No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

which type of load balancer? are you using fargate or just ec2 instances?

typescript, but any language example is ok

I'm making slow progress so far, this is essentially what i have. next step is to create an ASG and LB - with the user data script

```import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
import * as fs from 'fs';

// Allocate a new VPC with the default settings:
const vpc = new awsx.ec2.Vpc("ci-cd", {
    // runners will be available in multiple zones
    numberOfAvailabilityZones: 2,
    // this is the smallest cidr block that we can use - 64 IPs
    // split across 4 subnets - 16 per subnet, minimum enforced by aws
    cidrBlock: "10.0.0.0/26"
});

// Export a few resulting fields to make them easy to use:
export const vpcId: pulumi.Output&lt;string&gt; = vpc.id;
export const vpcPrivateSubnetIds: Promise&lt;pulumi.Output&lt;string&gt;[]&gt; = vpc.privateSubnetIds;
export const vpcPublicSubnetIds: Promise&lt;pulumi.Output&lt;string&gt;[]&gt; = vpc.publicSubnetIds;

// create a security group allowing inbound http(s) / ssh  traffic, all outbound traffic
const group = new aws.ec2.SecurityGroup("allow-http-ssh", {
    ingress: [
        { protocol: "tcp", fromPort: 22, toPort: 22, cidrBlocks: ["0.0.0.0/0"] },
        { protocol: "tcp", fromPort: 80, toPort: 80, cidrBlocks: ["0.0.0.0/0"] },
        { protocol: "tcp", fromPort: 443, toPort: 443, cidrBlocks: ["0.0.0.0/0"] },
    ],
    egress: [
        { protocol: "-1", fromPort: 0, toPort: 0, cidrBlocks: ["0.0.0.0/0"] },
    ],
});

// create an ec2 instance in each private subnet for github runner
const userData = fs.readFileSync('./user_data.sh','utf8');```

gives me a few minutes, I have something sort of done here

let me know if this helps:

<https://github.com/jaxxstorm/pulumi-examples/tree/main/typescript/aws/ec2-asg-lb>

looks great I'll try it - I'm guessing `instanceSecurityGroups` needs to be specified somewhere in the CF template. It's not used right now

it goes in the launch template, I'll try figure out what I missed there

<@U026RKHA9GX> refresh the page, pushed a fix