使用AWS CDK Python将安全组添加到EC2实例

huangapple go评论57阅读模式
英文:

Add Security Group to EC2 instance using AWS CDK Python

问题

我正在尝试部署一个具有以下属性的EC2实例:

EC2securitygroup = ec2.CfnSecurityGroup(
  self,
  "EC2SecurityGroup",
  group_description="Security group for EC2",
  group_name="EC2-security-group",
  vpc_id="vpc-xxxxxxxxxxxxxxx",
  security_group_ingress=[............])
instance = ec2.Instance(self, "EC2instance",
  instance_type=ec2.InstanceType("t2.micro"),
  machine_image=amzn_linux,
  vpc = vpc,
  role = role,
  security_group = EC2securitygroup
)

但是从"cdk synth"的输出中可以看到SecurityGroupIds为空。

EC2Instance770AAE32:
  Type: AWS::EC2::Instance
  Properties:
    AvailabilityZone: us-east-2a
    IamInstanceProfile:
      Ref: EC2InstanceInstanceProfile4A6C6689
    ImageId:
      Ref: SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter
    InstanceType: t2.micro
    SecurityGroupIds: []

为什么代码中的安全组没有被使用?
顺便说一下,我验证了安全组已经被创建,但没有被EC2实例使用。

是否有人可以指出我哪里做错了?
谢谢!

英文:

I am trying to deploy an EC2 with the following properties:

        EC2securitygroup = ec2.CfnSecurityGroup(
          self,
          "EC2SecurityGroup",
          group_description="Security group for EC2",
          group_name="EC2-security-group",
          vpc_id="vpc-xxxxxxxxxxxxxxx",
          security_group_ingress=[............])
        instance = ec2.Instance(self, "EC2instance",
          instance_type=ec2.InstanceType("t2.micro"),
          machine_image=amzn_linux,
          vpc = vpc,
          role = role,
          security_group = EC2securitygroup
        )

but the output from "cdk synth" shows empty SecurityGroupIds.

EC2Instance770AAE32:
  Type: AWS::EC2::Instance
  Properties:
    AvailabilityZone: us-east-2a
    IamInstanceProfile:
      Ref: EC2InstanceInstanceProfile4A6C6689
    ImageId:
      Ref: SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amihvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter
    InstanceType: t2.micro
    SecurityGroupIds: []

How come the security group in the code was not being used?
BTW, I verified the security group was created but not being used by the EC2.

Can someone point out where I did wrong?
Thank you!

答案1

得分: 1

ec2.Instance 构造函数的 security_group 属性需要一个 ISecurityGroup,而您正在传递一个 CfnSecurityGroup,所以我不确定这个合成的过程是如何进行的。请改用 ec2.SecurityGroup 构造函数。

英文:

The security_group prop of the ec2.Instance constructor expects an ISecurityGroup and you're passing a CfnSecurityGroup, so I'm not sure how this even synthed. Use the ec2.SecurityGroup construct instead.

huangapple
  • 本文由 发表于 2023年6月13日 02:10:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/76459260.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定