youngsoul · March 11, 2022 19:19
diff --git a/vpc_securitygroups_cdk_example.py b/vpc_securitygroups_cdk_example.py
 lambda_to_proxy_sg = ec2.SecurityGroup(self, id=f'{resource_prefix}-l2proxy-sg',
                                       vpc=vpc,
                                       allow_all_outbound=True, 
                                       description="Lambda to RDS Proxy Connection"
                                       )
 bastion_sg = ec2.SecurityGroup(self, id='bastionsg',
                               security_group_name=f'{resource_prefix}-cdk-bastion-sg',
                               vpc=vpc,
                               description=f'{resource_prefix} SG for Bastion',
                               allow_all_outbound=True)
 bastion_sg.add_ingress_rule(ec2.Peer.ipv4('xxx.xxx.xxx.xxx/32'),  # only my machine
                            ec2.Port.tcp(22),
                            description='SSH Access')

 db_connection_sg = ec2.SecurityGroup(self, id=f'{resource_prefix}-proxy2db-sg',
                                     description='Proxy to DB Connection',
                                     vpc=vpc,
                                     allow_all_outbound=False
                                     )
 db_connection_sg.add_ingress_rule(peer=db_connection_sg,
                                  connection=ec2.Port.tcp(3306),
                                  description='allow db connection')
 db_connection_sg.add_ingress_rule(peer=lambda_to_proxy_sg,
                                  connection=ec2.Port.tcp(3306),
                                  description='allow lambda connection')
 db_connection_sg.add_ingress_rule(peer=bastion_sg,
                                  connection=ec2.Port.tcp(3306),
                                  description='allow ec2 connection')
	lambda_to_proxy_sg = ec2.SecurityGroup(self, id=f'{resource_prefix}-l2proxy-sg',
	vpc=vpc,
	allow_all_outbound=True,
	description="Lambda to RDS Proxy Connection"
	)
	bastion_sg = ec2.SecurityGroup(self, id='bastionsg',
	security_group_name=f'{resource_prefix}-cdk-bastion-sg',
	vpc=vpc,
	description=f'{resource_prefix} SG for Bastion',
	allow_all_outbound=True)
	bastion_sg.add_ingress_rule(ec2.Peer.ipv4('xxx.xxx.xxx.xxx/32'), # only my machine
	ec2.Port.tcp(22),
	description='SSH Access')

	db_connection_sg = ec2.SecurityGroup(self, id=f'{resource_prefix}-proxy2db-sg',
	description='Proxy to DB Connection',
	vpc=vpc,
	allow_all_outbound=False
	)
	db_connection_sg.add_ingress_rule(peer=db_connection_sg,
	connection=ec2.Port.tcp(3306),
	description='allow db connection')
	db_connection_sg.add_ingress_rule(peer=lambda_to_proxy_sg,
	connection=ec2.Port.tcp(3306),
	description='allow lambda connection')
	db_connection_sg.add_ingress_rule(peer=bastion_sg,
	connection=ec2.Port.tcp(3306),
	description='allow ec2 connection')