By using AWS re:Post, you agree to the Terms of Use

Programmatically setting Inbound rule of Security group as local IP using CloudFormation


Hi Team, I am trying to change the CloudFormation stack of Redshift which has security group inbound rule as which is a violation of my requirement. Can I programmatically set this to my local IP( same way as we choose source as my IP in AWS console)? If yes, please help me on the steps to do so.

2 Answers

Yes you can specify a more granular ingress security group rule. The Redshift Cloudformation Cluster Security Group Ingress page provides the appropriate guidance on how to add that parameter to your Cloudformation template and some examples.

answered 7 months ago
  • Hi Allison_P, Thank you so much for the reply. I have gone through the link but every time, the user needs to hardcode whenever they run the stack. But, the requirement here is the stack automatically fetch the IP of user system i.e., Whoever runs it, it should fetch and update the value instead of hardcoding. Please guide me here if you have any other views on the approach.


You can create a custom AWS Cloudformation resource which would enable you to run a script, AWS Lambda function, or other automation to acquire the IP Address and store that as an output variable that the Redshift template could use in its deployment. A blog post demonstrating the use of custom Cloudformation resources is available here

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions