同一安全组的CidrIp json模板

时间:2013-12-20 16:50:12

标签: json amazon-web-services amazon-cloudformation

我的cloudformation模板中有一个安全组:

"MySecurityGroup": {
   "Type": "AWS::EC2::SecurityGroup",
        "Properties": {
            "GroupDescription": "Security Group",
            "SecurityGroupIngress": [
                {
                    "IpProtocol": "tcp",
                    "FromPort": "22",
                    "ToPort": "22",
                    "CidrIp": "0.0.0.0/0"
                }
             ]
         }
 }

我想动态地将0.0.0.0/0更改为安全组ID。我该怎么做?

2 个答案:

答案 0 :(得分:1)

我几乎正是Sanket所建议的。但它失败了这个错误:

Invalid id: "Semarchy-AppServerSecurityGroup-1AESXGUBKH5N4" (expecting "sg-...")

相反,这个替代方案就是我所需要的:

"InstanceSecurityGroup" : {
   "Type" : "AWS::EC2::SecurityGroup",
   "Properties" : {
      "GroupDescription" : "Security group for Semarchy MDM Instance",
      "VpcId" : { "Ref" : "VpcId" },
      "SecurityGroupIngress" : [ {
        "IpProtocol" : "tcp", 
        "FromPort" :   "1521", 
        "ToPort" :     "1521", 
        "SourceSecurityGroupId" : { "Fn::GetAtt" : [ "AppServerSecurityGroup", "GroupId" ] } 
      } ]
   }
}

答案 1 :(得分:0)

您可以使用下面提到的内容:

"InstanceSecurityGroup" : {
   "Type" : "AWS::EC2::SecurityGroup",
   "Properties" : {
      "GroupDescription" : "Enable HTTP access on the configured port",
      "VpcId" : { "Ref" : "VpcId" },
      "SecurityGroupIngress" : [ {
         "IpProtocol" : "tcp",
         "FromPort" : { "Ref" : "WebServerPort" },
         "ToPort" : { "Ref" : "WebServerPort" },
         "SourceSecurityGroupId" : { "Ref" : "LoadBalancerSecurityGroup" }
      } ]
   }
}

其中SourceSecurityGroupID是对已配置的安全组(此处为LoadBalancerSecurityGroup)的引用。要确保在此安全组(InstanceSecurityGroup)之前生成引用安全组(LoadBalancerSecurityGroup),请使用“DependsOn”。

谢谢