Cannot specify existing SecurityGroup for autoscaling.AutoScalingGroup

Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository’s issues are intended for feature requests and bug reports.

• I’m submitting a …

  • 🪲 bug report
  • [x ] 🚀 feature request
  • 📚 construct library gap
  • ☎️ security issue or vulnerability => Please see policy
  • ❓ support request => Please see note at the top of this template.

• What is the current behavior? If the current behavior is a 🪲bug🪲: Please provide the steps to reproduce

Currently the AutoScalingGroup always creates a new SecurityGroup per auto-scaling-group.js:

        this.securityGroup = new ec2.SecurityGroup(this, 'InstanceSecurityGroup', {
            vpc: props.vpc,
            allowAllOutbound: props.allowAllOutbound !== false
        });

• What is the expected behavior (or behavior of feature suggested)?

Ideally we could specify an existing ec2.SecurityGroup that could be used.

• What is the motivation / use case for changing the behavior or adding this feature?

Corporate policy forbids ordinary users like myself from creating security groups, so all attempts to use AWS CDK will result in 403 forbidden unless I can use an existing security group.

• Please tell us about your environment:

  • CDK CLI Version: 1.1.0 (build 1a11e96)
  • Module Version: aws-autoscaling@1.1.0
  • OS: OSX Mojave
  • Language: TypeScript

• Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)