Allow ingress from one security group to another using AWS CDK
Question
How can I connect two security groups together using the AWS CDK?
This is an example of allow IPv4 traffic ingress via port 443
ec2SecurityGroup.addIngressRule(Peer.anyIpv4(), Port.tcp(443), 'Test rule', false)
This from the documentation:
public addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void
This is the best I could come up with (where 'elbSecurityGroup' is another security group):
const p = Peer.anyIpv4()
p.connections.allowFrom(elbSecurityGroup.connections, Port.tcp(443))
ec2SecurityGroup.addIngressRule(p, Port.tcp(443), 'Test rule', false)
But that doesn't really make any sense. There must be a better way of Initializing the Peer. Typescript says
Constructor of class 'Peer' is protected and only accessible within the class declaration.
If I try:
const p = new Peer()
1 answers
solution1
15 ACCPTED 2019-12-13 00:33:13
This can be done by accessing the 'connections' on SecurityGroups or other Constructs directly
ec2SecurityGroup.connections.allowFrom(elbSecurityGroup, Port.tcp(443), 'Application Load Balancer')
Or from an EC2 Instance object directly to another EC2 instance:
ec2Instance1.connections.allowFrom(ec2Instance2, Port.tcp(4321), 'Inbound')
ec2Instance2.connections.allowTo(ec2Instance1, Port.tcp(4321), 'Outbound')
This will create/alter a SecurityGroup created by CDK that is attached to the EC2 instance.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.