Add Tag to a security group rule
Hi,
Is there a way to add a Tag (a name) to a rule in a security group using CloudFormation template? Well, maybe the question is not clear enough. Let's see an example:
"CGExternalSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "CacheGuardVPC"
},
"GroupDescription": "These rules specify allowed traffic incoming from the external NIC.",
"SecurityGroupIngress": [
{"Description": "Allow Web traffic", "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "CidrIp": "0.0.0.0/0"}
],
"Tags": [
{
"Key": "Name",
"Value": "CGExternalSG"
}
]
}
}
In the above example, we want to add the Tag name "WebTraffic" to the rule {"Description": "Allow Web traffic", "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "CidrIp": "0.0.0.0/0"} so we can quickly identify the rule purpose in the AWS UI. As this is possible when using the AWS UI , we hope to find a solution to do it in our template.
Best Regards,
CG
- Newest
- Most votes
- Most comments
Hi, as per https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/819 tags are not supported for IAM policies in standard CloudFormation. The public documentation confirms it.
What I do personally in similar situation is that I launch an EC2 in same template with UserData for my shell commands (aws cli, regular shell, etc.) I put a CFN DependsOn on the resources that I want to modify to make that they are created when the shell commands are executed at EC2 start. My last shell command is a Linux shutdown to remain frugal on costs.
I know that it is not the most elegant solution that you can hope for but it works well.
Another way to go is CommandRunner: https://aws.amazon.com/blogs/mt/running-bash-commands-in-aws-cloudformation-templates/
Best,
Didier
Relevant content
- asked a year ago
- asked 7 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
