Reputation: 2708
In Elastic Beanstalk, how to set existing security group to load balancer with .ebextensions?
I'm trying to set existing Security Group for the ELB in my Elastic Beanstalk application with .ebextensions.
For some reason, .configs like
option_settings:
aws:elb:loadbalancer:
SecurityGroups: sg-abcd1234
Don't seem to do anything. Also, since that existing SG is strictly defined, I don't want to use ManagedSecurityGroup since that would modify the existing SG.
Any ideas how to achieve this? Help would be highly appreciated.
Upvotes: 3
Views: 2855
Answers (2)
Reputation: 31
The question is the namespace of Application Load Balancer aws:elbv2 (different from Elastic Load Balancer classic aws:elb)
this works in ALB
option_settings:
- namespace: aws:elbv2:loadbalancer
option_name: ManagedSecurityGroup
value: sg-XXXXXXXX
- namespace: aws:elbv2:loadbalancer
option_name: SecurityGroups
value: sg-XXXXXXXX
Upvotes: 2
Reputation: 18918
You can specify your own security groups for your ELB with SecurityGroups option setting and beanstalk will associate your ELB with that security group. In addition beanstalk will create a new security group which allows ingress and egress on HTTP port 80 on that new security group. Beanstalk will not modify the security group you specified in the option setting above.
When you say it doesn't seem to be doing anything, do you mean it is not attached to the ELB? It should get attached to the ELB in addition to a new security groups. Can you confirm by checking the security groups associated with your ELB in the ELB console.
If you do not want beanstalk to create a new security group, then you can specify that security group managed security group option setting as well but that would update your security group and also provide ingress from that security group to your EC2 security groups.
If you don't want your security group to be modified then using the option setting is the way to go. It will create a new security group and attach both the new security group and your security group to the ELB. If you can explain what specific issues you are having with this setup, then I can explain more.
Upvotes: 1
Related Questions
- Elastic Beanstalk deployment failing because of a dangling security group
- Elastic Beanstalk: Migrate DB Security Group to VPC Security Group
- 413 Request Entity Too Large - Elastic Beanstalk + Load Balancer + Node.js application
- Elastic Beanstalk Autoscaling Group Lifecycle Hooks
- How to associate existing autoscaling group to elastic beanstalk environment?
- Elastic Beanstalk .ebextensions ignored in WAR
- How Do I Specify a Security Group for Elastic Beanstalk Launch Configuration in CloudFormation Template?
- Deploy a .NET Windows Service with Amazon Elastic Beanstalk with no Web Application