嗨,我正在尝试使用aws cdk来写ssityity组。我知道如何使用云形成来编写它。 下面是我的云形成模板。
MerchWebServicesSecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
Tags:
- Key: "Name"
Value: !Ref "AWS::StackName"
GroupDescription: "EC2 Services Security Group"
VpcId:
Fn::ImportValue: "infra-vpc-base::VpcId"
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: "80"
ToPort: "80"
SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
- IpProtocol: tcp
FromPort: "443"
ToPort: "443"
SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
- IpProtocol: tcp
FromPort: 31000
ToPort: 65535
SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
我试图在python cdk中编写如下的安全组。
mws_vpc_sg = ec2.SecurityGroup(stack, "MerchWebServicesSecurityGroup",
description= "Allow ssh access to ec2 instances",
security_group_name= "MerchWebServicesSecurityGroup",
vpc= vpc
);
mws_vpc_sg.add_ingress_rule(?, Port.tcp(80));
以上,我想添加sourceSecurityGroupId和端口。有人可以帮我写这个吗?任何帮助,将不胜感激。谢谢
答案 0 :(得分:1)
如果您还已经在CDK中创建了另一个安全组,则可以将安全组作为对等方传递。
mws_vpc_sg.add_ingress_rule(load_balancer_sg, Port.tcp(80));
如果您在其他地方创建了安全组,则需要使用静态方法从安全组中获取ISecurityGroup:
var load_balancer_sg = ec2.SecurityGroup.fromSecurityGroupId(this, 'loadbalancer_sg', THE_ID_OF_THE_SG)