boundless-author-24618
03/31/2019, 6:10 AMwhite-balloon-205
pulumi-aws
repo so we can look into it. We have several test cases that test things very close to this scenario, so I’m interested in what specific conditions are triggering this in your case.
Cc also @stocky-spoon-28903.stocky-spoon-28903
03/31/2019, 4:21 PMboundless-author-24618
03/31/2019, 8:59 PMconst anyCidr = ['0.0.0.0/0']
const albSecurityGroup = new aws.ec2.SecurityGroup('alb-sg', {
description: 'Enables HTTP inbound and any outbound',
})
const ingressRule = new aws.ec2.SecurityGroupRule('alb-sg-ingress-rule', {
type: 'ingress',
protocol: 'tcp',
fromPort: 80,
toPort: 80,
cidrBlocks: anyCidr,
securityGroupId: albSecurityGroup.id,
})
const egressRule = new aws.ec2.SecurityGroupRule('alb-sg-egress-rule', {
type: 'egress',
protocol: '-1',
fromPort: 0,
toPort: 0,
cidrBlocks: anyCidr,
securityGroupId: albSecurityGroup.id,
})
And here's how I'm applying it to the load balancer:
const loadBalancer = new awsx.elasticloadbalancingv2.ApplicationLoadBalancer(
'primary-alb',
{
external: true,
securityGroups: [albSecurityGroup],
}
)
If you would like to see the full code I will create a repo. Thanksconst listener = loadBalancer.createListener('http-listener', {
port: 80,
})
external: false
on the listener to prevent it from trying to create another security group for the load balancer. It does make sense in that if you just create the listener you would want it to create the load balancer and give it a public security group but if you're creating the load balancer yourself it's a little anti-intuitive because you can't create a load balancer with no security groups. Is this already in the docs somewhere and I just missed it?