Security Group created under ELB with ICMP Protocol

Question

Hi Team,
There is Application Load Balancer which is created and while its creation a security group is also created along with it, when checked in the cloudtrail it shows that it was invoked by "eks.amazonaws.com". 
Is there a way to avoid creation of this security group or particularly manage its inbound and outbound rules?
As there is a ICMP Protocol that is being created in this security group which we do not want to be created.
TIA

Answer

Sounds like AWS load balancer controller you can use this annotation to avoid the auto created security group - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/#security-groups

"alb.ingress.kubernetes.io/security-groups specifies the securityGroups you want to attach to LoadBalancer.

When this annotation is not present, the controller will automatically create one security group, the security group will be attached to the LoadBalancer and allow access from inbound-cidrs to the listen-ports. Also, the securityGroups for Node/Pod will be modified to allow inbound traffic from this securityGroup.

If you specify this annotation, you need to configure the security groups on your Node/Pod to allow inbound traffic from the load balancer. You could also set the manage-backend-security-group-rules if you want the controller to manage the access rules."

Security Group created under ELB with ICMP Protocol

관련 콘텐츠