How do I use my own security group for my load balancer when I deploy an Elastic Beanstalk application?

3 minute read
0

I want to create a scalable, load-balanced environment for my AWS Elastic Beanstalk application and specify my own security group for my load balancer.

Short description

Elastic Beanstalk creates a default security group for your load balancer. To attach an existing security group (ManagedSecurityGroup) to your load balancer, override the default behavior. Add more configuration files to an .ebextensions/ directory so that Elastic Beanstalk doesn't create a default security group. The directory is in your application deployment package.

Important: The following steps apply only to Application Load Balancers and Classic Load Balancers. Network Load Balancers don't have an associated security group. You must configure your security groups that are associated with targets to accept traffic from your Network Load Balancer.

Resolution

Use .ebextensions to instruct the Elastic Beanstalk service to attach an existing security group to your load balancer. Then, remove the default security group that Elastic Beanstalk creates for you.

Complete the following steps:

  1. Confirm that there's an existing security group for Elastic Beanstalk to use. Or, create a new security group for the load balancer in your Elastic Beanstalk environment.
  2. Note the ID of your security group. For example: sg-123456.
  3. Create a .ebextensions/ directory in your local application code directory.
  4. In the .ebextensions/ directory, create the file elbsg.config. For example:
    ~/workspace/my-app/
    |-- .ebextensions
    |   |-- elbsg.config  
    |-- helloworld
    Note: For more information, see Advanced environment customization with configuration files (.ebextensions).
  5. Update the elbsg.config file based on the load balancer type of your Elastic Beanstalk environment. For more information, see Distribute Amazon ECS service traffic using load balancing. To create a new environment or update an existing environment with a Classic Load Balancer, use the SecurityGroups setting to override the default security group. For example:
    option_settings:
      aws:elb:loadbalancer:
        ManagedSecurityGroup: "sg-123456"
        SecurityGroups: "sg-123456"
    To create a new environment or update an existing environment with an Application Load Balancer, use the SecurityGroups setting to override the default security group. For example:
    option_settings:
      aws:elbv2:loadbalancer:
        ManagedSecurityGroup: "sg-123456"  
        SecurityGroups: "sg-123456"
    Note: In the preceding examples, replace sg-123456 with your security group and managed security group IDs. The preceding .ebextensions are in YAML format. Be sure that you validate the YAML formatting.
  6. Deploy your code and the new .ebextensions/ directory together as a new application version in your Elastic Beanstalk environment.

Related information

Configuring Elastic Beanstalk environments

aws:elb:loadbalancer

aws:elbv2:loadbalancer

AWS OFFICIAL
AWS OFFICIALUpdated 2 months ago