1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Hi Mehandra,
Here you need use two CloudFormation resources : AWS::EC2::NetworkAcl and AWS::EC2::NetworkAclEntry. First create NetworkAcl and in NetworkAclEntry you allow/deny specific IPs/CIDR.
You can find good example here : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#aws-resource-ec2-networkaclentry--examples
BUT before implementing it please note that NetworkACLs are associated with subnets so if you run any resource under that subnet then only IP which is allowed in NetworkACL will able to access resource. **If your goal is protect only specific resource I would still recommend Security Group because with NetworkACL you are restricting access for whole subnet. **
関連するコンテンツ
- AWS公式更新しました 3年前