Adding rule to the security group which is created automatically

Question

I am using the AWS CDK to create an ApplicationLoadBalancer which has port 80 accepting external connections.

I want to use port 8080 of target to health check port.

const lb = new elb.ApplicationLoadBalancer(this, "LB", {
  vpc: cluster.vpc,
  loadBalancerName : loadBalancerName,
  internetFacing: true,
  vpcSubnets: {  subnetType: ec2.SubnetType.PUBLIC },
});
const listener = lb.addListener("Listener", { port: 80 });

const targetGroup = listener.addTargets("ECS", {
  protocol: elb.ApplicationProtocol.HTTP,
  port: 80,
  targets: [ecsAdminService]
});
targetGroup.configureHealthCheck({
  path: "/",
  port: "8080"
})

In this case ApplicationLoadBalancer makes the security group automatically.

However, it has an outbound rule only port 80. I want to add anoutbound rule port 8080

How can I change the security group so it is automatically generated?

Answer 1

When you create a Load Balancer with CDK if a security group isn't provided, the CDK will be automatically create a Security Group for you.

So, if want to manage the Security group rules, you can create a Security Group with the rules that you need and attach to the created ALB:

const securityGroup1 = new ec2.SecurityGroup(this, 'SecurityGroup1', { vpc });

securityGroup1.addIngressRule(
  ec2.Peer.anyIpv4(),
  ec2.Port.tcp(80),
  'allow HTTP traffic from anywhere',
);

const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', {
    vpc,
    internetFacing: true,
    securityGroup: securityGroup1, // Optional - will be automatically created otherwise
});