Hi I am working on AWS CDK. I am writing security group templates. I am able to write it in Cloud formation. Now I am writing it in AWS CDK. I dint get any example for including source security group. Below is my cloud formation template wrote earlier.
Resources:
MerchWebServicesSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
Tags:
- Key: "Name"
Value: !Ref "AWS::StackName"
GroupDescription: "EC2 Services Security Group"
VpcId:
Fn::ImportValue: "infra-vpc-base::VpcId"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "80"
ToPort: "80"
SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
- IpProtocol: tcp
FromPort: "443"
ToPort: "443"
SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
- IpProtocol: tcp
FromPort: 31000
ToPort: 65535
SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
MerchWebServicesLoadBalancerSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
Tags:
-
Key: "Name"
Value: !Ref "AWS::StackName"
GroupDescription: "MerchWebServices ALB Group"
VpcId:
Fn::ImportValue: "infra-vpc-base::VpcId"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: '172.30.1.0/15'
In the above template I have created SG MerchWebServicesSecurityGroup and I have specified SourceSecurityGroupId as another SG MerchWebServicesLoadBalancerSecurityGroup.
#create SG MerchWebServicesLoadBalancerSecurityGroup
mws_vpc_sg_alb = ec2.SecurityGroup(self,"MerchWebServicesLoadBalancerSecurityGroup",
description = "MerchWebServices ALB Group",
security_group_name = "MerchWebServicesLoadBalancerSecurityGroup",
vpc= vpc);
mws_vpc_sg_alb.add_ingress_rule(peer = ec2.Peer.ipv4('172.30.0.0/15'), connection = ec2.Port.tcp(80));
#create SG MerchWebServicesSecurityGroup
mws_vpc_sg = ec2.SecurityGroup(self,"MerchWebServicesSecurityGroup",
description="EC2 Services Security Group",
security_group_name="MerchWebServicesSecurityGroup",
vpc = vpc);
mws_vpc_sg.add_ingress_rule(peer = ec2.Peer.ipv4(mws_vpc_sg_alb), connection = ec2.Port.tcp(80));
In the above code I am trying to create SG MerchWebServicesSecurityGroup and below I am adding ingress rules
mws_vpc_sg.add_ingress_rule(peer = ec2.Peer.ipv4(mws_vpc_sg_alb), connection = ec2.Port.tcp(80));
Here instead of specifying Cidr block I want to specify SourceSecurityGroupId. In AWS CDK I am not sure how to use Ref and include SourceSecurityGroupId. Can someone help me to complete this? Any help would be appreciated. Thanks
ec2.SecurityGroup implements IPeer interface, therefore the security group itself can be used as a peer.
mws_vpc_sg_alb.add_ingress_rule(
peer=mws_vpc_sg_alb,
connection=ec2.Port.tcp(80),
description='ALB access'
)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.