如何使用模板在cloudformation中添加多个安全组和组名？答案

【问题标题】：How to add multiple security groups and group names in cloudformation using template?如何使用模板在cloudformation中添加多个安全组和组名？
【发布时间】：2015-04-17 00:46:06
【问题描述】：

 "dbxSG": 
    {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": 
      {
        "GroupDescription": "Enable dbX Access",
        "SecurityGroupIngress": [
          {
            "IpProtocol": "tcp",
            "FromPort": "22",
            "ToPort": "22",
            "CidrIp": "0.0.0.0/0"
          }
        ]
      }
    },
    "dbxSGIngress" : 
    {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": 
      {
        "GroupName": { "Ref": "dbxSG" },
        "IpProtocol": "tcp",
        "FromPort": "0",
        "ToPort": "65535",
        "SourceSecurityGroupName": { "Ref": "dbxSG" }
      }
    },

如何在上面的 json 文件中添加多个安全组名称？ “dbxSG”名称多次引用。我想再添加一个具有新名称的安全组。如何添加？

【问题讨论】：

这并不完全合理。您创建了单个安全组的递归循环。您还将 JSON dict/hash 与 JSON 数组混淆。您是否遇到错误，这就是您要解决的问题？或者你想使用更多SourceSecurityGroupNames？
是的，我想使用更多的安全组名称..这应该与头实例相关联..如何实现..？

标签： amazon-web-services amazon-cloudformation aws-security-group

【解决方案1】：

是的，您可以在使用 CloudFormation 创建时将多个安全组附加到一个 EC2 实例。下面是完成它的示例 json。我已将 WebSubnetSG 和 AppSubnetSG 附加到 EC2 实例。

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Multiple Security Groups - Demo",
  "Resources" : {
  "VPC": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "10.0.0.0/16" ,
        "Tags": [
          {
            "Key": "Name",
            "Value": "Multi Security Group"
          }
        ]
      }
    },
    "WebSubnet": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "VpcId": {
          "Ref": "VPC"
        },
        "CidrBlock": "10.0.10.0/24",
        "Tags": [
          {
            "Key": "Application",
            "Value": "Multi SG Subnet"
          }]
      }
    },
    "WebServerSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "SG for the Web Server",
        "VpcId": {
          "Ref": "VPC"
        },
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "SecurityGroupIngress" : [
            {
            "IpProtocol": "tcp",
            "CidrIp": "0.0.0.0/0",
            "FromPort": "80",
            "ToPort": "80"
          },
          {
            "IpProtocol": "tcp",
            "CidrIp": "0.0.0.0/0",
            "FromPort": "443",
            "ToPort": "443"
          }
        ]
      }
    },
    "AppServerSGIngress": {
      "Type": "AWS::EC2::SecurityGroupIngress",
      "Properties": {
        "GroupId": {
          "Ref": "AppServerSG"
        },
        "IpProtocol": "tcp",
        "CidrIp": "0.0.0.0/0",
        "FromPort" : "9090",
        "ToPort" : "9090"
      }
    },
    "AppServerSG": {
      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "SG for the App Server",
        "VpcId": {
          "Ref": "VPC"
        },
        "SecurityGroupEgress": [
          {
            "IpProtocol": "-1",
            "CidrIp": "0.0.0.0/0"
          }
        ],
        "SecurityGroupIngress" : [
            {
            "IpProtocol": "tcp",
            "CidrIp": "0.0.0.0/0",
            "FromPort": "8080",
            "ToPort": "8080"
          }
        ]
      }
    },
    
    "MultiSGInstance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "ImageId": "ami-12345678",
        "KeyName": "your-key-pair",
        "SecurityGroupIds": [
          {
            "Ref": "WebServerSG"
          },
          {
            "Ref": "AppServerSG"
          }
        ],
        "InstanceType": "t2.micro",
        "SubnetId": {
          "Ref": "WebSubnet"
        },
        "Tags": [
          {
            "Key": "Name",
            "Value": "MultiSG"
          }
        ]
      }
    }
  },
  "Outputs" : {}
 }

【讨论】：