Add Ingress Rule to Security Groups using AWS CDK

SwapnilJak picture SwapnilJak · Sep 13, 2019 · Viewed 9.3k times · Source

I'm trying to add an ingress rule to a Security Group via the AWS CDK using Python. As per the documentation here - there's a method add_ingress_rule() on the Class aws_cdk.aws_ec2.

However - when I try to deploy the stack, I get the following error :

AttributeError: 'method' object has no attribute 'jsii__type' Subprocess exited with error 1

Security Group Code snippet below-

        sg_elb = ec2.SecurityGroup(
            self,
            id = "sg_elb",
            vpc = vpc,
            security_group_name = "sg_elb"
        )

        sg_elb.add_ingress_rule(
            peer = ec2.Peer.any_ipv4,
            connection = ec2.Port.tcp(443)   # This line seems to be a problem.
        )

There's even the same example (in TypeScript) given on the official documentation here so I'm not sure what I'm doing wrong.

Can anyone advise ?

Thanks in advance !

Answer

Ultradoxx picture Ultradoxx · Sep 18, 2019

I got the following to work using TS, hope it helps some.

        const mySG = new ec2.SecurityGroup(this, `${stack}-security-group`, {
            vpc: vpc,
            allowAllOutbound: true,
            description: 'CDK Security Group'
        });

        mySG.addIngressRule(ec2.Peer.anyIpv4(), ec2.Port.tcp(22), 'SSH frm anywhere');
        mySG.addIngressRule(ec2.Peer.ipv4('10.200.0.0/24'), ec2.Port.tcp(5439), 'Redshift Ingress1');
        mySG.addIngressRule(ec2.Peer.ipv4('10.0.0.0/24'), ec2.Port.tcp(5439), 'Redshift Ingress2');

Btw, it is not recommended to use an explicit security group name: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ec2.SecurityGroup.html