How do I use my own security group for my load balancer when I deploy an AWS Elastic Beanstalk application?

Last updated: 2019-04-12

How do I create a load-balancing, auto-scaling environment type for my AWS Elastic Beanstalk application and specify my own security group for my load balancer?

Short Description

By default, Elastic Beanstalk creates a security group for your load balancer, but you can override this default behavior if you have an existing security group (also called a ManagedSecurityGroup) that you want to attach to your load balancer. To prevent Elastic Beanstalk from creating a default security group, you must add one or more configuration files to a .ebextensions directory in your application deployment package.

Resolution

Use .ebextensions to instruct the Elastic Beanstalk service to attach a pre-existing security group to your Elastic Load Balancer. Then, remove the default security group that Elastic Beanstalk created for you.

1.    Before instructing Elastic Beanstalk to use a pre-existing security group, check that you have a pre-existing security group to use. Or, you can create a new security group for the load balancer in your Elastic Beanstalk environment.

2.    Note the ID of your security group. (For example, an ID of sg-123456).

3.    Create a .ebextensions/ directory in your local application code directory. For more information, see Advanced Environment Customization with Configuration Files (.ebextensions).

4.    In the .ebextensions/ directory, create a file named elbsg.config.

5.    Update your elbsg.config file based on the following example:

option_settings:
    aws:elb:loadbalancer:
        ManagedSecurityGroup: "sg-123456"

If you're updating an existing environment, use the SecurityGroups setting to remove the default security group based on the following example:

option_settings:
    aws:elb:loadbalancer:
    	ManagedSecurityGroup: "sg-123456"
        SecurityGroups: "sg-123456"

Note: You can use the SecurityGroups setting to add additional security groups to the load balancer.

6.    Deploy your code and the new .ebextensions/ directory together as a new application version to your Elastic Beanstalk environment

After deployment, your security group will be attached to the load balancer. Your environment and load balancer are now successfully using your existing security group instead of the default load balancer security group.


Did this article help you?

Anything we could improve?


Need more help?