- 최신
- 최다 투표
- 가장 많은 댓글
Hi,
I'd strongly suggest to use the AWS version of Infra-as-Code, which is CloudFormation (CFN), to create such sophisticated security group(s): https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html
When you have your definitions in your CFN template , you can re-use it in multiple stacks and accounts, with no effort.
Personally, I try to define 100% of my infra resources via CFN: it's an initial investment but you recoup it very rapidly when you need to recreate same definitions again and again.
Best,
Didier
Hello.
Yes, you can use the AWS Command Line Interface (CLI) to bulk add rules to an EC2 security group. To achieve this, you can use a combination of a script and the aws ec2 authorize-security-group-ingress command.
Create .csv file with all rules like
protocol,from_port,to_port,cidr
tcp,80,80,192.168.1.0/24
tcp,443,443,10.0.0.0/16
...
run script:
#!/bin/bash
SECURITY_GROUP_ID="YOUR_SECURITY_GROUP_ID"
while IFS=, read -r protocol from_port to_port cidr
do
echo "Adding rule: Protocol: $protocol, From Port: $from_port, To Port: $to_port, CIDR: $cidr"
aws ec2 authorize-security-group-ingress \
--group-id $SECURITY_GROUP_ID \
--protocol $protocol \
--port $from_port-$to_port \
--cidr $cidr
done < rules.csv
This script only handles inbound rules (authorize-security-group-ingress). If you also need to bulk add outbound rules, you'll need a similar script but use authorize-security-group-egress.
Best regards, Andrii
관련 콘텐츠
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 일 년 전
NOTE.. Maximum number of rules For an account with the default quota of 60 rules, a security group can have 60 inbound rules for IPv4 traffic and 60 inbound rules for IPv6 traffic. For more information, see Security group size. A quota change applies to both inbound and outbound rules. This quota multiplied by the quota for security groups per network interface cannot exceed 1,000.