I am using the AWS CDK to create an ApplicationLoadBalancer
which has port 80 accepting external connections.
I want to use port 8080 of target to health check port.
const lb = new elb.ApplicationLoadBalancer(this, "LB", {
vpc: cluster.vpc,
loadBalancerName : loadBalancerName,
internetFacing: true,
vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },
});
const listener = lb.addListener("Listener", { port: 80 });
const targetGroup = listener.addTargets("ECS", {
protocol: elb.ApplicationProtocol.HTTP,
port: 80,
targets: [ecsAdminService]
});
targetGroup.configureHealthCheck({
path: "/",
port: "8080"
})
In this case ApplicationLoadBalancer
makes the security group automatically.
However, it has an outbound rule only port 80
. I want to add anoutbound rule port 8080
How can I change the security group so it is automatically generated?
CodePudding user response:
When you create a Load Balancer with CDK if a security group isn't provided, the CDK will be automatically create a Security Group for you.
So, if want to manage the Security group rules, you can create a Security Group with the rules that you need and attach to the created ALB:
const securityGroup1 = new ec2.SecurityGroup(this, 'SecurityGroup1', { vpc });
securityGroup1.addIngressRule(
ec2.Peer.anyIpv4(),
ec2.Port.tcp(80),
'allow HTTP traffic from anywhere',
);
const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', {
vpc,
internetFacing: true,
securityGroup: securityGroup1, // Optional - will be automatically created otherwise
});