Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Allow ingress from one security group to another using AWS CDK

Tags:

typescript

aws-cdk

How can I connect two security groups together using the AWS CDK?

This is an example of allow IPv4 traffic ingress via port 443

ec2SecurityGroup.addIngressRule(Peer.anyIpv4(), Port.tcp(443), 'Test rule', false)

This from the documentation:

public addIngressRule(peer: IPeer, connection: Port, description?: string, remoteRule?: boolean): void

This is the best I could come up with (where 'elbSecurityGroup' is another security group):

const p = Peer.anyIpv4()
p.connections.allowFrom(elbSecurityGroup.connections, Port.tcp(443))
ec2SecurityGroup.addIngressRule(p, Port.tcp(443), 'Test rule', false)

But that doesn't really make any sense. There must be a better way of Initializing the Peer. Typescript says

Constructor of class 'Peer' is protected and only accessible within the class declaration.

If I try:

const p = new Peer()
like image 951
comfytoday Avatar asked Dec 12 '19 08:12

comfytoday

People also ask

What is ingress rule in security group?

AWS::EC2::SecurityGroup Ingress. Adds an inbound rule to a security group. An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group.

What is ingress and egress in security group?

Egress in the world of networking implies traffic that exits an entity or a network boundary, while Ingress is traffic that enters the boundary of a network.

Can multiple security groups be applied to a single VPC?

Think of it as applying firewall settings to individual instances (or rather, virtual NICs within an instance). Another thing that you need to know about VPC security groups is that you can apply multiple security groups to a single network adapter.

What is Cidrip?

That system is known as CIDR notation. CIDR IP addresses consist of two groups of numbers, which are also referred to as groups of bits. The most important of these groups is the network address, and it is used to identify a network or a sub-network (subnet). The lesser of the bit groups is the host identifier.

1 Answers

This can be done by accessing the 'connections' on SecurityGroups or other Constructs directly

ec2SecurityGroup.connections.allowFrom(elbSecurityGroup, Port.tcp(443), 'Application Load Balancer')

Or from an EC2 Instance object directly to another EC2 instance:

ec2Instance1.connections.allowFrom(ec2Instance2, Port.tcp(4321), 'Inbound')
ec2Instance2.connections.allowTo(ec2Instance1, Port.tcp(4321), 'Outbound')

This will create/alter a SecurityGroup created by CDK that is attached to the EC2 instance.

like image 96
comfytoday Avatar answered Sep 19 '22 20:09

comfytoday
Sign in to Comment

Related questions

Cannot resolve import from index.ts from script located in same directory
error TS7027: Unreachable code detected in Angular2 TypeScript Service class
How can I set the tab width in a monaco editor instance?
How to get a leading '+' for positive numbers in Intl.NumberFormat?
Empty interface allow any object?
install paper.js and typings file in angular 2
Visual Studio 2017 not compiling typescript
angular change detection for updates within a callback
TypeScript Error While Using @Input()
Type 'null' is not assignable to type '() => void | null'
Typescript, decorate async function
Question mark Typescript variable
Typescript - What is better: Get / Set properties
Material UI React Modal Dialog on custom container
The fastest way to Transpile TypeScript in Node
How can I mock a third-party nodejs module function using jest with TypeScript?
Angular6 update query params without routing
Can I define array of strings and undefined in typescript?
What is the exact difference between ?. and ?: operators in angular
How to validate Enum String with Joi latest version?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!