This message was deleted.
# awss
sparse-intern-71089
07/07/2023, 12:49 PMThis message was deleted.
s
salmon-account-74572
07/07/2023, 3:28 PMWhy not create a new security group and use that instead of the default?
a
astonishing-exabyte-93491
07/07/2023, 3:30 PMyes, I should do that. My question is rather: can we attach a custom SG to the aws.ec2.Vpc instance?
s
salmon-account-74572
07/07/2023, 3:33 PMI don’t know that you can replace the default SG when you create a VPC, but you can definitely create a new SG after you create a VPC.
a
astonishing-exabyte-93491
07/07/2023, 3:33 PMI see.
s
salmon-account-74572
07/07/2023, 3:36 PMHere’s an example in Go (the
VpcId Copy code
// Create a security group
securityGroup, err := ec2.NewSecurityGroup(ctx, "security-group", &ec2.SecurityGroupArgs{
Name: pulumi.String("securityGroupName"),
VpcId: vpc.ID(),
Description: pulumi.String("Allows SSH traffic to hosts"),
Ingress: ec2.SecurityGroupIngressArray{
ec2.SecurityGroupIngressArgs{
Protocol: pulumi.String("tcp"),
ToPort: <http://pulumi.Int|pulumi.Int>(22),
FromPort: <http://pulumi.Int|pulumi.Int>(22),
Description: pulumi.String("Allow inbound SSH (TCP 22) from anywhere"),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
},
ec2.SecurityGroupIngressArgs{
Protocol: pulumi.String("udp"),
ToPort: <http://pulumi.Int|pulumi.Int>(51280),
FromPort: <http://pulumi.Int|pulumi.Int>(51280),
Description: pulumi.String("Allow Wireguard VPN (UDP 51280) from anywhere"),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
},
},
Egress: ec2.SecurityGroupEgressArray{
ec2.SecurityGroupEgressArgs{
Protocol: pulumi.String("-1"),
ToPort: <http://pulumi.Int|pulumi.Int>(0),
FromPort: <http://pulumi.Int|pulumi.Int>(0),
Description: pulumi.String("Allow all outbound traffic"),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
},
},
})🙌 1
6 Views