如何向安全组资源中的 SecurityGroupIngress 规则添加条件?例如,如果环境参数设置为“prod”,它将同时打开端口 80 和 443,但如果设置为“test”,它将仅打开端口 80。
示例模板:
AWSTemplateFormatVersion: 2010-09-09
Parameters:
EnvType:
Description: Environment type.
Default: test
Type: String
AllowedValues:
- prod
- test
ConstraintDescription: must specify prod or test.
Conditions:
CreateProdResources: !Equals
- Ref: EnvType
- prod
Resources:
WebSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Web server
GroupName: web
VpcId: vpc-abc01234
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
最佳答案
您已经定义了所需的条件,现在您可以使用内在 If函数和 NoValue伪参数:
WebSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Web server
GroupName: web
VpcId: vpc-abc01234
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- !If
- CreateProdResources
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0
- !Ref AWS::NoValue
关于amazon-web-services - AWS Cloudformation - 向安全组导出规则添加条件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71924767/