I'm trying to add an ingress rule to a Security Group via the AWS CDK using Python. As per the documentation here - there's a method add_ingress_rule() on the Class aws_cdk.aws_ec2.
However - when I try to deploy the stack, I get the following error :
AttributeError: 'method' object has no attribute 'jsii__type' Subprocess exited with error 1
Security Group Code snippet below-
sg_elb = ec2.SecurityGroup(
self,
id = "sg_elb",
vpc = vpc,
security_group_name = "sg_elb"
)
sg_elb.add_ingress_rule(
peer = ec2.Peer.any_ipv4,
connection = ec2.Port.tcp(443) # This line seems to be a problem.
)
There's even the same example (in TypeScript) given on the official documentation here so I'm not sure what I'm doing wrong.
Can anyone advise ?
Thanks in advance !
I got the following to work using TS, hope it helps some.
const mySG = new ec2.SecurityGroup(this, `${stack}-security-group`, {
vpc: vpc,
allowAllOutbound: true,
description: 'CDK Security Group'
});
mySG.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'SSH frm anywhere');
mySG.addIngressRule(ec2.Peer.ipv4('10.200.0.0/24'), ec2.Port.tcp(5439), 'Redshift Ingress1');
mySG.addIngressRule(ec2.Peer.ipv4('10.0.0.0/24'), ec2.Port.tcp(5439), 'Redshift Ingress2');
Btw, it is not recommended to use an explicit security group name: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.SecurityGroup.html
In SDK documentation: "Direct manipulation of the Security Group through addIngressRule and addEgressRule is possible, but mutation through the .connections object is recommended. If you peer two constructs with security groups this way, appropriate rules will be created in both."
So it's better to add rules like this:
sg.connections.allow_from(
Peer.any_ipv4(),
Port.tcp(22),
"ssh"
)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With