No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

image.png

Whenever I pass a listener to my external ALB created with crosswalk’s help I expose my service to the entire world, even though my custom security group rules restrict traffic to my ip address only. Is there a way to disable this behaviour and still use awsx?
<https://github.com/pulumi/pulumi-awsx/blob/master/nodejs/awsx/lb/application.ts#L231-L249>
```const http = new aws.ec2.SecurityGroup(
  `${sharedPrefix}-http`,
  {
    name: `${sharedPrefix}-http`,
    ingress: [
      {
        fromPort: 80,
        toPort: 80,
        protocol: 'TCP',
        cidrBlocks: [...whitelisted],
      },
    ],
    vpcId: vpc.id,
    tags: overridenTags,
  },
  { deleteBeforeReplace: true }
);

const https = new aws.ec2.SecurityGroup(
  `${sharedPrefix}-https`,
  {
    name: `${sharedPrefix}-https`,
    ingress: [
      {
        fromPort: 443,
        toPort: 443,
        protocol: 'TCP',
        cidrBlocks: [...whitelisted],
      },
    ],
    vpcId: vpc.id,
    tags: overridenTags,
  },
  { deleteBeforeReplace: true }
);
const alb = new awsx.lb.ApplicationLoadBalancer(albName, {
  name: albName,
  external: true,
  vpc: vpc,
  subnets: vpc.publicSubnetIds,
  securityGroups: [http.id, https.id],
  tags: overridenTags,
});```