Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
LoadBalancer doesn't verify SecurityGroups
See original GitHub issuecfn-lint version: 0.10.3
Description of issue.
AWS::ElasticLoadBalancingV2::LoadBalancer doesn’t verify that the SecurityGroups property lists group ids. This is wrong and will pass:
Elb:
Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
Properties:
SecurityGroups:
- !Ref SecurityGroup
This is better (also passes):
Elb:
Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
Properties:
SecurityGroups:
- !GetAtt SecurityGroup.GroupId
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:8 (6 by maintainers)
Top Results From Across the Web
Security groups for your Application Load Balancer
If they do not, you can edit the rules for the currently associated security groups or associate different security groups with the load...
Read more >AWS Load Balancers and Security Groups - Nick Coughlin
Understanding the Load Balancer. Understanding Security Groups. Putting It Together. Verify Application is Running; Create Security Groups.
Read more >Application load balancer has unrestricted security group ...
Open the Amazon EC2 console. · On the navigation pane, under LOAD BALANCING, select Load Balancers. · Select the load balancer. · Naviagate...
Read more >ELB Security Group - Trend Micro
If your Elastic Load Balancer (ELB) is configured with a missing security group or a security group that grant access to any ports...
Read more >Troubleshoot your Application Load Balancers - 亚马逊云科技
The security group associated with an instance must allow traffic from the load balancer using the health check port and health check protocol....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
We could drop it in as an “Ixxxx” rule for governance. I think the problem is that too many existing templates (some of them canonical examples from AWS) get flagged as wrong if we set it at any other level.
Since one approach is “sometimes fine” and the other “definitely correct”, would it be valid to always recommend the second one? (Or with a comment that it’s a more resilient interface?)