我的cloudformation模板中有一个安全组:
"MySecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security Group",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
]
}
}
我想动态地将0.0.0.0/0
更改为安全组ID。我该怎么做?
答案 0 :(得分:1)
我几乎正是Sanket所建议的。但它失败了这个错误:
Invalid id: "Semarchy-AppServerSecurityGroup-1AESXGUBKH5N4" (expecting "sg-...")
相反,这个替代方案就是我所需要的:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Security group for Semarchy MDM Instance",
"VpcId" : { "Ref" : "VpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "1521",
"ToPort" : "1521",
"SourceSecurityGroupId" : { "Fn::GetAtt" : [ "AppServerSecurityGroup", "GroupId" ] }
} ]
}
}
答案 1 :(得分:0)
您可以使用下面提到的内容:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP access on the configured port",
"VpcId" : { "Ref" : "VpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : { "Ref" : "WebServerPort" },
"ToPort" : { "Ref" : "WebServerPort" },
"SourceSecurityGroupId" : { "Ref" : "LoadBalancerSecurityGroup" }
} ]
}
}
其中SourceSecurityGroupID是对已配置的安全组(此处为LoadBalancerSecurityGroup)的引用。要确保在此安全组(InstanceSecurityGroup)之前生成引用安全组(LoadBalancerSecurityGroup),请使用“DependsOn”。
谢谢