1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Looks like it's necessary to export the base security group ID as an output.
// Export the security group ID for dependent stacks to reference and retrieve raw security group via CDK From methods.
var outputName = StackHelper.SharedExports.DbSecurityGroupId(this.StackName);
new CfnOutput(this, outputName,
new CfnOutputProps
{
ExportName = outputName,
Value = this.DbSecurityGroup.SecurityGroupId,
Description = dbSgName + " security group ID."
});
Then the dependent app stack imports the security group ID and retrieves the security group by itself instead of a direct code reference.
var dbSecurityGroupId = Fn.ImportValue(StackHelper.SharedExports.DbSecurityGroupId(this._dataStack.StackName));
var dbSecurityGroup = SecurityGroup.FromSecurityGroupId(this, "dbSg", dbSecurityGroupId);
dbSecurityGroup.AddIngressRule(this.AppSecurityGroup, Port.Tcp(3306), "Allow connection from app1.");
This way the dependent stack only owns (and adds) the ingress rule to the base security group, and the base stack doesn't know about/depend on the app stack.
con risposta un anno fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata un anno fa