RDS 安全组入口规则
RDS Security Groups Ingress rule
我正在处理包含 RDS 数据库的 CloudFormation 模板,我想将安全组附加到 RDS。有一个资源 AWS::RDS::DBSecurityGroup where I would like to write my own Ingress Rules which allows MySQL traffic from the front end instances by attaching this resource AWS::RDS::DBSecurityGroupIngress 但是,它没有显示 "FromPort" 、 "ToPort" 、 "Protocol" 等任何属性。
我不确定上面列出的属性是否支持。
来自Working with DB Security Groups:
A DB security group controls network access to a DB instance that is not inside a VPC.
如果您使用的是 VPC(应该始终如此,除非您在多年前设置系统),您应该使用 AWS::EC2::SecurityGroup 来控制安全性。它您想要的属性,例如:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Allow http to client host",
"VpcId" : {"Ref" : "myVPC"},
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}],
"SecurityGroupEgress" : [{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}]
}
}
我正在处理包含 RDS 数据库的 CloudFormation 模板,我想将安全组附加到 RDS。有一个资源 AWS::RDS::DBSecurityGroup where I would like to write my own Ingress Rules which allows MySQL traffic from the front end instances by attaching this resource AWS::RDS::DBSecurityGroupIngress 但是,它没有显示 "FromPort" 、 "ToPort" 、 "Protocol" 等任何属性。
我不确定上面列出的属性是否支持。
来自Working with DB Security Groups:
A DB security group controls network access to a DB instance that is not inside a VPC.
如果您使用的是 VPC(应该始终如此,除非您在多年前设置系统),您应该使用 AWS::EC2::SecurityGroup 来控制安全性。它您想要的属性,例如:
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Allow http to client host",
"VpcId" : {"Ref" : "myVPC"},
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}],
"SecurityGroupEgress" : [{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
}]
}
}