user10146200
Reputation:
What is the CidrIp in Security groups
I am creating a self ingress rule in a security group. I have created a CloudFormation template for the security groups, but I couldn't understand what is the CidrIp that I need to give here:
"SelfIngress1": [
{
"IpProtocol" : "tcp",
"FromPort" : "7600",
"ToPort" : "7600",
"CidrIp" : "10.0.0.0/1"
},
What is the CidrIp that I have to provide here? Do I have to get it from the subnet where the VPC associates?
Upvotes: 6
Views: 7232
Answers (1)
John Rotenstein
Reputation: 269091
From AWS::EC2::SecurityGroupIngress - AWS CloudFormation:
CidrIp
An IPv4 CIDR range.
For an overview of CIDR ranges, go to the Wikipedia Tutorial.
That field defines the IP address range (in CIDR notation) that is permitted to send inbound traffic through the security group.
Your security group is permitting inbound traffic on port 7200, but it also needs an IP address range, such as:
0.0.0.0/0means from the whole Internet11.22.33.44/32means only from11.22.33.4410.5.2.0/24means only from10.5.2.x(with anything as the last number)
Upvotes: 15
Related Questions
- What is meant by "Security Groups are stateful"?
- self referencing aws security groups
- EC2 Security Groups: Allow access from one group to another group
- Why specify cidr range in Inbound IP address for aws security groups
- Understanding the Source property on AWS Security Groups
- At what OSI layer do AWS Security Groups operate?
- How to find Security Group ID in ec2 metadata?
- AWS: Configuring Security Groups using hostname
- What does protocol -1 on AWS security group egress mean?
- Understanding EC2 Security Groups