https://pulumi.com logo
#aws
Title
# aws
f

fresh-noon-64640

12/04/2023, 5:37 AM
Is there a simple way to block ingress via a security group for a Fargate service? I don't want to create a VPC for the service, but whatever one it lands in.
g

gifted-gigabyte-53859

12/04/2023, 6:47 AM
Not sure about fargate specifically, but for security groups in general they are whitelist activated.So a blank security group will allow nothing in or out. You have to explicitly add allows onto it. So you could check if any security groups are being added automatically on your Fargate service, and either modify them or replace them. If none exist, create a new blank security group (probably with allow 0.0.0.0/0 outbound, if required) and add it onto the service?
f

fresh-noon-64640

12/04/2023, 7:20 AM
OO. One is being added automatically (I am not defining it). Could I then grab that SG after and edit it. Is there some docs to put me in the right direction?
g

gifted-gigabyte-53859

12/04/2023, 7:28 AM
Depends on if AWS is adding the group, or if Pulumi is. Are you using the Crosswalk provider? Check the pulumi provider documentation for the provider you're using and see if it exposes the security group as an Output. If yes, then you can edit it. If not, then to my knowledge you'll have to create it manually yourself with Pulumi. Or perhaps import it on the fly? I'm not sure what the other languages allow, since I use yaml. https://www.pulumi.com/registry/packages/awsx/api-docs/ecs/fargateservice/
f

fresh-noon-64640

12/05/2023, 2:22 AM
So I was able to sort of get it but I seem to got stuck with Output<string | undefined> and I cannot figure for the life of me how to get it to just be a string.
g

gifted-gigabyte-53859

12/05/2023, 2:25 AM
What language are you using?
f

fresh-noon-64640

12/05/2023, 2:25 AM
Typescript, not by choice
g

gifted-gigabyte-53859

12/05/2023, 2:26 AM
Ok, can't help sorry. I have used yaml only