Security Group created under ELB with ICMP Protocol

0

Hi Team, There is Application Load Balancer which is created and while its creation a security group is also created along with it, when checked in the cloudtrail it shows that it was invoked by "eks.amazonaws.com". Is there a way to avoid creation of this security group or particularly manage its inbound and outbound rules? As there is a ICMP Protocol that is being created in this security group which we do not want to be created. TIA

1 個回答
0

Sounds like AWS load balancer controller you can use this annotation to avoid the auto created security group - https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/#security-groups

"alb.ingress.kubernetes.io/security-groups specifies the securityGroups you want to attach to LoadBalancer.

When this annotation is not present, the controller will automatically create one security group, the security group will be attached to the LoadBalancer and allow access from inbound-cidrs to the listen-ports. Also, the securityGroups for Node/Pod will be modified to allow inbound traffic from this securityGroup.

If you specify this annotation, you need to configure the security groups on your Node/Pod to allow inbound traffic from the load balancer. You could also set the manage-backend-security-group-rules if you want the controller to manage the access rules."

AWS
專家
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南