.securityGroupIngress()
的[CfnSecurityGroup.Builder
取List<Object> securityGroupIngress
。我正在尝试向安全组添加入口规则:
CfnSecurityGroupIngress ingressRule =
CfnSecurityGroupIngress.Builder.create(this, "IngressRule")
.ipProtocol("tcp")
.fromPort(80)
.toPort(80)
.cidrIp("0.0.0.0/0")
.build();
List<Object> ingressRules = new ArrayList<>();
ingressRules.add(ingressRule)
然后:
CfnSecurityGroup.Builder.create(this, "SecurityGroup")
.groupName("ALB-SG")
.groupDescription("Allow traffic from the Internet to the ALB")
.vpcId(vpc.getRef())
.securityGroupIngress(ingressRules) // <--
.build();
[当我尝试编译时,出现以下错误:
Caused by: software.amazon.jsii.JsiiException: Resolution error: Resolution error: Trying to resolve() a Construct at /Resources/${Token[SGStack.SecurityGroup.LogicalID.39]}/Properties/securityGroupIngress/0/node.
对我来说,一个困惑点是List<Object>
所需的.securityGroupIngress()
,因为在CloudFormation中,SecurityGroupIngress
(CfnSecurityGroupIngress)
的AWS::EC2::SecurityGroup
(CfnSecurityGroup)
属性采用Ingress
对象的列表。为什么是List<Object>
而不是List<CfnSecurityGroupIngressProps>
或List<CfnSecurityGroupIngress>
?但最重要的是,如何创建所需的List<Object>
?
使用software.amazon.awscdk.services.ec2.CfnSecurityGroup.IngressProperty
代替CfnSecurityGroupIngress
:
IngressProperty
.builder()
.fromPort(80)
.toPort(80)
.ipProtocol("tcp")
.cidrIp("0.0.0.0/0")
.build()