![](/img/trans.png)
[英]CloudFormation Template (JSON) for EC2 with VPC, Subnet & Security Group Choices
[英]CidrIp json template for same security group
我的cloudformation模板中有一個安全組:
"MySecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security Group",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
]
}
}
我想將0.0.0.0/0
動態更改為安全組ID。 我怎么做?
我幾乎完全了解了Sanket的建議。 但是它失敗並顯示以下錯誤:
Invalid id: "Semarchy-AppServerSecurityGroup-1AESXGUBKH5N4" (expecting "sg-...")
相反,這是我需要的替代方法:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Security group for Semarchy MDM Instance",
"VpcId" : { "Ref" : "VpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "1521",
"ToPort" : "1521",
"SourceSecurityGroupId" : { "Fn::GetAtt" : [ "AppServerSecurityGroup", "GroupId" ] }
} ]
}
}
您可以使用如下所述的內容:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP access on the configured port",
"VpcId" : { "Ref" : "VpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : { "Ref" : "WebServerPort" },
"ToPort" : { "Ref" : "WebServerPort" },
"SourceSecurityGroupId" : { "Ref" : "LoadBalancerSecurityGroup" }
} ]
}
}
其中SourceSecurityGroupID引用已配置的安全組(此處為LoadBalancerSecurityGroup)。 要確保在此安全組(InstanceSecurityGroup)之前生成了參考安全組(LoadBalancerSecurityGroup),請使用“ DependsOn”。
謝謝
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.