How to Import Security group from another stack using #AWS-CDK?
I would like to know how to import security group defined in another stack, and then use in current stack.
I have tried this so far..
class relayStack extends cdk.Stack {
public sg_relay: ec2.SecurityGroupRefProps
constructor(parent: cdk.App, name: string, props: VPCProps) {
super(parent, name, props);
//#IMPORT VPC PROPS
const vpc = ec2.VpcNetwork.import(this, 'VPC-Hottest100', props.infra.vpc);
//#AUTOSCALING GROUP
const asg_relayServer = new ec2.AutoScalingGroup(this, 'ASG_Relay', {
vpc,
instanceType: new ec2.InstanceTypePair(ec2.InstanceClass.T2, ec2.InstanceSize.Small),
minSize: 1,
maxSize: 3,
desiredCapacity: 1,
machineImage: new ec2.GenericLinuxImage({
"ap-southeast-2": "ami-dc361ebf",
}),
keyName: 'icecast-poc',
allowAllOutbound: false,
vpcPlacement: {
usePublicSubnets: false
}
});
//#SECURITY Group
const sg_relay = new ec2.SecurityGroup(this, 'SG_RELAY', {
vpc,
description: "Relay stack security group",
groupName: 'relay-sg'
})
this.sg_relay = sg_relay
}
}
And then from another stack I would like to access the exported security group sg_relay
I have tried following
//#SECURITY GROUP
const sg_nginx = new ec2.SecurityGroup(this, "SG_NGINX", {
vpc,
description: "NGINX stack security group",
groupName: 'nginx-sg'
})
const sg_relayImp = new ec2.SecurityGroupRef(this, "SG_RELAY_IMP", {
securityGroupId: new ec2.SecurityGroupId('SG_RELAY')
})
And then use as following
sg_nginx.addIngressRule(sg_relayImp, wowzaPort, 'asg_RelyToNgn_8000')
Obviously its not working for me.
I could not find any import function for security group between stacks, like vpc has one.
Could anyone please help me with this situation?
Answer
You can directly refer the cross-stack resources in an app.
Below is a code snippet,
export class InfraCdkStack extends cdk.Stack {
// Create a readonly property to reference on an instance.
readonly vpc: ec2.IVpc;
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// The code that defines your stack goes here.
// Assign your vpc to your previously created property.
// Creates a vpc in two AZs.
this.vpc = new ec2.Vpc(this, 'MyVPC');
}
}
// Create an interface to hold the vpc information.
interface ECSStackProps extends cdk.StackProps {
vpc: ec2.IVpc;
}
// Have your class constructor accept the interface.
export class ECSCdkStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props: ECSStackProps) {
super(scope, id, props);
}
const app = new cdk.App();
const infraStack = new InfraCdkStack(app, 'InfraCdkStack');
// Pass the infraStack.vpc property to the ECSCdkStack class.
const gameECSStack = new ECSCdkStack(app, 'ECSCdkStack', {
vpc: infraStack.vpc
});
There is an example in official doc to demonstrate how sharing s3 bucket.