如何在 CloudFormation 的安全组中同时指定 IPv6 和 v4? [英] How to specify both IPv6 and v4 in Security Groups in CloudFormation?

问题描述

我尝试创建一个安全组，例如:

I tried to create a security group like:

  WebTierSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      SecurityGroupIngress:
        - Description: Allow HTTP
          IpProtocol: tcp
          FromPort: 80
          CidrIp: 0.0.0.0/0
          CidrIpv6: ::/0

但 CloudFormation 抱怨我不能同时拥有 CidrIp 和 CidrIpv6.我该如何解决?我以为我可以通过 AWS 控制台同时拥有两者?

But CloudFormation complains I cannot have both CidrIp and CidrIpv6. How do I resolve this? I thought I can have both via AWS console?

不能同时指定CidrIp和CidrIpv6

Both CidrIp and CidrIpv6 cannot be specified

推荐答案

资源的 SecurityGroupIngress(以及 SecurityGroupEgress)属性是列表/数组类型.您必须提供要应用于安全组的资源列表或规则列表.每个规则都必须有一个 CidrIp 或一个 CidrIpv6，不能同时具有.当您需要允许这两种协议时，您必须应用两种不同的规则: 更改您的模板，如下所示:

The SecurityGroupIngress (and also SecurityGroupEgress) property of resource is of type list/array. Your must supply a list of Resources, or list of rules to be applied to security group. Each rule must have a CidrIp OR a CidrIpv6, not both the same time. When you need to allow the two protocols you must apply two different rules: Change you template like below:

  WebTierSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      SecurityGroupIngress:
        - Description: Allow HTTP
          IpProtocol: tcp
          FromPort: 80
          CidrIp: 0.0.0.0/0
        - Description: Allow HTTP
          IpProtocol: tcp
          FromPort: 80
          CidrIpv6: ::/0

这篇关于如何在 CloudFormation 的安全组中同时指定 IPv6 和 v4?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！