stackoom
  简体   繁体   中英

AWS Cloudformation - Add condition to security group egress rule

 原文  2022-04-19 12:14:44       amazon-web-services/ cloud/ amazon-cloudformation/ aws-security-group

Question

How can I add a condition to an SecurityGroupIngress rule in a Security group resource? So for example if environment parameter is set to "prod" it will open both port 80 and 443 but if its set to "test" it will only open port 80.

Example template:

AWSTemplateFormatVersion: 2010-09-09
Parameters:
  EnvType:
    Description: Environment type.
    Default: test
    Type: String
    AllowedValues:
      - prod
      - test
    ConstraintDescription: must specify prod or test.
Conditions:
  CreateProdResources: !Equals 
    - Ref: EnvType
    - prod
Resources:
  WebSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Web server
      GroupName: web
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0

1 answers

solution1
 1  2022-04-19 13:55:21

You have already defined the condition that is required for this, now you can make use of the intrinsic If function and the NoValue pseudo parameter:

  WebSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Web server
      GroupName: web
      VpcId: vpc-abc01234
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - !If
          - CreateProdResources
          - IpProtocol: tcp
            FromPort: 443
            ToPort: 443
            CidrIp: 0.0.0.0/0
          - !Ref AWS::NoValue

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Workspace Security Group Egress Requirments Add an aws_security_group_rule that contains self and a security group id to a security group AWS Cloudformation - security group ids list export and import - SecurityGroupIds not valid Terraform: create resource(aws_security_group) successfully but it takes ingress/egress rules from all given security groups conflicting issue for aws_security_group_rule attributes cidr_blocks and source_security_group_id AWS CloudFormation: unable to create RDS database because database security group cannot reference the web server's security group AWS CLI - Create script to add my IP to security group Security Group in AWS Cloud AWS filtering egress traffic Set AWS Security Group inbound rule to let Gilabci pipeline make changes in RDS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM