本文介绍了如何允许某些端口仅对Cloud Custodian中的某些安全组开放?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在我的政策中,我只允许向世界开放80和443.
I have this in my policy to allow only 80 and 443 open to world.
"or": [
{
"Cidr": {
"value": "0.0.0.0/0"
},
"type": "ingress",
"OnlyPorts": [
80,
443
]
},
{
"CidrV6": {
"value": "::/0"
},
"type": "ingress",
"OnlyPorts": [
80,
443
]
}
]
现在,我只允许选定的安全组使用8080和8081,而不是所有安全组.这可能吗?
Now, I want to allow only 8080 and 8081 to selected security groups, not for all security groups. Is this possible?
推荐答案
对于IPV4:
resource: security-group
filters:
- tag:c7n_exception: absent
- type: ingress
OnlyPorts: [80,443]
Cidr:
value: "0.0.0.0/0"
对于IPV6:
resource: security-group
filters:
- tag:c7n_exception: absent
- type: ingress
OnlyPorts: [80,443]
CidrV6:
value: "::/0"
更多过滤器
filters:
- and:
- type: security-group
key: GroupId
#key: SecurityGroups[].GroupID
op: not-in
value:
- sg-0db5e1ab7s8323
这篇关于如何允许某些端口仅对Cloud Custodian中的某些安全组开放?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!