class SecurityManager(Stack):
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
sg = SecurityGroup.from_security_group_id(
self,
id="security",
security_group_id='ALREADY CREATED SECURITY GROUP ID',
mutable=True,
)
sg.add_ingress_rule(
Peer.ipv4('52.144.227.192/26'), Port.tcp(443), "THIS ADDS INBOUND RULE"
CDK部署此堆栈。它会增加入口IP,
但是:
1。销毁堆栈不会删除IP规则:
但是通过调用cdk destroy SecurityManager破坏SecurityManager堆栈,尽管cdk控制台说它已被破坏,但代码仍添加了IP:
Resources
[-] AWS::EC2::SecurityGroupIngress SecurityManagerfrom{1231232131} destroy
2。将上面的代码ip更改为52.219.60.0/23并重新部署并查看输出:
Security Group Changes
┌───┬──────────────────────┬─────┬──────────┬───────────────────┐
│ │ Group │ Dir │ Protocol │ Peer │
├───┼──────────────────────┼─────┼──────────┼───────────────────┤
│ - │ sg-12313213123123123 │ In │ TCP 443 │ 52.144.227.192/26 │
├───┼──────────────────────┼─────┼──────────┼───────────────────┤
│ + │ sg-12313213123123123 │ In │ TCP 443 │ 52.219.60.0/23 │
└───┴──────────────────────┴─────┴──────────┴───────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
在两种情况下,规则(52.144.227.192/26)在AWS控制台上仍然可见-是的,我刷新了页面。
好像是个错误? 是否可以使用AWS CDK删除安全组规则?