By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Security Group created under ELB with ICMP Protocol

0

Hi Team, There is Application Load Balancer which is created and while its creation a security group is also created along with it, when checked in the cloudtrail it shows that it was invoked by "eks.amazonaws.com". Is there a way to avoid creation of this security group or particularly manage its inbound and outbound rules? As there is a ICMP Protocol that is being created in this security group which we do not want to be created. TIA

Topics
ContainersNetworking & Content Delivery
Tags
Amazon Elastic Kubernetes ServiceElastic Load BalancingApplication Load BalancerSecurity Group
Language
English
rePost-User-9863127
asked a year ago328 views
1 Answer
0

Sounds like AWS load balancer controller you can use this annotation to avoid the auto created security group - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/#security-groups

"alb.ingress.kubernetes.io/security-groups specifies the securityGroups you want to attach to LoadBalancer.

When this annotation is not present, the controller will automatically create one security group, the security group will be attached to the LoadBalancer and allow access from inbound-cidrs to the listen-ports. Also, the securityGroups for Node/Pod will be modified to allow inbound traffic from this securityGroup.

If you specify this annotation, you need to configure the security groups on your Node/Pod to allow inbound traffic from the load balancer. You could also set the manage-backend-security-group-rules if you want the controller to manage the access rules."

AWS
EXPERT
Thaddeus_W
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content