I am using cloudformation to create a SimpleAD; By default AWS creates a security group which opens a bunch of ports to the internet 0.0.0.0/0 The port opened are the following; UDP 445, 138, 464, 389, 53, 123, 88 TCP 464, 389, 445, 3268-3269, 1024 - 65535, 88, 135, 636, 53 ICMP ALL
The AWS environment has a WatchDog which sees any outbound security group line going to 0.0.0.0/0 and deletes it
I am now planning to create a custom security group which will open these ports within the VPC CIDR and want to assign this to the SimpleAD
For this we will need to assign the same to the Network Interface. My Question is how will I find the network interface already existing for this Simple AD and assign this
I am thinking boto3 is the way to go; has anyone done this in cloudformation?
I was not able to assign a security group to the AD via boto; however, I did the following
Found the Security group associated with the AD; edited the security group to be restricted to the VPC
if anyone is interested in the code please ping me and I will send it over
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加