CODEWITHSUNDEEP
amazon-web-servicesaws-cdk
Stupid.Fat.Cat
Stupid.Fat.Cat

Reputation: 11325

Is it possible to add Security Groups to a fargate service in AWS with cdk 1.32?

For internal reasons we're locked into CDK 1.32 which has a lot of missing features such as adding a security group to an application load balancer

This is what I'm trying to accomplish

const sg_port_80 = ec2.SecurityGroup.fromSecurityGroupId(this, 'SG', props.sg_port_80, {
    mutable: false
})
this.fargateService = new ecs_patterns.ApplicationLoadBalancedFargateService(this, 'MyFargateService', {
    cluster: props.ecsCluster,
    cpu: 256,
    desiredCount: 1,
    taskImageOptions: {image: ecs.ContainerImage.fromRegistry('amazon/amazon-ecs-sample')},
    memoryLimitMiB: 512,
    publicLoadBalancer: true,
    securityGroups: [sg_port_80]
})

The problem with this is that it doesn't work with CDK 1.32. What I'm trying to do is add an existing security group to the application load balanced fargate service. Is anyone familiar with how I would be able to accomplish this in CDK 1.32?

Upvotes: 2

Views: 4327

Answers (1)

Christian
Christian

Reputation: 51

To add a securit group to the load balancer, you can call .addSecurityGroup() on the loadbalancer construct.

...

const service = new ApplicationLoadBalancedFargateService(
  this,
  'yourService123',
  {
    cluster: this.cluster,
    taskDefinition,
    listenerPort: 1234, //your port
    publicLoadBalancer: false,
    securityGroups: [yourSecurityGroup],
  }
);

service.targetGroup.configureHealthCheck({
  port: healthCheckPort.toString(),
  healthyThresholdCount: 2,
  unhealthyThresholdCount: 4,
});

// FOLLOWING LINE ADDS A SECURTY GROUP TO ALB
service.loadBalancer.addSecurityGroup(yourSecurityGroup);
...

Upvotes: 1

Related Questions