想要将多个 CIDRIp 添加到我的数据库安全组 错误:
CidrIp=Ref(AppSecurityGroup)),
TypeError: __init__() takes at least 2 arguments (1 given)
我认为这很容易,但我被困在这里并且很困惑。
DBSecurityGroup = t.add_resource(
rds.DBSecurityGroup(
'DBSecurityGroup',
GroupDescription='Enable access on the inbound port',
DBSecurityGroupIngess=[
rds.DBSecurityGroup(
IpProtocol='tcp',
FromPort='3306',
ToPort='3306',
CidrIp=Ref(AppSecurityGroup)),
rds.DBSecurityGroup(
IpProtocol='tcp',
FromPort='3306',
ToPort='3306',
CidrIp=Ref(CalcSecurityGroup)),
rds.DBSecurityGroup(
IpProtocol='tcp',
FromPort='3306',
ToPort='3306',
CidrIp=Ref(CIDRSupport))],
VpcId=Ref(VPC),
Tags=Tags(
Name=Join("", [Ref("AWS::StackName"), "-DB-SG"]),
)
))
现在我需要入站到 6379 端口上的 Calc-SG、App-SG 和 CIDRSupport。
如何在 SG 中定义它?
最佳答案
您正在寻址 DBSecurityGroup 类没有的属性 CidrIp。该类定义为:
class RDSSecurityGroup(AWSProperty):
props = {
'CIDRIP': (basestring, False),
'EC2SecurityGroupId': (basestring, False),
'EC2SecurityGroupName': (basestring, False),
'EC2SecurityGroupOwnerId': (basestring, False),
}
class DBSecurityGroup(AWSObject):
resource_type = "AWS::RDS::DBSecurityGroup"
props = {
'EC2VpcId': (basestring, False),
'DBSecurityGroupIngress': (list, True),
'GroupDescription': (basestring, True),
'Tags': ((Tags, list), False),
}
来自源码here .
你想说的是:
DBSecurityGroup = t.add_resource(
rds.DBSecurityGroup(
"DBSecurityGroup",
GroupDescription="Enable access on the inbound port",
DBSecurityGroupIngress=[
rds.RDSSecurityGroup(EC2SecurityGroupId=Ref(AppSecurityGroup)),
rds.RDSSecurityGroup(EC2SecurityGroupId=Ref(CalcSecurityGroup)),
rds.RDSSecurityGroup(EC2SecurityGroupId=Ref(CIDRSupport))],
EC2VpcId=Ref(VPC),
Tags=Tags(
Name=Join("", [Ref("AWS::StackName"), "-DB-SG"]),
)
))
我会注意到 Troposphere 的 RDSSecurityGroup 对应于“RDS Security Group Rule ”。命名的不一致令人困惑。
关于amazon-web-services - 在对流层中设置 DBSecurityGroupIngress,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54474426/