https://pulumi.com logo
#aws
Title
# aws
w

wide-photographer-21993

05/01/2023, 11:38 PM
if so, can anyone explain why:
Copy code
const alb = new awsx.classic.lb.ApplicationLoadBalancer(
    "net-lb", { external: true, securityGroups: cluster.securityGroups });
This adds 443 to the cluster sg, which then is also the lb sg, and leaves the
0.0.0.0/0
ALL
rule there, as well as
0.0.0.0/0
ssh
22
ingress, which is insecure.
m

millions-furniture-75402

05/02/2023, 2:46 PM
I can you you that I've had issues with this and I can show you my solution
Copy code
const alb = new awsx.lb.ApplicationLoadBalancer(
  `${appName}-lb`,
  {
    loadBalancer: new aws.lb.LoadBalancer(`${appName}-alb`, {
      accessLogs: {
        bucket: logBucketId,
        enabled: true,
        prefix: appName,
      },
      dropInvalidHeaderFields: true,
      internal: false,
      securityGroups: [albSecurityGroup.id],
      subnets: publicSubnetIds,
    }),
    securityGroups: [],
    vpc: vpc.vpc,
  },
  {
    dependsOn: albSecurityGroup,
  },
);
3 Views