.securityGroupIngress()的[CfnSecurityGroup.Builder取List<Object> securityGroupIngress。我正在尝试向安全组添加入口规则:
CfnSecurityGroupIngress ingressRule =
CfnSecurityGroupIngress.Builder.create(this, "IngressRule")
.ipProtocol("tcp")
.fromPort(80)
.toPort(80)
.cidrIp("0.0.0.0/0")
.build();
List<Object> ingressRules = new ArrayList<>();
ingressRules.add(ingressRule)
然后:
CfnSecurityGroup.Builder.create(this, "SecurityGroup")
.groupName("ALB-SG")
.groupDescription("Allow traffic from the Internet to the ALB")
.vpcId(vpc.getRef())
.securityGroupIngress(ingressRules) // <--
.build();
[当我尝试编译时,出现以下错误:
Caused by: software.amazon.jsii.JsiiException: Resolution error: Resolution error: Trying to resolve() a Construct at /Resources/${Token[SGStack.SecurityGroup.LogicalID.39]}/Properties/securityGroupIngress/0/node.
对我来说,一个困惑点是List<Object>所需的.securityGroupIngress(),因为在CloudFormation中,SecurityGroupIngress (CfnSecurityGroupIngress)的AWS::EC2::SecurityGroup (CfnSecurityGroup)属性采用Ingress对象的列表。为什么是List<Object>而不是List<CfnSecurityGroupIngressProps>或List<CfnSecurityGroupIngress>?但最重要的是,如何创建所需的List<Object>?
使用software.amazon.awscdk.services.ec2.CfnSecurityGroup.IngressProperty代替CfnSecurityGroupIngress:
IngressProperty
.builder()
.fromPort(80)
.toPort(80)
.ipProtocol("tcp")
.cidrIp("0.0.0.0/0")
.build()