Mik*_*gan 2 amazon-ec2 amazon-web-services aws-cloudformation amazon-vpc
我有这个AWS :: EC2 :: SecurityGroup:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable HTTP access on the configured port",
"VpcId" : { "Ref" : "VpcId" },
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : { "Ref" : "WebServerPort" },
"ToPort" : { "Ref" : "WebServerPort" },
"SourceSecurityGroupId" : { "Ref" : "LoadBalancerSecurityGroup" }
} ]
}
}
我有这个AWS :: RDS :: DBSecurityGroup
"DBSecurityGroup": {
"Type": "AWS::RDS::DBSecurityGroup",
"Properties": {
"DBSecurityGroupIngress": { "EC2SecurityGroupName": { "Ref": "InstanceSecurityGroup"} },
"GroupDescription" : "Frontend Access"
}
}
当我试图提出这个堆栈时,我得到:
Invalid security group , groupId=, groupName= sg-a381fdc6.
编辑1:阅读更多建议我需要AWS :: RDS :: DBSecurityGroup与我的VPC相关联,所以我改为:
"DBSecurityGroup": {
"Type": "AWS::RDS::DBSecurityGroup",
"Properties": {
"EC2VpcId" : { "Ref" : "VpcId" },
"DBSecurityGroupIngress": { "EC2SecurityGroupName": { "Ref": "InstanceSecurityGroup"} },
"GroupDescription" : "Frontend Access"
}
}
当我拿起筹码时,我得到了
请参阅授权DBSecurityGroup ingress的文档.对于VPC,需要EC2SecurityGroupId.要仅授权此请求的源地址(而不是其他地址),请将205.251.233.35/32作为CIDRIP参数传递.
EC2SecurityGroupId是安全组的ID,而不是它的名称,并且该ID是在我的控件之外分配的,所以我不知道要放在这里的值.
如何在VPC上下文中将我的AWS :: EC2 :: DBSecurityGroup连接到我的AWS :: RDS :: DBSecurityGroup?
问题是你{ "Ref": "InstanceSecurityGroup"}的id不仅仅是名字.要获得EC2SecurityGroupId的使用权限Fn::GetAtt.
您的DBSecurityGroup模板应如下所示(请注意Ref如何被Fn :: GetAtt替换:
"DBSecurityGroup": {
"Type": "AWS::RDS::DBSecurityGroup",
"Properties": {
"EC2VpcId" : { "Ref" : "VpcId" },
"DBSecurityGroupIngress": { "EC2SecurityGroupId": { "Fn::GetAtt" : [ "InstanceSecurityGroup", "GroupId" ] } },
"GroupDescription" : "Frontend Access"
}
| 归档时间: |
|
| 查看次数: |
1442 次 |
| 最近记录: |