添加多个SecurityGroupIngress规则

时间:2019-04-30 05:48:41

标签: amazon-cloudformation

我正在尝试创建循环依赖安全组。因此,首先我要创建两个安全组。然后,我尝试添加入站规则。但是我无法为入站规则添加多个规则。

import socket
from network import WLAN
import machine
import time
import ssl
import gc
import ussl
gc.collect()

wlan = WLAN(mode=WLAN.STA)
print("Connecting to wifi")
wlan.connect(SSID, auth=(WLAN.WPA2, PASSWORD), timeout=5000)
while not wlan.isconnected():
    machine.idle()
    print('WAN connection failed!')
    time.sleep(10)
    wlan.connect('My ASUS', auth=(WLAN.WPA2, 'chaipass'), timeout=5000)
print("Connected wifi")

############# SSL connection #################
KEY_PATH = "flash/cert/client.key"
CERT_PATH = "flash/cert/client.crt"
HOST= "www.google.com"
PATH="/"
PORT =443

with open(KEY_PATH, 'rb') as f:
    key1 = f.read()

with open(CERT_PATH, 'rb') as f:
    cert1 = f.read()

print("Create socket object")
s = usocket.socket(usocket.AF_INET, usocket.SOCK_STREAM)
# time.sleep(3)
print("Now getting address")
# addr = usocket.getaddrinfo(HOST, PORT)[0][-1]
addr = ('172.217.31.196', 443)

print(addr)
print("Connecting to the server")
time.sleep(3)
s.connect(addr)

print("Certificate exchange")
time.sleep(10)
sock = ssl.wrap_socket(s) #, key = key1, cert = cert1)

print("Write to server")
time.sleep(2)
sock.write(bytes('GET /%s HTTP/1.0\r\nHost: %s\r\n\r\n' % (PATH, HOST), 'utf8'))
time.sleep(2)
print(sock.read(100))
############### End of SSL connection

预期结果 添加多个规则

"SecurityGroup01": {
    "Type": "AWS::EC2::SecurityGroup",
    "Properties": {
        "GroupDescription": "SecurityGroup01",
        "VpcId": { "Ref": "VPCID" },
        "SecurityGroupEgress": [
            { "IpProtocol": "tcp", "FromPort": "1", "ToPort": "65535", "CidrIp": "0.0.0.0/0" },
            { "IpProtocol": "icmp", "FromPort": "8", "ToPort": "-1", "CidrIp": "0.0.0.0/0" }
        ],
        "Tags": [
            { "Key": "Name", "Value": "SG01" }
        ]
    }
},
"SecurityGroup02": {
    "Type": "AWS::EC2::SecurityGroup",
    "Properties": {
        "GroupDescription": "SecurityGroup02",
        "VpcId": {
            "Ref": "VPCID"
        },
        "SecurityGroupEgress": [
            { "IpProtocol": "tcp", "FromPort": "1", "ToPort": "65535", "CidrIp": "0.0.0.0/0" },
            { "IpProtocol": "icmp", "FromPort": "8", "ToPort": "-1", "CidrIp": "0.0.0.0/0" }
        ],
        "Tags": [
            { "Key": "Name", "Value": "SG02" }
        ]
    }
},
"SG01InboundRule": {
    "Type": "AWS::EC2::SecurityGroupIngress",
    "Properties": {
        "IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": { "Ref": "LocalIPAddress" }, 
              "DestinationSecurityGroupId": { "Fn::GetAtt": [ "SecurityGroup02", "GroupId" ] }, 
              "GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
    }
}

1 个答案:

答案 0 :(得分:0)

资源AWS::EC2::SecurityGroupIngress仅包含一个规则,但是您可以创建多个AWS::EC2::SecurityGroupIngress并将它们附加到同一安全组。

所以您将拥有:

"SG01InboundRule": {
    "Type": "AWS::EC2::SecurityGroupIngress",
    "Properties": {
        "IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": { "Ref": "LocalIPAddress" }, 
              "DestinationSecurityGroupId": { "Fn::GetAtt": [ "SecurityGroup02", "GroupId" ] }, 
              "GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
    }
}

"SG02InboundRule": {
    "Type": "AWS::EC2::SecurityGroupIngress",
    "Properties": {
        "IpProtocol": "tcp", "FromPort": "4200", "ToPort": "4200", "CidrIp": { "Ref": "LocalIPAddress" }, 
              "DestinationSecurityGroupId": { "Fn::GetAtt": [ "SecurityGroup02", "GroupId" ] }, 
              "GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
    }
}
相关问题
最新问题