Home > Enterprise >  Using cloudformation, I want to give default security group and SSH security group as the security g
Using cloudformation, I want to give default security group and SSH security group as the security g

Time:01-22

I am using cloudformation to build the infrastructure.

I want to give default security group and SSH security group as the security group of the instance.

There are Network.yaml, Security.yaml, Application.yaml files.

This is part of Network.yaml.

SampleVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      Tags:
        - Key: Name
          Value: sample-vpc

This is part of Security.yaml.

Resources:
 BastionSecurityGroup:
  Type: AWS::EC2::SecurityGroup
  Properties:
   GroupName: sample-sg-bastion
   GroupDescription: for bastion
   VpcId: !ImportValue vpc-id
   SecurityGroupIngress:
   - CidrIp: 10.10.10.10/32
     FromPort: 22
     IpProtocol: tcp
     ToPort: 22
   Tags:
    - Key: Name
      Value: sample-sg-bastion
Outputs:
  BastionSecurityGroup:
    Description: The Security Group for bastion instance
    Value: !Ref BastionSecurityGroup
    Export:
      Name: Bastion-sg-id

This is part of Application.yaml.

Resources:
  BastionEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      KeyName: !Ref KeyName
      #DisableApiTermination: 
      ImageId: !FindInMap [AWSRegionAMI, !Ref 'AWS::Region', HVM64]
      InstanceType: t2.micro
      #Monitoring: true|false
      NetworkInterfaces:
        - AssociatePublicIpAddress: true
          SubnetId: !ImportValue pubsubnet-01a-id
          DeviceIndex: 0
          GroupSet:
           - !ImportValue Bastion-sg-id
           - ###I want to set DefaultSecurityGroup###
      UserData: !Base64 |
        #!/bin/bash -ex
        # put your script here
      Tags:
        - Key: Name
          Value: sample-ec2-bastion

What should I do if I want to attach a default security group to an instance?

########## Modified ############

It worked well!! I appreciate Allan's support.

I added this code to Network.yaml.

DefaultNetworkSG:
    Value:
     !GetAtt SampleVPC.DefaultSecurityGroup
    Export:
      Name: default-sg-id

I added this code to Application.yaml.

  NetworkInterfaces:
    - AssociatePublicIpAddress: true
      SubnetId: !ImportValue pubsubnet-01a-id
      DeviceIndex: 0
      GroupSet:
       - !ImportValue Bastion-sg-id
       - !ImportValue default-sg-id

CodePudding user response:

You just need to add the security group's ID in the list of attached SGs on the EC2's definition, you can do this by exporting the ID of the security group from the security.yaml and importing it from the application.yaml

Network.yaml

  SampleVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: true
      Tags:
        - Key: Name
          Value: sample-vpc
Outputs:
  DefaultNetworkSG:
    Value:
     !GetAtt SampleVPC.DefaultSecurityGroup

Security.yaml

Outputs:
  BastionSecurityGroupID:
    Value:
      Ref: BastionSecurityGroup

Application.yaml

  BastionEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      SecurityGroupIds:
      - !ImportValue: BastionSecurityGroupID
      - !ImportValue: DefaultNetworkSG

Page link:https//www.codepudding.com/Enterprise/272351.html

Prev:How can I tell Terraform that it should deploy a completely separate API Gateway based on input vari
Next:Cannot find HttpApi construct in CDK v2
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding