How to specify source security group Id in AWS CDK?
Question
Hi I am working on AWS CDK. I am writing security group templates. I am able to write it in Cloud formation. Now I am writing it in AWS CDK. I dint get any example for including source security group. Below is my cloud formation template wrote earlier.
Resources:
MerchWebServicesSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
Tags:
- Key: "Name"
Value: !Ref "AWS::StackName"
GroupDescription: "EC2 Services Security Group"
VpcId:
Fn::ImportValue: "infra-vpc-base::VpcId"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "80"
ToPort: "80"
SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
- IpProtocol: tcp
FromPort: "443"
ToPort: "443"
SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
- IpProtocol: tcp
FromPort: 31000
ToPort: 65535
SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
MerchWebServicesLoadBalancerSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
Tags:
-
Key: "Name"
Value: !Ref "AWS::StackName"
GroupDescription: "MerchWebServices ALB Group"
VpcId:
Fn::ImportValue: "infra-vpc-base::VpcId"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: '172.30.1.0/15'
In the above template I have created SG MerchWebServicesSecurityGroup and I have specified SourceSecurityGroupId as another SG MerchWebServicesLoadBalancerSecurityGroup.
#create SG MerchWebServicesLoadBalancerSecurityGroup
mws_vpc_sg_alb = ec2.SecurityGroup(self,"MerchWebServicesLoadBalancerSecurityGroup",
description = "MerchWebServices ALB Group",
security_group_name = "MerchWebServicesLoadBalancerSecurityGroup",
vpc= vpc);
mws_vpc_sg_alb.add_ingress_rule(peer = ec2.Peer.ipv4('172.30.0.0/15'), connection = ec2.Port.tcp(80));
#create SG MerchWebServicesSecurityGroup
mws_vpc_sg = ec2.SecurityGroup(self,"MerchWebServicesSecurityGroup",
description="EC2 Services Security Group",
security_group_name="MerchWebServicesSecurityGroup",
vpc = vpc);
mws_vpc_sg.add_ingress_rule(peer = ec2.Peer.ipv4(mws_vpc_sg_alb), connection = ec2.Port.tcp(80));
In the above code I am trying to create SG MerchWebServicesSecurityGroup and below I am adding ingress rules
mws_vpc_sg.add_ingress_rule(peer = ec2.Peer.ipv4(mws_vpc_sg_alb), connection = ec2.Port.tcp(80));
Here instead of specifying Cidr block I want to specify SourceSecurityGroupId. In AWS CDK I am not sure how to use Ref and include SourceSecurityGroupId. Can someone help me to complete this? Any help would be appreciated. Thanks
1 answers
solution1
5 ACCPTED 2019-12-03 23:20:07
ec2.SecurityGroup implements IPeer interface, therefore the security group itself can be used as a peer.
mws_vpc_sg_alb.add_ingress_rule(
peer=mws_vpc_sg_alb,
connection=ec2.Port.tcp(80),
description='ALB access'
)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.