stackoom
  简体   繁体   中英

Add Ingress Rule to Security Groups using AWS CDK

 原文  2019-09-13 10:42:10       python/ aws-cdk

Question

I'm trying to add an ingress rule to a Security Group via the AWS CDK using Python. As per the documentation here - there's a method add_ingress_rule() on the Class aws_cdk.aws_ec2.

However - when I try to deploy the stack, I get the following error :

AttributeError: 'method' object has no attribute ' jsii__type ' Subprocess exited with error 1

Security Group Code snippet below-

        sg_elb = ec2.SecurityGroup(
            self,
            id = "sg_elb",
            vpc = vpc,
            security_group_name = "sg_elb"
        )

        sg_elb.add_ingress_rule(
            peer = ec2.Peer.any_ipv4,
            connection = ec2.Port.tcp(443)   # This line seems to be a problem.
        )

There's even the same example (in TypeScript) given on the official documentation here so I'm not sure what I'm doing wrong.

Can anyone advise ?

Thanks in advance !

3 answers

solution1
 19 ACCPTED  2019-09-18 01:51:47

I got the following to work using TS, hope it helps some.

        const mySG = new ec2.SecurityGroup(this, `${stack}-security-group`, {
            vpc: vpc,
            allowAllOutbound: true,
            description: 'CDK Security Group'
        });

        mySG.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'SSH frm anywhere');
        mySG.addIngressRule(ec2.Peer.ipv4('10.200.0.0/24'), ec2.Port.tcp(5439), 'Redshift Ingress1');
        mySG.addIngressRule(ec2.Peer.ipv4('10.0.0.0/24'), ec2.Port.tcp(5439), 'Redshift Ingress2');

Btw, it is not recommended to use an explicit security group name: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.SecurityGroup.html

solution2
 0  2021-01-26 06:00:46

This worked for me

        sg = ec2.SecurityGroup(
            self,
            id="sg_1",
            vpc=vpc,
            allow_all_outbound=True,
            description="CDK Security Group"
            # security_group_name = "sg_elb"
            # not recommended https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.SecurityGroup.html
        )

        sg.add_ingress_rule(
            peer=ec2.Peer.any_ipv4(),
            connection=ec2.Port.tcp(22),
            description="ssh",
        )

solution3
 0  2021-07-18 08:26:29

In SDK documentation: "Direct manipulation of the Security Group through addIngressRule and addEgressRule is possible, but mutation through the .connections object is recommended. If you peer two constructs with security groups this way, appropriate rules will be created in both."

So it's better to add rules like this:

sg.connections.allow_from(
  Peer.any_ipv4(),
  Port.tcp(22),
  "ssh" 
)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Creating AWS RDS Postgres with CDK and defining Security Groups AWS security groups How to create listener rule in AWS CDK? How to add an existing resource to stack using Python AWS-CDK? AWS CDK add port mappings How to create security group in aws cdk in python? Set security groups to an ALB aws Event Pattern rule "anything-but" using CDK authorize aws security group using python boto3 with description for each ingress boto3 update_security_group_rule_descriptions_ingress error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM