CDK Fargate deploy adds unwanted SG rules

I'm setting up a Fargate cluster with AWS CDK v2. On deploy, CDK is adding a "0.0.0.0/0 Allow from anyone on port 80" rule to a pre-made security group. Any idea how to stop this behavior? Here is my service stanza:

const service = new ecs.FargateService(this, "SBfargate", {
  cluster,
  desiredCount: 1,
  taskDefinition: fargateTaskDefinition,
  assignPublicIp: true,
  securityGroups: [sbsg],
  serviceName: 'SB-Fargate_service',
});

主题

无服务器容器管理与治理

标签

AWS Fargate AWS CloudFormation 亚马逊弹性容器服务 (ECS)

语言

English

sbecker

已提问 2 年前252 查看次数

1 回答

最新
投票最多
评论最多

Found https://github.com/aws/aws-cdk/issues/3177 after more digging. Mutable: false on the SG stanza worked as I wanted.

sbecker

已回答 2 年前

CDK Fargate deploy adds unwanted SG rules

相关内容