Avoid Elastic Beanstalk to create security group for ELB

Just found out that there is a Elastic Beanstalk option named ‘ManagedSecurityGroup‘ to allow you to use an exisiting security group for the ELB. Note the security group must be in the aws:elb:loadbalancer SecurityGroups list. Here is a sample:

“Namespace”: “aws:elb:loadbalancer”,
“OptionName”: “SecurityGroups“,
“Value”: “sg-1111111,sg-222222”
“Namespace”: “aws:elb:loadbalancer”,
“OptionName”: “ManagedSecurityGroup“,
“Value”: “sg-1111111”

Unfortunately, there is no such option for EC2. But you are able to control the SSH access in the EB managed EC2 security group with option ‘SSHSourceRestriction’

“Namespace”: “aws:autoscaling:launchconfiguration”,
“OptionName”: “SSHSourceRestriction“,
“Value”: “tcp, 22, 22, sg-222222”

Reference: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s