https://pulumi.com
Join Slack
This message was deleted.
# general
s
This message was deleted.
m
This feels familiar. I believe I ended up using awsx for the security group as well.
Copy code
const appSecurityGroup = new awsx.ec2.SecurityGroup(`${appName}-sg`, {
  ingress: [{ fromPort: 3000, toPort: 3000, protocol: "tcp", cidrBlocks: ["0.0.0.0/0"] }],
  egress: [{ fromPort: 0, toPort: 0, protocol: "-1", cidrBlocks: ["0.0.0.0/0"] }],
  vpc,
});

const lbSecurityGroup = new awsx.ec2.SecurityGroup(`${appName}-default-http-and-https`, {
  egress: [{ fromPort: 3000, toPort: 3000, protocol: "tcp", sourceSecurityGroupId: appSecurityGroup.id }],
  vpc,
});

const alb = new awsx.lb.ApplicationLoadBalancer(`${appName}-lb`, {
  external: true,
  securityGroups: [lbSecurityGroup],
  subnets: vpc.publicSubnetIds,
  vpc,
});
as an example
g
I believe the warning about duplicate security rule is because Pulumi is creating the new rule (with 
toPort: 65534
) before deleting the old rule and the port ranges overlap - 
0-65535
is inclusive of 
0-65534
. So they are effectively duplicate.
You can tell Pulumi to delete the previous resource before creating the new one with 
deleteBeforeReplace
. e.g.
Copy code
new aws.ec2.SecurityGroupRule(`sg-ingress-alb-to-containers`, {
  type: 'ingress',
  description: 'Allow all traffics from ALB to ECS containers',
  protocol: 'all',
  fromPort: 0,
  toPort: 65534,
  cidrBlocks: ["0.0.0.0/0"],
  securityGroupId: albSg.id,
}, {
  deleteBeforeReplace: true
});
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by