How can you add an ingress rule to a security group CDK?

Question

We have a VPC that needs to be peered with another VPC managed by a partner organization.

We've tried:

```
const securityGroup = new ec2.SecurityGroup(this, 'security-group', {
  vpc,
  allowAllOutbound: true,
})
securityGroup.addIngressRule(Peer.ipv4('10.50.0.0/16'), ec2.Port.HTTPS, 'Allow all ingress from partner')
```

But when the stack is synthesized, no `AWS::EC2::SecurityGroupIngress` resources are present.

Also, the documentation suggests: "Direct manipulation of the Security Group through addIngressRule and addEgressRule is possible, but mutation through the .connections object is recommended", but it's not clear how to create a connectible to reference something that is external to the stack (and can't be imported).

Didier_Durand · Accepted Answer

Hi,

Can you try to adapt your syntax to the one below ?

This is working 
```
const mySG = new ec2.SecurityGroup(this, `${stack}-security-group`, {
    vpc: vpc,
    allowAllOutbound: true,
    description: 'CDK Security Group'
});

mySG.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'SSH frm anywhere');
mySG.addIngressRule(ec2.Peer.ipv4('10.200.0.0/24'), ec2.Port.tcp(5439), 'Redshift Ingress1');
mySG.addIngressRule(ec2.Peer.ipv4('10.0.0.0/24'), ec2.Port.tcp(5439), 'Redshift Ingress2');
```

Best,

Didier

How can you add an ingress rule to a security group CDK?

Add your answer

Relevant content