Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to specify source security group Id in AWS CDK?

Tags:

python

amazon-web-services

aws-cdk

aws-cloudformation

Hi I am working on AWS CDK. I am writing security group templates. I am able to write it in Cloud formation. Now I am writing it in AWS CDK. I dint get any example for including source security group. Below is my cloud formation template wrote earlier.

Resources:
  MerchWebServicesSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      Tags:
        - Key: "Name"
          Value: !Ref "AWS::StackName"
      GroupDescription: "EC2 Services Security Group"
      VpcId:
        Fn::ImportValue: "infra-vpc-base::VpcId"
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: "80"
          ToPort: "80"
          SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
        - IpProtocol: tcp
          FromPort: "443"
          ToPort: "443"
          SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup
        - IpProtocol: tcp
          FromPort: 31000
          ToPort: 65535
          SourceSecurityGroupId: !Ref MerchWebServicesLoadBalancerSecurityGroup

  MerchWebServicesLoadBalancerSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      Tags:
        -
          Key: "Name"
          Value: !Ref "AWS::StackName"
      GroupDescription: "MerchWebServices ALB Group"
      VpcId:
        Fn::ImportValue: "infra-vpc-base::VpcId"
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: '172.30.1.0/15'

In the above template I have created SG MerchWebServicesSecurityGroup and I have specified SourceSecurityGroupId as another SG MerchWebServicesLoadBalancerSecurityGroup. 

        #create SG MerchWebServicesLoadBalancerSecurityGroup
        mws_vpc_sg_alb  = ec2.SecurityGroup(self,"MerchWebServicesLoadBalancerSecurityGroup",
        description = "MerchWebServices ALB Group",
        security_group_name = "MerchWebServicesLoadBalancerSecurityGroup",
        vpc= vpc);

        mws_vpc_sg_alb.add_ingress_rule(peer = ec2.Peer.ipv4('172.30.0.0/15'), connection = ec2.Port.tcp(80));

        #create SG MerchWebServicesSecurityGroup
        mws_vpc_sg = ec2.SecurityGroup(self,"MerchWebServicesSecurityGroup",
        description="EC2 Services Security Group",
        security_group_name="MerchWebServicesSecurityGroup",
        vpc = vpc);
        mws_vpc_sg.add_ingress_rule(peer = ec2.Peer.ipv4(mws_vpc_sg_alb), connection = ec2.Port.tcp(80));

In the above code I am trying to create SG MerchWebServicesSecurityGroup and below I am adding ingress rules

mws_vpc_sg.add_ingress_rule(peer = ec2.Peer.ipv4(mws_vpc_sg_alb), connection = ec2.Port.tcp(80));

Here instead of specifying Cidr block I want to specify SourceSecurityGroupId. In AWS CDK I am not sure how to use Ref and include SourceSecurityGroupId. Can someone help me to complete this? Any help would be appreciated. Thanks

like image 724
Niranjan Avatar asked Dec 06 '25 05:12

Niranjan

1 Answers

ec2.SecurityGroup implements IPeer interface, therefore the security group itself can be used as a peer.

mws_vpc_sg_alb.add_ingress_rule(
     peer=mws_vpc_sg_alb,
     connection=ec2.Port.tcp(80),
     description='ALB access'
)
like image 165
Vikyol Avatar answered Dec 08 '25 18:12

Vikyol
Sign in to Comment

Related questions

Python- get last 2 characters of a string
TypeError: an integer is required (got type datetime.datetime) when trying to convert a datetime object within a dictionary to a string
Is there an function that gives practical information about a dataframe?
Annotate existing model objects in Django
Why does PyQt sometimes crash on exit?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!