SecurityGroup: add support for adding Ingress Rules that reference Security Groups from a Peered VPC #7111

RolandOtta · 2020-04-01T08:11:37Z

Use Case

we have multiple sub accounts that are connected with vpc peering.
we need to manage security-groups that reference security-groups from a peered account like it is possible in cloudformation with
SourceSecurityGroupOwnerId and
SourceSecurityGroupId in the AWS::EC2::SecurityGroup

from what i have seen so far this is not possible with the addIngressRule method of the ec2 securitygroup

Proposed Solution

Other

👋 I may be able to implement this feature request
⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

rix0rrr · 2020-04-16T10:08:59Z

This needs an additional implementation of IPeer.

singlewind · 2020-11-12T11:46:24Z

Can write like this

const incomingSecurityGroup = new SecurityGroup(
      this,
      "IncomingSecurityGroup",
      {
        vpc: imports.vpc,
        allowAllOutbound: true,
      }
    );

incomingSecurityGroup.addIngressRule(incomingSecurityGroup, Port.tcp(props.lokiHttpPort), 'Internal HTTP');
incomingSecurityGroup.addIngressRule(incomingSecurityGroup, Port.tcp(props.lokiGrpcPort), 'Internal GRPC');
incomingSecurityGroup.addIngressRule(incomingSecurityGroup, Port.tcp(props.lokiMemberlistPort), 'Internal Memberlist');

dev-d · 2021-03-01T18:40:35Z

Not sure how @singlewind 's solution solves the problem.

Tried using ec2.CfnSecurityGroupIngress - in theory it should work, but It did not.

mikeatlas · 2021-05-05T00:20:11Z

@dev-d Any luck since posting?
@rix0rrr I might be up for making said IPeer implementation PR...

singlewind · 2021-09-22T23:37:04Z

Not sure how @singlewind 's solution solves the problem.

Tried using ec2.CfnSecurityGroupIngress - in theory it should work, but It did not.

Sorry, I misunderstood the problem.

Allows users to add ingress/egress security group rules containing a security group id using the Peer interface. Implements aws#7111

Allows users to add ingress/egress security group rules containing a security group id using the Peer interface. Implements #7111 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Allows users to add ingress/egress security group rules containing a security group id using the Peer interface. Implements aws#7111 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

therealvio · 2022-03-04T00:52:36Z

Any updates on this?

Connecting vpc-peered security groups is something we are looking to do too :)

BDeus · 2022-09-14T15:52:59Z

maybe it can be closed, because there are an implementation of Peer SG with another account ?
Peer.securityGroupId(sgId, accoungId)

MrArnoldPalmer · 2023-01-25T23:34:11Z

This was solved by #18248, reopen if you're still having an issue. Thanks

github-actions · 2023-01-25T23:34:32Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

RolandOtta added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Apr 1, 2020

SomayaB added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Apr 3, 2020

SomayaB assigned rix0rrr Apr 3, 2020

rix0rrr added effort/small Small work item – less than a day of effort good first issue Related to contributions. See CONTRIBUTING.md labels Apr 16, 2020

SomayaB removed the needs-triage This issue or PR still needs to be triaged. label May 19, 2020

rix0rrr added the p2 label Aug 12, 2020

rix0rrr removed their assignment Jun 3, 2021

jacobklitzke mentioned this issue Jan 3, 2022

feat(ec2): create Peers via security group ids #18248

Merged

MrArnoldPalmer closed this as completed Jan 25, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SecurityGroup: add support for adding Ingress Rules that reference Security Groups from a Peered VPC #7111

SecurityGroup: add support for adding Ingress Rules that reference Security Groups from a Peered VPC #7111

RolandOtta commented Apr 1, 2020

rix0rrr commented Apr 16, 2020

singlewind commented Nov 12, 2020 •

edited

dev-d commented Mar 1, 2021

mikeatlas commented May 5, 2021 •

edited

singlewind commented Sep 22, 2021

therealvio commented Mar 4, 2022

BDeus commented Sep 14, 2022

MrArnoldPalmer commented Jan 25, 2023

github-actions bot commented Jan 25, 2023

SecurityGroup: add support for adding Ingress Rules that reference Security Groups from a Peered VPC #7111

SecurityGroup: add support for adding Ingress Rules that reference Security Groups from a Peered VPC #7111

Comments

RolandOtta commented Apr 1, 2020

Use Case

Proposed Solution

Other

rix0rrr commented Apr 16, 2020

singlewind commented Nov 12, 2020 • edited

dev-d commented Mar 1, 2021

mikeatlas commented May 5, 2021 • edited

singlewind commented Sep 22, 2021

therealvio commented Mar 4, 2022

BDeus commented Sep 14, 2022

MrArnoldPalmer commented Jan 25, 2023

github-actions bot commented Jan 25, 2023

⚠️COMMENT VISIBILITY WARNING⚠️

singlewind commented Nov 12, 2020 •

edited

mikeatlas commented May 5, 2021 •

edited