Menu
"dbxSG":
{
"Type": "AWS::EC2::SecurityGroup",
"Properties":
{
"GroupDescription": "Enable dbX Access",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "22",
"ToPort": "22",
"CidrIp": "0.0.0.0/0"
}
]
}
},
"dbxSGIngress" :
{
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties":
{
"GroupName": { "Ref": "dbxSG" },
"IpProtocol": "tcp",
"FromPort": "0",
"ToPort": "65535",
"SourceSecurityGroupName": { "Ref": "dbxSG" }
}
},
How do I add multiple security group names in above json file? "dbxSG" name is referring in many times. I want to add one more security group with a new name. How do I add it?
694
Amazon EC2 uses this set of rules to determine whether to allow access. You can assign multiple security groups to an instance. Therefore, an instance can have hundreds of rules that apply.
Think of it as applying firewall settings to individual instances (or rather, virtual NICs within an instance). Another thing that you need to know about VPC security groups is that you can apply multiple security groups to a single network adapter.
EC2-VPC. In Amazon Virtual Private Cloud or VPC, your instances are in a private cloud, and you may add up to five AWS security groups per instance. You may add or delete inbound and outbound traffic rules. You can also add new groups even after the instance is already running.
Yes, you can attach multiple Security Groups to an EC2 Instance when created using CloudFormation. Below is sample json to accomplish it. I have attached WebSubnetSG & AppSubnetSG to the EC2 Instance.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Multiple Security Groups - Demo",
"Resources" : {
"VPC": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16" ,
"Tags": [
{
"Key": "Name",
"Value": "Multi Security Group"
}
]
}
},
"WebSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "VPC"
},
"CidrBlock": "10.0.10.0/24",
"Tags": [
{
"Key": "Application",
"Value": "Multi SG Subnet"
}]
}
},
"WebServerSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SG for the Web Server",
"VpcId": {
"Ref": "VPC"
},
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupIngress" : [
{
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0",
"FromPort": "80",
"ToPort": "80"
},
{
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0",
"FromPort": "443",
"ToPort": "443"
}
]
}
},
"AppServerSGIngress": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AppServerSG"
},
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0",
"FromPort" : "9090",
"ToPort" : "9090"
}
},
"AppServerSG": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "SG for the App Server",
"VpcId": {
"Ref": "VPC"
},
"SecurityGroupEgress": [
{
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
],
"SecurityGroupIngress" : [
{
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0",
"FromPort": "8080",
"ToPort": "8080"
}
]
}
},
"MultiSGInstance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-12345678",
"KeyName": "your-key-pair",
"SecurityGroupIds": [
{
"Ref": "WebServerSG"
},
{
"Ref": "AppServerSG"
}
],
"InstanceType": "t2.micro",
"SubnetId": {
"Ref": "WebSubnet"
},
"Tags": [
{
"Key": "Name",
"Value": "MultiSG"
}
]
}
}
},
"Outputs" : {}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
