1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hi Mehandra,
Here you need use two CloudFormation resources : AWS::EC2::NetworkAcl and AWS::EC2::NetworkAclEntry. First create NetworkAcl and in NetworkAclEntry you allow/deny specific IPs/CIDR.
You can find good example here : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#aws-resource-ec2-networkaclentry--examples
BUT before implementing it please note that NetworkACLs are associated with subnets so if you run any resource under that subnet then only IP which is allowed in NetworkACL will able to access resource. **If your goal is protect only specific resource I would still recommend Security Group because with NetworkACL you are restricting access for whole subnet. **
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 일 년 전