Last active
March 23, 2023 08:00
-
-
Save tuxinaut/35e89e8f8bf89ed47abc796b8fe5d514 to your computer and use it in GitHub Desktop.
AWS CDK self referencing security group
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sg = ec2.CfnSecurityGroup(self, "sample-sg", | |
| group_description="Allows traffic to the database when attached", | |
| vpc_id=vpc.vpc_id, | |
| ) | |
| ingress = ec2.CfnSecurityGroupIngress(self, "sample-sg-ingress", | |
| group_id=sg.attr_group_id, | |
| source_security_group_id=sg.attr_group_id, | |
| ip_protocol="TCP", | |
| description="Self referencing SG rule to allow TCP traffic on port 3306", | |
| from_port=3306, | |
| to_port=3306, | |
| ) | |
| # This is the important part | |
| # If the dependency is not set CloudFormation will complain that the security group does not exist | |
| # Unfortunately I only made it work with CloudFormation Resources because the normal classes do not | |
| # support add dependies | |
| ingress.add_depends_on(sg) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This has probably changed since you wrote this gits, but I stumbled upon your code in my hunt for a solution.
A Security Group implements IPeer and can therefore be used as the first element in
add_ingress_rule.