在 Troposphere 中设置 DBSecurityGroupIngress
Setting DBSecurityGroupIngress in Troposphere
想要将多个 CIDRIp 添加到我的数据库安全组
错误:
CidrIp=Ref(AppSecurityGroup)),
TypeError: __init__() takes at least 2 arguments (1 given)
我认为这很容易,但我被困在这里并感到困惑。
DBSecurityGroup = t.add_resource(
rds.DBSecurityGroup(
'DBSecurityGroup',
GroupDescription='Enable access on the inbound port',
DBSecurityGroupIngess=[
rds.DBSecurityGroup(
IpProtocol='tcp',
FromPort='3306',
ToPort='3306',
CidrIp=Ref(AppSecurityGroup)),
rds.DBSecurityGroup(
IpProtocol='tcp',
FromPort='3306',
ToPort='3306',
CidrIp=Ref(CalcSecurityGroup)),
rds.DBSecurityGroup(
IpProtocol='tcp',
FromPort='3306',
ToPort='3306',
CidrIp=Ref(CIDRSupport))],
VpcId=Ref(VPC),
Tags=Tags(
Name=Join("", [Ref("AWS::StackName"), "-DB-SG"]),
)
))
现在我需要在 6379 端口上入站到 Calc-SG、App-SG 和 CIDRSupport。
如何在 SG 中定义它?
您正在解决 属性 CidrIp DBSecurityGroup class 没有的问题。此 class 定义为:
class RDSSecurityGroup(AWSProperty):
props = {
'CIDRIP': (basestring, False),
'EC2SecurityGroupId': (basestring, False),
'EC2SecurityGroupName': (basestring, False),
'EC2SecurityGroupOwnerId': (basestring, False),
}
class DBSecurityGroup(AWSObject):
resource_type = "AWS::RDS::DBSecurityGroup"
props = {
'EC2VpcId': (basestring, False),
'DBSecurityGroupIngress': (list, True),
'GroupDescription': (basestring, True),
'Tags': ((Tags, list), False),
}
来自源代码here.
您想说的是:
DBSecurityGroup = t.add_resource(
rds.DBSecurityGroup(
"DBSecurityGroup",
GroupDescription="Enable access on the inbound port",
DBSecurityGroupIngress=[
rds.RDSSecurityGroup(EC2SecurityGroupId=Ref(AppSecurityGroup)),
rds.RDSSecurityGroup(EC2SecurityGroupId=Ref(CalcSecurityGroup)),
rds.RDSSecurityGroup(EC2SecurityGroupId=Ref(CIDRSupport))],
EC2VpcId=Ref(VPC),
Tags=Tags(
Name=Join("", [Ref("AWS::StackName"), "-DB-SG"]),
)
))
我会注意到对流层的 RDSSecurityGroup 对应于“RDS Security Group Rule”。命名不一致令人困惑。
想要将多个 CIDRIp 添加到我的数据库安全组 错误:
CidrIp=Ref(AppSecurityGroup)),
TypeError: __init__() takes at least 2 arguments (1 given)
我认为这很容易,但我被困在这里并感到困惑。
DBSecurityGroup = t.add_resource(
rds.DBSecurityGroup(
'DBSecurityGroup',
GroupDescription='Enable access on the inbound port',
DBSecurityGroupIngess=[
rds.DBSecurityGroup(
IpProtocol='tcp',
FromPort='3306',
ToPort='3306',
CidrIp=Ref(AppSecurityGroup)),
rds.DBSecurityGroup(
IpProtocol='tcp',
FromPort='3306',
ToPort='3306',
CidrIp=Ref(CalcSecurityGroup)),
rds.DBSecurityGroup(
IpProtocol='tcp',
FromPort='3306',
ToPort='3306',
CidrIp=Ref(CIDRSupport))],
VpcId=Ref(VPC),
Tags=Tags(
Name=Join("", [Ref("AWS::StackName"), "-DB-SG"]),
)
))
现在我需要在 6379 端口上入站到 Calc-SG、App-SG 和 CIDRSupport。
如何在 SG 中定义它?
您正在解决 属性 CidrIp DBSecurityGroup class 没有的问题。此 class 定义为:
class RDSSecurityGroup(AWSProperty):
props = {
'CIDRIP': (basestring, False),
'EC2SecurityGroupId': (basestring, False),
'EC2SecurityGroupName': (basestring, False),
'EC2SecurityGroupOwnerId': (basestring, False),
}
class DBSecurityGroup(AWSObject):
resource_type = "AWS::RDS::DBSecurityGroup"
props = {
'EC2VpcId': (basestring, False),
'DBSecurityGroupIngress': (list, True),
'GroupDescription': (basestring, True),
'Tags': ((Tags, list), False),
}
来自源代码here.
您想说的是:
DBSecurityGroup = t.add_resource(
rds.DBSecurityGroup(
"DBSecurityGroup",
GroupDescription="Enable access on the inbound port",
DBSecurityGroupIngress=[
rds.RDSSecurityGroup(EC2SecurityGroupId=Ref(AppSecurityGroup)),
rds.RDSSecurityGroup(EC2SecurityGroupId=Ref(CalcSecurityGroup)),
rds.RDSSecurityGroup(EC2SecurityGroupId=Ref(CIDRSupport))],
EC2VpcId=Ref(VPC),
Tags=Tags(
Name=Join("", [Ref("AWS::StackName"), "-DB-SG"]),
)
))
我会注意到对流层的 RDSSecurityGroup 对应于“RDS Security Group Rule”。命名不一致令人困惑。