Menu
I would like to know how to import security group defined in another stack, and then use in current stack.
I have tried this so far..
class relayStack extends cdk.Stack {
public sg_relay: ec2.SecurityGroupRefProps
constructor(parent: cdk.App, name: string, props: VPCProps) {
super(parent, name, props);
//#IMPORT VPC PROPS
const vpc = ec2.VpcNetwork.import(this, 'VPC-Hottest100', props.infra.vpc);
//#AUTOSCALING GROUP
const asg_relayServer = new ec2.AutoScalingGroup(this, 'ASG_Relay', {
vpc,
instanceType: new ec2.InstanceTypePair(ec2.InstanceClass.T2, ec2.InstanceSize.Small),
minSize: 1,
maxSize: 3,
desiredCapacity: 1,
machineImage: new ec2.GenericLinuxImage({
"ap-southeast-2": "ami-dc361ebf",
}),
keyName: 'icecast-poc',
allowAllOutbound: false,
vpcPlacement: {
usePublicSubnets: false
}
});
//#SECURITY Group
const sg_relay = new ec2.SecurityGroup(this, 'SG_RELAY', {
vpc,
description: "Relay stack security group",
groupName: 'relay-sg'
})
this.sg_relay = sg_relay
}
}
And then from another stack I would like to access the exported security group sg_relay
I have tried following
//#SECURITY GROUP
const sg_nginx = new ec2.SecurityGroup(this, "SG_NGINX", {
vpc,
description: "NGINX stack security group",
groupName: 'nginx-sg'
})
const sg_relayImp = new ec2.SecurityGroupRef(this, "SG_RELAY_IMP", {
securityGroupId: new ec2.SecurityGroupId('SG_RELAY')
})
And then use as following
sg_nginx.addIngressRule(sg_relayImp, wowzaPort, 'asg_RelyToNgn_8000')
Obviously its not working for me.
I could not find any import function for security group between stacks, like vpc has one.
Could anyone please help me with this situation?
399
A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups.
The Outputs block is at the top level of your template, then comes the logical name of your output, and finally the Export with the Name of what you want to export. In order to use a reference to myVPC in another template you just need to import it using a Cloudformation intrinsic function called ImportValue .
You can directly refer the cross-stack resources in an app.
Below is a code snippet,
export class InfraCdkStack extends cdk.Stack {
// Create a readonly property to reference on an instance.
readonly vpc: ec2.IVpc;
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// The code that defines your stack goes here.
// Assign your vpc to your previously created property.
// Creates a vpc in two AZs.
this.vpc = new ec2.Vpc(this, 'MyVPC');
}
}
// Create an interface to hold the vpc information.
interface ECSStackProps extends cdk.StackProps {
vpc: ec2.IVpc;
}
// Have your class constructor accept the interface.
export class ECSCdkStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props: ECSStackProps) {
super(scope, id, props);
}
const app = new cdk.App();
const infraStack = new InfraCdkStack(app, 'InfraCdkStack');
// Pass the infraStack.vpc property to the ECSCdkStack class.
const gameECSStack = new ECSCdkStack(app, 'ECSCdkStack', {
vpc: infraStack.vpc
});
There is an example in official doc to demonstrate how sharing s3 bucket.
81
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
