CidrIp JSON模板我有一个安全组在我cloudformation模板:为同一安全组
"MySecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security Group",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
]
}
}
我想改变0.0.0.0/0到安全组ID动态。我怎么做?
我几乎正是Sanket所建议的。但它失败,此错误:
Invalid id: "Semarchy-AppServerSecurityGroup-1AESXGUBKH5N4" (expecting "sg-...")
相反,这个选择是我所需要的:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Security group for Semarchy MDM Instance",
"VpcId" : { "Ref" : "VpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "1521",
"ToPort" : "1521",
"SourceSecurityGroupId" : { "Fn::GetAtt" : [ "AppServerSecurityGroup", "GroupId" ] }
} ]
}
}
您可以使用类似下面的:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP access on the configured port",
"VpcId" : { "Ref" : "VpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : { "Ref" : "WebServerPort" },
"ToPort" : { "Ref" : "WebServerPort" },
"SourceSecurityGroupId" : { "Ref" : "LoadBalancerSecurityGroup" }
} ]
}
}
其中SourceSecurityGroupID是参照已提供安全组(这里LoadBalancerSecurityGroup)。要确保您的参考安全组(LoadBalancerSecurityGroup)在此安全组(InstanceSecurityGroup)之前生成,请使用“DependsOn”。
谢谢