1 回答
- 最新
- 投票最多
- 评论最多
0
Hi Mehandra,
Here you need use two CloudFormation resources : AWS::EC2::NetworkAcl and AWS::EC2::NetworkAclEntry. First create NetworkAcl and in NetworkAclEntry you allow/deny specific IPs/CIDR.
You can find good example here : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#aws-resource-ec2-networkaclentry--examples
BUT before implementing it please note that NetworkACLs are associated with subnets so if you run any resource under that subnet then only IP which is allowed in NetworkACL will able to access resource. **If your goal is protect only specific resource I would still recommend Security Group because with NetworkACL you are restricting access for whole subnet. **
相关内容
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前