Cloudformation:创建引用另一个安全组的aws安全组

时间:2018-01-22 18:55:07

标签: amazon-web-services amazon-cloudformation aws-security-group

我想创建一个rds安全组,允许来自另一个安全组的所有访问。我知道这可以在web ui consul中选择custom作为源类型,然后输入安全组ID代替ip地址范围。这是我现在尝试使用的一个例子:

"SgRds2Ec2SecurityGroup": {
  "Type": "AWS::EC2::SecurityGroup",
  "Properties": {
    "GroupDescription": "rds access from corp",
    "VpcId": {
      "Ref": "VpcId"
    },
    "SecurityGroupIngress": [
      {
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "SecurityGroupID": {
          "Ref": "SgRdsEc2SecurityGroup"
        }
      }
    ]
  }
}

这给了我错误:

2018-01-22 18:48:47 UTC   SgRds2Ec2SecurityGroup   CREATE_FAILED        Encountered unsupported property SecurityGroupID

我应该使用什么代替SecurityGroupID

1 个答案:

答案 0 :(得分:2)

根据the documentation,您正在寻找SourceSecurityGroupId

"SecurityGroupIngress": [
  {
    "IpProtocol": "tcp",
    "FromPort": "0",
    "ToPort": "65535",
    "SourceSecurityGroupId": {
      "Ref": "SgRdsEc2SecurityGroup"
    }
  }
]
相关问题
最新问题