Reputation: 317
AWS Cloudformation: Use existing SG Cidr Range, but different Port Number
So I have a Cloudformation template to make multiple security groups for several different RDS instances. Each different type of DB instance has a different port number like (1321 or 3309, etc.) but all have the same CidrIP range for the same service (Splunk) which exists in another Security group.
If I ever move my external service like SPlunk to a different Cidr block - I want to be able to update one place and not like 30 different security groups.
Any way to only pull IP range from an existing security group in Cloudformation?
Upvotes: 0
Views: 234
Answers (1)
Reputation: 13640
There is no way to get a cidr block from a security group resource. You can see the supported return values here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#w2ab2c21c10d476c15
Instead, pass the service CIDR block as a parameter to your template, and reference it in the required security groups.
Updating the stack parameter at any time and cloudformation will update all the security groups as needed.
Upvotes: 0
Related Questions
- How do I add a cloudformation security group ingress rule that refers to another security group?
- Cloudformation template(JSON) for security group with 50 CIDR IPs (Ingress)
- Cloudformation Security Group configuration using list
- AWS CloudFormation use existing security group
- AWS CloudFormation VPC CIDR assign to Security Group
- How to specify my IP when creating a Security Group in CloudFormation?
- How to specify all ports in Security group - CloudFormation
- What it is the proper syntax for opening multiple ports in security group with CloudFormation
- How to use an EC2 ip address in a Security Group inside cloudformation
- Security group sg-xxxxx and subnet subnet-xxxxx belong to different networks