This message was deleted.
# aws
s
This message was deleted.
s
Why not create a new security group and use that instead of the default?
a
yes, I should do that. My question is rather: can we attach a custom SG to the aws.ec2.Vpc instance?
s
I don’t know that you can replace the default SG when you create a VPC, but you can definitely create a new SG after you create a VPC.
a
I see.
s
Here’s an example in Go (the
VpcId
property takes the ID of a previously created (in the same program) VPC.
Copy code
// Create a security group
		securityGroup, err := ec2.NewSecurityGroup(ctx, "security-group", &ec2.SecurityGroupArgs{
			Name:        pulumi.String("securityGroupName"),
			VpcId:       vpc.ID(),
			Description: pulumi.String("Allows SSH traffic to hosts"),
			Ingress: ec2.SecurityGroupIngressArray{
				ec2.SecurityGroupIngressArgs{
					Protocol:    pulumi.String("tcp"),
					ToPort:      <http://pulumi.Int|pulumi.Int>(22),
					FromPort:    <http://pulumi.Int|pulumi.Int>(22),
					Description: pulumi.String("Allow inbound SSH (TCP 22) from anywhere"),
					CidrBlocks:  pulumi.StringArray{pulumi.String("0.0.0.0/0")},
				},
				ec2.SecurityGroupIngressArgs{
					Protocol:    pulumi.String("udp"),
					ToPort:      <http://pulumi.Int|pulumi.Int>(51280),
					FromPort:    <http://pulumi.Int|pulumi.Int>(51280),
					Description: pulumi.String("Allow Wireguard VPN (UDP 51280) from anywhere"),
					CidrBlocks:  pulumi.StringArray{pulumi.String("0.0.0.0/0")},
				},
			},
			Egress: ec2.SecurityGroupEgressArray{
				ec2.SecurityGroupEgressArgs{
					Protocol:    pulumi.String("-1"),
					ToPort:      <http://pulumi.Int|pulumi.Int>(0),
					FromPort:    <http://pulumi.Int|pulumi.Int>(0),
					Description: pulumi.String("Allow all outbound traffic"),
					CidrBlocks:  pulumi.StringArray{pulumi.String("0.0.0.0/0")},
				},
			},
		})
🙌 1