我正在為具有超過 50 個 CIDR IP 的入口規則的安全組創建云形成模板。在引數中,我對多個 CIDR IP 使用了 Commadelimited 串列。是否可以在單個代碼中包含多個 CidrIps,而不是在 SecurityGroupIngress 中為每個 CIDR IP 創建單獨的值。
{
"IpProtocol" : "tcp",
"CidrIp" : "54.183.255.128/26",
"FromPort" : "443",
"ToPort" : "443"
},
{
"IpProtocol" : "tcp",
"CidrIp" : "54.228.16.0/26",
"FromPort" : "443",
"ToPort" : "443"
},
{
"IpProtocol" : "tcp",
"CidrIp" : "54.232.40.64/26",
"FromPort" : "443",
"ToPort" : "443"
},
{
"IpProtocol" : "tcp",
"CidrIp" : "54.241.32.64/26",
"FromPort" : "443",
"ToPort" : "443"
},
我想使用的模板如下。但在這里我只能獲得 1 個位置的 CIDR IP。
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "HTTPS - Security Group",
"Parameters": {
"VPC": {
"Type": "AWS::EC2::VPC::Id",
"Description": "VPC where the Security Group will belong"
},
"Name": {
"Type": "String",
"Description": "Name Tag of the Security Group"
},
"DbSubnetIpBlocks": {
"Description": "Comma-delimited list of CIDR blocks",
"Type": "CommaDelimitedList"
}
},
"Resources": {
"MySG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": {
"Ref": "Description"
},
"VpcId": {
"Ref": "VPC"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"CidrIp": {
"Fn::Select": [
"1",
{
"Ref": "DbSubnetIpBlocks"
}
]
},
"FromPort": "443",
"ToPort": "443"
}
]
}
}
},
"Outputs": {
"SecurityGroupID": {
"Description": "Security Group ID",
"Value": {
"Ref": "MySG"
}
}
uj5u.com熱心網友回復:
可悲的是它不可能。一個安全組 (SG) 規則僅適用于一個 CIDR 范圍。
SG 中有60條規則的限制,您可以請求增加該限制。
盡管單個 SG 規則可以參考單個 CIDR,但您可以創建 CloudFormation宏或自定義資源來自動為您創建所有這些規則。
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/367701.html