Bhargav Teja
Reputation: 451
Adding multiple SecurityGroupIngress rules
I am trying to create circular dependency security groups. So, first I am creating two security groups. Then I am trying to add inbound rules. But I am unable to add multiple rules for Inbound rules.
"SecurityGroup01": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SecurityGroup01",
"VpcId": { "Ref": "VPCID" },
"SecurityGroupEgress": [
{ "IpProtocol": "tcp", "FromPort": "1", "ToPort": "65535", "CidrIp": "0.0.0.0/0" },
{ "IpProtocol": "icmp", "FromPort": "8", "ToPort": "-1", "CidrIp": "0.0.0.0/0" }
],
"Tags": [
{ "Key": "Name", "Value": "SG01" }
]
}
},
"SecurityGroup02": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SecurityGroup02",
"VpcId": {
"Ref": "VPCID"
},
"SecurityGroupEgress": [
{ "IpProtocol": "tcp", "FromPort": "1", "ToPort": "65535", "CidrIp": "0.0.0.0/0" },
{ "IpProtocol": "icmp", "FromPort": "8", "ToPort": "-1", "CidrIp": "0.0.0.0/0" }
],
"Tags": [
{ "Key": "Name", "Value": "SG02" }
]
}
},
"SG01InboundRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": { "Ref": "LocalIPAddress" },
"DestinationSecurityGroupId": { "Fn::GetAtt": [ "SecurityGroup02", "GroupId" ] },
"GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
}
}
Expected Result Add multiple rules
"SG01InboundRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": [
"IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": { "Ref": "LocalIPAddress" }, "GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
"IpProtocol": "tcp", "FromPort": "4200", "ToPort": "4200", "CidrIp": { "Ref": "LocalIPAddress" }, "GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
]
}
Upvotes: 1
Views: 2577
Answers (1)
WarrenG
Reputation: 1850
The resource AWS::EC2::SecurityGroupIngress only contains one rule, but you can create multiple of AWS::EC2::SecurityGroupIngress and attach them to the same security group.
So you would have:
"SG01InboundRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"IpProtocol": "tcp", "FromPort": "3389", "ToPort": "3389", "CidrIp": { "Ref": "LocalIPAddress" },
"DestinationSecurityGroupId": { "Fn::GetAtt": [ "SecurityGroup02", "GroupId" ] },
"GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
}
}
"SG02InboundRule": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"IpProtocol": "tcp", "FromPort": "4200", "ToPort": "4200", "CidrIp": { "Ref": "LocalIPAddress" },
"DestinationSecurityGroupId": { "Fn::GetAtt": [ "SecurityGroup02", "GroupId" ] },
"GroupId": { "Fn::GetAtt": [ "SecurityGroup01", "GroupId" ] }
}
}
Upvotes: 2
Related Questions
- How do I add a cloudformation security group ingress rule that refers to another security group?
- AWS Cloudformation - Add condition to security group egress rule
- Creating multiple SecurityGroups / Rules in AWS using Terraform
- Cloudformation Security Group configuration using list
- How to add multiple security groups and group names in cloudformation using template?
- AWS Cloudformation: Security Group Rule to allow all egress
- Add a parameterized list of security groups to another security group's ingress
- How correctly externalize SecurityGroupEgress and SecurityGroupIngress in CloudFormation
- Cloudformation: create aws security group referencing another security group
- Cloud Formation template add ingress rule to existing security group