Cloudformation: how to use prefix list as source ?

0

I did this

aws ec2 describe-managed-prefix-lists --filters Name=prefix-list-name,Values=com.amazonaws.global.cloudfront.origin-facing

I obtained

{
    "PrefixLists": [
        {
            "PrefixListId": "pl-a3a144ca",
            "AddressFamily": "IPv4",
            "State": "create-complete",
            "PrefixListArn": "arn:aws:ec2:eu-central-1:aws:prefix-list/pl-a3a144ca",
            "PrefixListName": "com.amazonaws.global.cloudfront.origin-facing",
            "Tags": [],
            "OwnerId": "AWS"
        }
    ]
}

So I tried to add a rule to allow my ALB to receive traffica from cloud front

  LoadBalancerSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: !Sub "${AWS::StackName}-LB-SG"
      VpcId: !ImportValue 'Test-Ipv6-VPC'
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIpv6: ::/0
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIpv6: ::/0
        # allow traffoc from cloud front 
        #  aws ec2 describe-managed-prefix-lists --filters Name=prefix-list-name,Values=com.amazonaws.global.cloudfront.origin-facing
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          SourcePrefixListId: pl-a3a144ca 

But I get this

Resource handler returned message: "The prefix list ID 'pl-a3a144ca' does not exist

I am deploying to Milan (eu-south-1) region.

what am I doing wrong?

已提問 2 個月前檢視次數 414 次
3 個答案
3
已接受的答案

You have found Cloudfront prefix from Frankfurt region =)

aws ec2 describe-managed-prefix-lists --filters Name=prefix-list-name,Values=com.amazonaws.global.cloudfront.origin-facing --region eu-central-1

{
    "PrefixLists": [
        {
            "PrefixListId": "pl-a3a144ca",
            "AddressFamily": "IPv4",
            "State": "create-complete",
            "PrefixListArn": "arn:aws:ec2:eu-central-1:aws:prefix-list/pl-a3a144ca",
            "PrefixListName": "com.amazonaws.global.cloudfront.origin-facing",
            "Tags": [],
            "OwnerId": "AWS"
        }
    ]
}

Milan is different

    eu-south-1:
      PrefixList: pl-1bbc5972
profile picture
專家
已回答 2 個月前
profile picture
專家
A_J
已審閱 1 個月前
profile picture
專家
Artem
已審閱 2 個月前
profile pictureAWS
專家
iBehr
已審閱 2 個月前
1

The prefix list is in eu-central-1 (Frankfurt, Germany) and the security group is in eu-south-1 (Milan, Italy), as you said.

You have to use the equivalent prefix list in eu-south-1.

專家
Leo K
已回答 2 個月前
1

Hello,

Adding a region options to the command would get the correct Prefix id for Milan region:

aws ec2 describe-managed-prefix-lists --filters Name=prefix-list-name,Values=com.amazonaws.global.cloudfront.origin-facing --region eu-south-1

profile picture
專家
已回答 2 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南