Comments (15)
Try this
EC2_SecurityGroup("SampleGroup") {
VpcId Ref("VPC")
GroupDescription "My group"
SecurityGroupIngress { IpProtocol "tcp" }
}
Renders:
"SampleGroup": {
"Properties":{
"VpcId":"asdfasdf",
"GroupDescription":"Sample group",
"SecurityGroupIngress":[{"IpProtocol":"tcp"}]
},
"Type":"AWS::EC2::SecurityGroup"}}}
}
from cfndsl.
(If you insist on wanting to pass in a hash to the SecurityGroupIngress property, effectively bypassing cfndsl's type contructor for the property, you have to do it this way
EC2_SecurityGroup("SampleGroup"){
VpcId Ref("VpcId")
GroupDescription "Sample group"
SecurityGroupIngress( {:IpProtocol=>"tcp"} )
}
There is lots of weirdness going on here. First, array type property declarations are designed to append a single item on to the list of items. If you pass it an array, it dutifully pushes the array on to the collected list of objects. Also, when you use this form, cfndsl assumes that you know what you are doing, sometimes this is a good thing in that it lets you pass in a hash representing an AWS type that has not been fully supported in cfndsl yet, but often, it just confuses people.
Another part of the weirdness has to do with ruby. Ruby lets you make function calls on a single argument without explicit parenthesis. This is what your original SecurityGroupIngess declaration was doing, with an array as an argument. However, you cannot pass a hash this way, as the ruby interpreter thinks that you are passing a code block. This is why my second example has explicit paranthesis...
from cfndsl.
@tbenade did this help you out?
from cfndsl.
My apologies @stevenjack & @howech I have not had a try yet. I will look at it shortly. One thing I would say is the types yaml https://github.com/stevenjack/cfndsl/blob/master/lib/cfndsl/aws_types.yaml states the expectation is an array, hence me wanting to use an array.
Given CloudFormation supports an array in the API will the DSL support defining more than one rule?
from cfndsl.
NetworkInterfaces in EC_Instance is of a similar format and this seem to generate without the nested array.
AWS_EC2_Instance("myInstance") {
ImageId "myAMI"
InstanceType "m3.medium"
KeyName "myKey"
NetworkInterfaces [
{
"AssociatePublicIpAddress" => "true",
"DeleteOnTermination" => "true",
"Description" => "Primary network interface",
"DeviceIndex" => 0,
"GroupSet" => ["mySG1"],
"SubnetId" => "mySubnet1"
},
{
"AssociatePublicIpAddress" => "true",
"DeleteOnTermination" => "true",
"Description" => "Secondary network interface",
"DeviceIndex" => 1,
"GroupSet" => ["mySG2"],
"SubnetId" => "mySubnet2"
}
]
}
generates
"myInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"NetworkInterfaces" : [
{
"DeviceIndex" : 0,
"SubnetId" : "mySubnet1",
"Description" : "Primary network interface",
"GroupSet" : [
"mySG1"
],
"AssociatePublicIpAddress" : "true",
"DeleteOnTermination" : "true"
},
{
"SubnetId" : "mySubnet2",
"Description" : "Secondary network interface",
"DeviceIndex" : 1,
"GroupSet" : [
"mySG2"
],
"DeleteOnTermination" : "true",
"AssociatePublicIpAddress" : "true"
}
],
"KeyName" : "myKey",
"ImageId" : "myAMI",
"InstanceType" : "m3.medium"
}
from aws_types.yaml
"AWS::EC2::SecurityGroup" :
Properties:
....
SecurityGroupIngress: [ EC2SecurityGroupRule ]
SecurityGroupEgress: [ EC2SecurityGroupRule ]
"AWS::EC2::Instance" :
Properties:
....
NetworkInterfaces : [ NetworkInterfaceType ]
....
from cfndsl.
As mentioned in #109 my workaround (for the moment) is to remove the [ ... ]
from aws_types.yaml
"AWS::EC2::SecurityGroup" :
Properties:
....
SecurityGroupIngress: EC2SecurityGroupRule
SecurityGroupEgress: EC2SecurityGroupRule
then I can use
EC2_SecurityGroup("mySG") {
VpcId "myVPC"
SecurityGroupIngress [
{
"CidrIp" => "10.0.0.0/8",
"IpProtocol" => "tcp",
"FromPort" => "22",
"ToPort" => "2"
},
{
"CidrIp" => "10.0.0.0/8",
"IpProtocol" => "tcp",
"FromPort" => "80",
"ToPort" => "80"
},
{
"CidrIp" => "10.0.0.0/8",
"IpProtocol" => "tcp",
"FromPort" => "443",
"ToPort" => "443"
},
{
"CidrIp" => "10.0.0.0/8",
"IpProtocol" => "tcp",
"FromPort" => "3389",
"ToPort" => "3389"
},
]
}
from cfndsl.
I've looked at the comments in #107 but am still having problems with SecurityGroupIngress/SecurityGroupEgress where a list of rules is to be applied. (see previous comment in this issue for an example of what I'm trying to do).
from cfndsl.
I admit I am having problems with this too. A list of rules in Ingress/Egress only works if I do what @yumpy is doing above and remove the brackets around EC2SecurityGroupRule
. I'm not sure if I'm working around a real problem or just not seeing a Better Way to pass a list of rules to a security group.
from cfndsl.
I've still not found a way to get this to work without removing the brackets around EC2SecurityGroupRule
. If anyone has managed to get it working please could you post an example here. Thanks.
from cfndsl.
@yumpy Here's how I got it to work with a single entry:
SecurityGroupIngress( { :IpProtocol=>"tcp", :FromPort=>"22", :ToPort=>"22", :CidrIp=>"0.0.0.0/0" } )
from cfndsl.
updated due to mistake
Thanks @rmurphy-stelligent. That works well. Any ideas on multiple entries?
eg to generate
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"FromPort": 22,
"IpProtocol": "tcp",
"ToPort": 22
},
{
"CidrIp": "0.0.0.0/0",
"FromPort": 3389,
"IpProtocol": "tcp",
"ToPort": 3389
}
],
from cfndsl.
I think I may have identified the issue here. aws_types
has the following entries
"AWS::EC2::SecurityGroup" :
Properties:
SecurityGroupIngress: [ EC2SecurityGroupRule ]
"AWS::ElasticLoadBalancing::LoadBalancer" :
Properties:
Listeners: [ Listener ]
So you would expect the following to work
EC2_SecurityGroup('WebSecurityGroup') {
SecurityGroupIngress [
EC2SecurityGroupRule {
IpProtocol 'tcp'
ToPort '80'
}
EC2SecurityGroupRule {
IpProtocol 'tcp'
ToPort '22'
},
]
}
ElasticLoadBalancing_LoadBalancer('WebLoadBalancer') {
Listeners [
Listener {
LoadBalancerPort 80
}
Listener {
LoadBalancerPort 80
},
]
}
The LoadBalancer
works fine but the SecurityGroup
complains about EC2SecurityGroupRule
being not found.
The issue is at https://github.com/stevenjack/cfndsl/blob/master/lib/cfndsl/CloudFormationTemplate.rb#L100-L129
it takes Listeners
converts to singular and expects the internal entry to be called Listener
. This means you can make the first example work by doing the following
EC2_SecurityGroup('WebSecurityGroup') {
SecurityGroupIngress [
SecurityGroupIngress {
IpProtocol 'tcp'
ToPort '80'
}
SecurityGroupIngress {
IpProtocol 'tcp'
ToPort '22'
},
]
}
So I'm not sure here what is actually wanted. Does aws_types.yaml
define what things should be called. So should it be called EC2SecurityGroupRole
or is it always just the singular?
from cfndsl.
I have a feeling we should actually use EC2SecurityGroupRole
since I get a wierd double show up when I try the other way. I have some code locally to make that work if it is what we want.
from cfndsl.
@johnf thanks for running with this. I look forward to your PR being merged.
from cfndsl.
FYI 0.8.3 implemented breaking changes for those who used the workaround I mentioned in December of 2015. Be ready to update the syntax before upgrading.
from cfndsl.
Related Issues (20)
- undefined method `EC2_LaunchTemplate' for #<CfnDsl::CloudFormationTemplate:...> (NoMethodError) HOT 1
- gitter.im link is broken (gives 404 not found) HOT 2
- Where should we define custom helper methods? HOT 1
- Possible regressions 0.17.5 -> 1.0.0 HOT 8
- Resources ["Foo"] refer to unknown Reference AWS::Partition HOT 4
- Typo in README examples
- CloudFrontOriginAccessIdentity is an undefined method HOT 4
- Issue with DSL generation from cli arguments HOT 1
- unknown type AWSResourceGroupsGroupJson HOT 1
- Shorthand method of accessing resource attributes via FnSub fails reference checks HOT 1
- Outdated assertion in Readme HOT 1
- SecurityGroupIngress is always an array - 1.1.1 HOT 2
- Task: Generate types from CloudFormation resource registry schemas
- Freeze specifications version HOT 2
- Allow ruby versions until eol
- Missing Support for the TimeZone property of AWS::AutoScaling::ScheduledAction HOT 1
- List ItemType in the specification file breaking template generation with spec version 69.0.0 HOT 1
- AWS::CloudFormation::Interface HOT 4
- Missing AWS::ElasticLoadBalancingV2::LoadBalancer SubnetMapping HOT 2
- Undefined method `Name' for `CfnDsl::AWS::Types::AWS_SSM_Association` HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cfndsl.