6 
 "dbxSG": 
    {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": 
      {
        "GroupDescription": "Enable dbX Access",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": "22",
            "ToPort": "22",
            "CidrIp": "0.0.0.0/0"
          }
        ]
      }
    },
    "dbxSGIngress" : 
    {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": 
      {
        "GroupName": { "Ref": "dbxSG" },
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "SourceSecurityGroupName": { "Ref": "dbxSG" }
      }
    },

如何在上面的 json 文件中添加多个安全组名称?“dbxSG”名称多次引用。我想再添加一个具有新名称的安全组。我该如何添加它?

4

1 回答 1

4

是的,您可以在使用 CloudFormation 创建时将多个安全组附加到一个 EC2 实例。下面是完成它的示例 json。我已将 WebSubnetSG 和 AppSubnetSG 附加到 EC2 实例。

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Multiple Security Groups - Demo",
  "Resources" : {
  "VPC": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "10.0.0.0/16" ,
        "Tags": [
          {
            "Key": "Name",
            "Value": "Multi Security Group"
          }
        ]
      }
    },
    "WebSubnet": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "CidrBlock": "10.0.10.0/24",
        "Tags": [
          {
            "Key": "Application",
            "Value": "Multi SG Subnet"
          }]
      }
    },
    "WebServerSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "SG for the Web Server",
        "VpcId": {
          "Ref": "VPC"
        },
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "SecurityGroupIngress" : [
            {
            "IpProtocol": "tcp",
            "CidrIp": "0.0.0.0/0",
            "FromPort": "80",
            "ToPort": "80"
          },
          {
            "IpProtocol": "tcp",
            "CidrIp": "0.0.0.0/0",
            "FromPort": "443",
            "ToPort": "443"
          }
        ]
      }
    },
    "AppServerSGIngress": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Ref": "AppServerSG"
        },
        "IpProtocol": "tcp",
        "CidrIp": "0.0.0.0/0",
        "FromPort" : "9090",
        "ToPort" : "9090"
      }
    },
    "AppServerSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "SG for the App Server",
        "VpcId": {
          "Ref": "VPC"
        },
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "SecurityGroupIngress" : [
            {
            "IpProtocol": "tcp",
            "CidrIp": "0.0.0.0/0",
            "FromPort": "8080",
            "ToPort": "8080"
          }
        ]
      }
    },
    
    "MultiSGInstance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": "ami-12345678",
        "KeyName": "your-key-pair",
        "SecurityGroupIds": [
          {
            "Ref": "WebServerSG"
          },
          {
            "Ref": "AppServerSG"
          }
        ],
        "InstanceType": "t2.micro",
        "SubnetId": {
          "Ref": "WebSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "MultiSG"
          }
        ]
      }
    }
  },
  "Outputs" : {}
 }
于 2015-02-17T07:33:59.910 回答