How can I add a condition to an SecurityGroupIngress rule in a Security group resource? So for example if environment parameter is set to "prod" it will open both port 80 and 443 but if its set to "test" it will only open port 80.
Example template:
AWSTemplateFormatVersion: 2010-09-09
Parameters:
EnvType:
Description: Environment type.
Default: test
Type: String
AllowedValues:
- prod
- test
ConstraintDescription: must specify prod or test.
Conditions:
CreateProdResources: !Equals
- Ref: EnvType
- prod
Resources:
WebSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Web server
GroupName: web
VpcId: vpc-abc01234
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
You have already defined the condition that is required for this, now you can make use of the intrinsic If function and the NoValue pseudo parameter:
WebSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Web server
GroupName: web
VpcId: vpc-abc01234
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- !If
- CreateProdResources
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- !Ref AWS::NoValue
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.