Add security group examples

[cremich]

It would be great do find some examples how to create new security groups with ingress and egress rules. Currently its hard to find some hints how to provide the parameters for addIngressRule of a newly created securitygroup.

Here a short typescript sample that creates a new vpc, a security-group and an ec2-instance. Maybe it is helpul:

    const vpc = new ec2.VpcNetwork(this, 'NewVPC');

    let mySecurityGroup = new ec2.SecurityGroup(this, 'NewSecurityGroup', {
      description: 'Allow ssh access to ec2 instances',
      groupName: 'ec2-ssh-access',
      vpc: vpc
    });
    mySecurityGroup.addIngressRule(new ec2.AnyIPv4(), new ec2.TcpPort(22), 'allow ssh access from any ipv4 ip');

    new ec2.cloudformation.InstanceResource(this, 'Ec2Instance', {
        imageId: ' ami-0f5dbc86dd9cbf7a8',
        securityGroupIds: [ mySecurityGroup.securityGroupId],
        instanceType: 't2.micro',
        tags: [{
          key: 'Name',
          value: 'my-new-ec2-instance'
        }]
    });

[rix0rrr]

Your problem is caused by the fact that we don't have an abstraction for EC2::Instance yet.

Normally, constructs with SecurityGroups have a .connections member, and you'll manipulate their rules like this:

instance.connections.allowFromAnywhere(new ec2.TcpPort(22));

But yes, unfortunately we don't have an L2 for Instance yet, only for AutoScalingGroup.

[rix0rrr]

It might bear mentioning in the docs anyway.

[Doug-AWS]

Are we talking about the guide or the reference? Please add the appropriate tag.

Is this something we still need? If so, I'll add it to the CDK Guide project.

[eladb]

No need

[eladb]

You know what? Maybe take a look at the ec2 readme file and see if there’s something to be added

This seems to be covered by this one over in the CDK Guide repo. I'll link that back here for context. awsdocs/aws-cdk-guide#59