Reputation: 129
How to Remove or update a specific rule in AWS Security group?
Using cloud formation, I would like to update rules in existing security group or delete the old rule and add a new rule. Is it possible?
For eg., if the SG has the below rule
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
I would like to update the CIDRIP to 10.0.0.0/8 or remove the above rule and insert a new rule with CIDRIP 10.0.0.0/8. Is it possible?
I was able to update the existing security group using AWS::EC2::SecurityGroupIngress and add a new line. However, the old rule with CIDRIP 0.0.0.0/0 still exists and unable to remove it through cloud formation.
Upvotes: 0
Views: 1363
Answers (1)
Reputation: 269826
Amazon CloudFormation is a service for creating resources. It builds a stack of resources based on a template.
CloudFormation is not a service intended to modify existing resources.
It is possible to add things to existing resources where resources refer to each other (eg a rule on a security group), but it is not possible to delete or modify resources created outside of the stack itself.
Upvotes: 1
Related Questions
- How do I add a cloudformation security group ingress rule that refers to another security group?
- Is it possible to delete the aws Security Group Default Egress allow all Rule with Cloudformation?
- Edit Default Security Group created by aws for AWS Active Directory via cloudformation
- Adding rule to the security group which is created automatically
- AWS Cloudformation - Add condition to security group egress rule
- AWS Cloudformation: Security Group Rule to allow all egress
- Revoke all AWS security group ingress rules
- How to destroy rules in a Terraform managed default security group?
- Adding multiple SecurityGroupIngress rules
- AWS - Changing Security Group Rules