在Cloudformation中,是否可以添加如下例中的安全组描述?
我在文档 (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-rule.html) 中看到,但我从未见过 1 个官方示例对 IP 规则的描述,仅适用于GroupDescription
.我发现这非常有用,因为它有助于识别 IP 所指的内容。那么,例如,这些示例代码段是否有效?
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access via port 22",
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : 22,
"ToPort" : 22,
"CidrIp" : "0.0.0.0/0",
"Description" : "some description" <<<<<<<<<here
} ]
}
}
其他例子
LoadBalancerSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Join ['-', [!Ref 'StackName', 'LoadBalancerSG']]
GroupDescription: Access to the load balancer
VpcId:
Fn::ImportValue: 'VpcID'
SecurityGroupIngress:
- IpProtocol: tcp
Description: 'this IP is ...' <<<<< here
CidrIp: 10.5.0.0/14
FromPort: '80'
ToPort: '80'
- IpProtocol: tcp
Description: 'this other IP is ...' <<<<<< here
CidrIp: 10.5.0.0/14
FromPort: '8080'
ToPort: '8080'
"SecurityGroupIngress": [{
"IpProtocol": "tcp",
"CidrIp": "aa.xx.yy.zz/32",
"FromPort": "0000",
"ToPort": "0000"
}, {
"IpProtocol": "tcp",
"CidrIp": "bb.xx.yy.zz/32",
"FromPort": "0000",
"ToPort": "0000"
}, {
"IpProtocol": "tcp",
"Description": "ELB-EC2",
"SourceSecurityGroupId": "sg-nnnnnnnnnnnnn",
"FromPort": "000",
"ToPort": "000"
}
],
出于安全目的,实际值已更改,但除此之外,这是一个工作模板