- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hello.
Yes, you can use the AWS Command Line Interface (CLI) to bulk add rules to an EC2 security group. To achieve this, you can use a combination of a script and the aws ec2 authorize-security-group-ingress command.
Create .csv file with all rules like
protocol,from_port,to_port,cidr
tcp,80,80,192.168.1.0/24
tcp,443,443,10.0.0.0/16
...
run script:
#!/bin/bash
SECURITY_GROUP_ID="YOUR_SECURITY_GROUP_ID"
while IFS=, read -r protocol from_port to_port cidr
do
echo "Adding rule: Protocol: $protocol, From Port: $from_port, To Port: $to_port, CIDR: $cidr"
aws ec2 authorize-security-group-ingress \
--group-id $SECURITY_GROUP_ID \
--protocol $protocol \
--port $from_port-$to_port \
--cidr $cidr
done < rules.csv
This script only handles inbound rules (authorize-security-group-ingress). If you also need to bulk add outbound rules, you'll need a similar script but use authorize-security-group-egress.
Best regards, Andrii
Hi,
I'd strongly suggest to use the AWS version of Infra-as-Code, which is CloudFormation (CFN), to create such sophisticated security group(s): https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html
When you have your definitions in your CFN template , you can re-use it in multiple stacks and accounts, with no effort.
Personally, I try to define 100% of my infra resources via CFN: it's an initial investment but you recoup it very rapidly when you need to recreate same definitions again and again.
Best,
Didier
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
NOTE.. Maximum number of rules For an account with the default quota of 60 rules, a security group can have 60 inbound rules for IPv4 traffic and 60 inbound rules for IPv6 traffic. For more information, see Security group size. A quota change applies to both inbound and outbound rules. This quota multiplied by the quota for security groups per network interface cannot exceed 1,000.