By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Using Java CDK V2 how can I set this "enforceSecurityGroupInboundRulesOnPrivateLinkTraffic " to false when using the NetworkLoadBalancedFargateService construct

0

I have a REST API forwarding calls to a private NLB using a VPC link. The issue that I have is with the enforceSecurityGroupInboundRulesOnPrivateLinkTraffic set to true, and no inbound egress rules set, no traffic gets through. If I add an ingress rule and allow all traffic then people on my network are able to access the NLB URL directly.

I only want traffic from the VPC link to connect to the NLB - this is seems possible with turning off the enforceSecurityGroupInboundRulesOnPrivateLinkTraffic which is noted in the AWS documentation, however this is not exposed to be set once the Fargate service is created.

1 Answer
0

Hello!

The NetworkLoadBalancedFargateService construct [1] has a "loadBalancer" property. This property is of type "INetworkLoadBalancer" [2] which contains the desired property "enforceSecurityGroupInboundRulesOnPrivateLinkTraffic". You can therefore set this property by defining loadBalancer.enforceSecurityGroupInboundRulesOnPrivateLinkTraffic in your NetworkLoadBalancedFargateService construct.

===References===

[1] https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecs_patterns.NetworkLoadBalancedFargateService.html

[2] https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_elasticloadbalancingv2.INetworkLoadBalancer.html

answered 13 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions