Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Question]: Adding an existing Security Group to an ALB

See original GitHub issue

When I add an existing security group to elbv2.ApplicationLoadBalancer CFN still tries to create security group ingress resource. Is this by design? I thought that once you import the SG, ALB would just accept it as is (ISecurityGroup). Is this not the case or I’m doing something wrong? Do I need to use cfnLoadBalancer instead? Thanks!

 //Import existing VPC
    const vpc = ec2.VpcNetwork.importFromContext(this, "VPC", {
      vpcId: vpcId     

    //Import existing Security Group
    const sg = ec2.SecurityGroup.import(this, "SecurityGroup", {
      securityGroupId: securityGroupId

    //Create an instance of Elastic Load Blancer
    const alb = new elbv2.ApplicationLoadBalancer(this, "ALB", {
      vpc: vpc,
      securityGroup: sg,
      ipAddressType: elbv2.IpAddressType.Ipv4
    Type: AWS::EC2::SecurityGroupIngress
      IpProtocol: tcp
      Description: Allow from anyone on port 443
      FromPort: 443
      GroupId: sg-xxxxxxx
      ToPort: 443
      aws:cdk:path: DlvEcsClustersStack/SecurityGroup/from
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
      IpAddressType: ipv4
      LoadBalancerAttributes: []
      Scheme: internal
        - sg-xxxxxxx
        - subnet-xxxxxxxx
        - subnet-xxxxxxxx
        - subnet-xxxxxxxx
      Type: application
      aws:cdk:path: DlvEcsClustersStack/ALB/Resource

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:1
  • Comments:16 (11 by maintainers)

github_iconTop GitHub Comments

ali-habibzadehcommented, Apr 16, 2019

Same issue here. Any updates on this? Importing only creates new SGs and ignores the security group id passed into it

rix0rrrcommented, Oct 30, 2019

SecurityGroup.fromSecurityGroupId now takes an “options” struct which allows making imported security groups immutable.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Security groups for your Application Load Balancer
Update the associated security groups · On the navigation pane, under LOAD BALANCING, choose Load Balancers. · Select the load balancer. · On...
Read more >
Adding an existing security group CloudFormation EC2 template
To do this you just add them in your EC2 Resource property directly under SecurityGroupIds: Resources: EC2Instance: Type: AWS::EC2::Instance ...
Read more >
aws cdk - Is it possible to add Security Groups to a fargate ...
What I'm trying to do is add an existing security group to the application load balanced fargate service. Is anyone familiar with how...
Read more >
Questions tagged with Security Group - AWS re:Post
In the case of alb, I know that all server communication is done through alb, so I think alb alone is fine, but...
Read more >
AWS Security Group: Best Practices & Instructions - CoreStack
By default, the AWS EC2 Launch Wizard will encourage you to create a new security group for each EC2 instance. The problem here,...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found