "ClientCIDR"
        }
      },
      {
        "IpProtocol": "tcp",
        "FromPort": "22",
        "ToPort": "22",
        "SourceSecurityGroupId": {
          "Ref": "OtherInstancesSecurityGroup"
        }
      }
    ]
  },

where OtherInstancesSecurityGroup is a new Security Group you will assign the the other instances.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add a security group to an existing EC2 instance with CloudFormation CloudFormation Template (JSON) for EC2 with VPC, Subnet & Security Group Choices How to use an EC2 ip address in a Security Group inside cloudformation The DB instance and EC2 security group are in different VPCs, cloudFormation error Security Group Issue with launching an EC2 instance with CloudFormation Terraform add existing security group to new auto scaling ec2 group How to change security group for existing amazon EC2 ubuntu Associate an existing EIP to EC2 Instance in CloudFormation AWS - How can I receive an SNS alert when a new EC2 Security Group is created? Can I use an existing key pair when creating a new EC2 instance?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM