[英]AWS Cloudformation - Add condition to security group egress rule
如何向安全组资源中的 SecurityGroupIngress 规则添加条件? 因此,例如,如果环境参数设置为“prod”,它将同时打开端口 80 和 443,但如果设置为“test”,它将只打开端口 80。
示例模板:
AWSTemplateFormatVersion: 2010-09-09
Parameters:
EnvType:
Description: Environment type.
Default: test
Type: String
AllowedValues:
- prod
- test
ConstraintDescription: must specify prod or test.
Conditions:
CreateProdResources: !Equals
- Ref: EnvType
- prod
Resources:
WebSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Web server
GroupName: web
VpcId: vpc-abc01234
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
您已经定义了执行此操作所需的条件,现在您可以使用内部If function 和NoValue伪参数:
WebSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Web server
GroupName: web
VpcId: vpc-abc01234
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- !If
- CreateProdResources
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- !Ref AWS::NoValue
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.