Joh*_*ner 3 amazon-web-services aws-cloudformation
我的 yaml 模板中有以下安全组。我想让“SecurityGroupApplication”安全组允许来自“SecurityGroupBastion”的传入连接。然而,aws 客户端的验证模板功能告诉我一些无用的信息,例如“不受支持的结构”。好吧,但是这个结构有什么问题吗?有想法吗?
Resources:
SecurityGroupBastion:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Bastion security group
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
IpProtocol: tcp
FromPort: 22
ToPort: 22
VpcId: !Ref vpcId
SecurityGroupApplication:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Application security group
SecurityGroupIngress:
- SourceSecurityGroupId: !Ref SecurityGroupBastion
IpProtocol: tcp
您的模板非常适合我,只是我必须指定应用程序安全组的端口:
Resources:
SecurityGroupBastion:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Bastion security group
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
IpProtocol: tcp
FromPort: 22
ToPort: 22
VpcId: vpc-abcd1234
SecurityGroupApplication:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Application security group
SecurityGroupIngress:
- SourceSecurityGroupId: !Ref SecurityGroupBastion
IpProtocol: tcp
FromPort: 22
ToPort: 22
| 归档时间: |
|
| 查看次数: |
7165 次 |
| 最近记录: |