1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Looks like it's necessary to export the base security group ID as an output.
// Export the security group ID for dependent stacks to reference and retrieve raw security group via CDK From methods.
var outputName = StackHelper.SharedExports.DbSecurityGroupId(this.StackName);
new CfnOutput(this, outputName,
new CfnOutputProps
{
ExportName = outputName,
Value = this.DbSecurityGroup.SecurityGroupId,
Description = dbSgName + " security group ID."
});
Then the dependent app stack imports the security group ID and retrieves the security group by itself instead of a direct code reference.
var dbSecurityGroupId = Fn.ImportValue(StackHelper.SharedExports.DbSecurityGroupId(this._dataStack.StackName));
var dbSecurityGroup = SecurityGroup.FromSecurityGroupId(this, "dbSg", dbSecurityGroupId);
dbSecurityGroup.AddIngressRule(this.AppSecurityGroup, Port.Tcp(3306), "Allow connection from app1.");
This way the dependent stack only owns (and adds) the ingress rule to the base security group, and the base stack doesn't know about/depend on the app stack.
répondu il y a un an
Contenus pertinents
- demandé il y a 8 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a un an