Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-ec2: Support for Security Group References in a Peered VPC #27345

Closed
2 tasks
gscpw opened this issue Sep 29, 2023 · 2 comments
Closed
2 tasks

aws-ec2: Support for Security Group References in a Peered VPC #27345

gscpw opened this issue Sep 29, 2023 · 2 comments
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged.

Comments

@gscpw
Copy link

gscpw commented Sep 29, 2023

Describe the feature

Security groups from another account can be referenced in peered-VPC setup:
https://aws.amazon.com/about-aws/whats-new/2016/03/announcing-support-for-security-group-references-in-a-peered-vpc/
https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html

The format looks like this:
123456789012/sg-1a2b3c4d

I want to import the security group from a peered VPC into my project, just like this:

const oracleSecurityGroup = ec2.SecurityGroup.fromSecurityGroupId(this, 'dbsg', '123456789012/sg-1a2b3c4d', {
    mutable: false,
    allowAllOutbound: false,
    allowAllIpv6Outbound: false,
});

However, when I do this, I get an error:

Invalid id: "123456789012/sg-1a2b3c4d" (expecting "sg-...") (Service: AmazonEC2; Status Code: 400; Error Code: InvalidGroupId.Malformed; Request ID: ....; Proxy: null)

Use Case

Required to implement proper security when using peered VPCs.

Proposed Solution

Allow importing security groups from different accounts (for peered VPCs).

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.97.0

Environment details (OS name and version, etc.)

Windows Server 2022 Datacenter
@gscpw gscpw added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Sep 29, 2023
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Sep 29, 2023
@gscpw
Copy link
Author

gscpw commented Sep 29, 2023

Figured this one out. It is already supported. Use:

ec2.Peer.securityGroupId('sg-1a2b3c4d', '123456789012')

@gscpw gscpw closed this as completed Sep 29, 2023
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot mentioned this issue Oct 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gscpw