amazon-web-services - 私有子网的 EMR 安全组的 Cloud Formation

Question

创建 EMR 安全组 CloudFormation 模板

创建主安全性
核心和任务安全
服务访问安全

尝试通过 CloudFormation 创建 EMR 安全组。但是 CloudFormation 有问题。但最后，获得 CloudFormation。

### Private subnet for emr security group
---
AWSTemplateFormatVersion: "2010-09-09"
Description: Template for SecurityGroup(CC-DxVPC).

Mappings:
  "account-id":
    "region":
      VPC: vpc-id
  "account-is":
    "region":
      VPC: vpc-id
# MasterSecurity rules
Resources:
  MasterSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: EMR-MASTER-CF
      GroupDescription: Security group emr
      VpcId: !FindInMap [!Ref "AWS::AccountId", !Ref "AWS::Region", VPC]
  MasterSecurityGroupIngress1:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: 0
      IpProtocol: tcp
      ToPort: 65535
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  MasterSecurityGroupIngress2:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: 0
      IpProtocol: tcp
      ToPort: 65535
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  MasterSecurityGroupIngress3:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: 0
      IpProtocol: udp
      ToPort: 65535
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  MasterSecurityGroupIngress4:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: 0
      IpProtocol: udp
      ToPort: 65535
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  MasterSecurityGroupIngress5:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: -1
      IpProtocol: icmp
      ToPort: -1
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  MasterSecurityGroupIngress6:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: -1
      IpProtocol: icmp
      ToPort: -1
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  MasterSecurityGroupIngress7:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref MasterSecurityGroup
      FromPort: 443
      IpProtocol: tcp
      ToPort: 443
      SourceSecurityGroupId: !Ref ServiceAccessSecurityGroup

#Coreandtask security group rule

  CoreandTaskSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: EMR-CORE-CF
      GroupDescription: Security group emr
      VpcId: !FindInMap [!Ref "AWS::AccountId", !Ref "AWS::Region", VPC]
  CoreandTaskSecurityGroupIngress1:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: 0
      IpProtocol: tcp
      ToPort: 65535
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  CoreandTaskSecurityGroupIngress2:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: 0
      IpProtocol: tcp
      ToPort: 65535
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  CoreandTaskSecurityGroupIngress3:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: 0
      IpProtocol: udp
      ToPort: 65535
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  CoreandTaskSecurityGroupIngress4:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: 0
      IpProtocol: udp
      ToPort: 65535
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  CoreandTaskSecurityGroupIngress5:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: -1
      IpProtocol: icmp
      ToPort: -1
      SourceSecurityGroupId: !Ref CoreandTaskSecurityGroup

  CoreandTaskSecurityGroupIngress6:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: -1
      IpProtocol: icmp
      ToPort: -1
      SourceSecurityGroupId: !Ref MasterSecurityGroup

  CoreandTaskSecurityGroupIngress7:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref CoreandTaskSecurityGroup
      FromPort: 443
      IpProtocol: tcp
      ToPort: 443
      SourceSecurityGroupId: !Ref ServiceAccessSecurityGroup

# service access rules
  ServiceAccessSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: EMR-SERVICE-CF
      GroupDescription: Security group emr
      VpcId: !FindInMap [!Ref "AWS::AccountId", !Ref "AWS::Region", VPC]
  ServiceAccessSecurityGroupEgress1:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      GroupId: !Ref ServiceAccessSecurityGroup
      FromPort: 443
      IpProtocol: tcp
      ToPort: 443
      DestinationSecurityGroupId: !Ref CoreandTaskSecurityGroup

  ServiceAccessSecurityGroupEgress2:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      GroupId: !Ref ServiceAccessSecurityGroup
      FromPort: 443
      IpProtocol: tcp
      ToPort: 443
      DestinationSecurityGroupId: !Ref MasterSecurityGroup

  ServiceAccessSecurityGroupEgress3:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      GroupId: !Ref ServiceAccessSecurityGroup
      FromPort: 8443
      IpProtocol: tcp
      ToPort: 8443
      DestinationSecurityGroupId: !Ref CoreandTaskSecurityGroup

  ServiceAccessSecurityGroupEgress4:
    Type: AWS::EC2::SecurityGroupEgress
    Properties:
      GroupId: !Ref ServiceAccessSecurityGroup
      FromPort: 8443
      IpProtocol: tcp
      ToPort: 8443
      DestinationSecurityGroupId: !Ref MasterSecurityGroup

amazon-web-services - 私有子网的 EMR 安全组的 Cloud Formation

0 回答 0

Related

Reference