[Question]: Adding an existing Security Group to an ALB
See original GitHub issueWhen I add an existing security group to elbv2.ApplicationLoadBalancer
CFN still tries to create security group ingress resource. Is this by design? I thought that once you import the SG, ALB would just accept it as is (ISecurityGroup
). Is this not the case or I’m doing something wrong? Do I need to use cfnLoadBalancer
instead? Thanks!
//Import existing VPC
const vpc = ec2.VpcNetwork.importFromContext(this, "VPC", {
vpcId: vpcId
});
//Import existing Security Group
const sg = ec2.SecurityGroup.import(this, "SecurityGroup", {
securityGroupId: securityGroupId
});
//Create an instance of Elastic Load Blancer
const alb = new elbv2.ApplicationLoadBalancer(this, "ALB", {
vpc: vpc,
securityGroup: sg,
ipAddressType: elbv2.IpAddressType.Ipv4
});
Resources:
SecurityGroupfrom000004439CF506C4:
Type: AWS::EC2::SecurityGroupIngress
Properties:
IpProtocol: tcp
CidrIp: 0.0.0.0/0
Description: Allow from anyone on port 443
FromPort: 443
GroupId: sg-xxxxxxx
ToPort: 443
Metadata:
aws:cdk:path: DlvEcsClustersStack/SecurityGroup/from 0.0.0.0_0:443
ALBAEE750D2:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
LoadBalancerAttributes: []
Scheme: internal
SecurityGroups:
- sg-xxxxxxx
Subnets:
- subnet-xxxxxxxx
- subnet-xxxxxxxx
- subnet-xxxxxxxx
Type: application
Metadata:
aws:cdk:path: DlvEcsClustersStack/ALB/Resource
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:16 (11 by maintainers)
Top Results From Across the Web
Security groups for your Application Load Balancer
Update the associated security groups · On the navigation pane, under LOAD BALANCING, choose Load Balancers. · Select the load balancer. · On...
Read more >Adding an existing security group CloudFormation EC2 template
To do this you just add them in your EC2 Resource property directly under SecurityGroupIds: Resources: EC2Instance: Type: AWS::EC2::Instance ...
Read more >aws cdk - Is it possible to add Security Groups to a fargate ...
What I'm trying to do is add an existing security group to the application load balanced fargate service. Is anyone familiar with how...
Read more >Questions tagged with Security Group - AWS re:Post
In the case of alb, I know that all server communication is done through alb, so I think alb alone is fine, but...
Read more >AWS Security Group: Best Practices & Instructions - CoreStack
By default, the AWS EC2 Launch Wizard will encourage you to create a new security group for each EC2 instance. The problem here,...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Same issue here. Any updates on this? Importing only creates new SGs and ignores the security group id passed into it
SecurityGroup.fromSecurityGroupId
now takes an “options” struct which allows making imported security groups immutable.