How do I create a load-balancing, auto-scaling environment type for my Elastic Beanstalk application and specify my own security group for the load balancer?

Elastic Beanstalk supports the creation of both single instance environment types and load-balancing, auto-scaling environment types for your Elastic Beanstalk application. By default, when you create a load-balancing, auto-scaling environment type for your AWS Elastic Beanstalk application, a new security group is created for the ELB load balancer.

You can override Elastic Beanstalk default behavior and designate your own security group for the load balancer used in load-balancing, auto-scaling environments by adding one or more configuration files to a .ebextensions directory in your application deployment package. When you add a .ebextensions directory to your Beanstalk Application deployment file, any configuration files contained in the directory are processed in alphabetical order during deployment of your application. Follow these steps to add custom configuration options to your application deployment file.

Note: For more information about setting configuration options including the use of the Elastic Beanstalk API, saved configurations, and custom configuration files see Configuration Options.

1.    Create a .ebextensions directory to house custom configuration files.
Add a directory named .ebextensions to your Elastic Beanstalk application deployment file. For the scenario in this article, you also create and add an elbsg.config file in the .ebextensions directory. You can use any name for your .config file, but keep in mind that multiple configuration files are processed in alphabetical order. The structure of the directory and configuration files is represented below:

myapp.zip
     |-- .ebextensions
     |         |-- elbsg.config
     |         |-- other .config
            files
            
     |-- other application files

2.    Create a security group for the load balancer.
Configure the inbound and outbound rules for the security group as needed and record the associated security group ID for future reference.

Add configuration parameters to your configuration file. The following sample configuration includes two option_settings that modify the default behavior of the Elastic Beanstalk service when deploying an Elastic Beanstalk application to a load-balancing, auto-scaling environment:

  • aws:elb:loadbalancer: ManagedSecurityGroup
    This option specifies that the Elastic Beanstalk service should not create a new security group for the load balancer and adds a rule to EC2 security groups to ensure that connections are accepted from the security group with the security group ID that you created in step 2 (represented by the placeholder sg-xxxxxxxx).
  • aws:elb:loadbalancer: SecurityGroups
    This option specifies that the Elastic Beanstalk service should update the load balancer to use the security group with the security group ID that you created in Step 2 (represented by the placeholder sg-xxxxxxxx).

Contents of sample configuration file elbsg.config:
option_settings:
- namespace: aws:elb:loadbalancer
option_name: ManagedSecurityGroup
value: sg-xxxxxxxx
- namespace: aws:elb:loadbalancer
option_name: SecurityGroups
value: sg-xxxxxxxx

Scenarios for deploying Elastic Beanstalk applications using custom application deployment options in a configuration file

Creating a new Elastic Beanstalk environment

When you create a new Elastic Beanstalk environment using the configuration information described here, the Elastic Beanstalk service will configure the load balancer to use the security group that matches the security group ID provided in your configuration file instead of automatically creating and assigning a new security group to the load balancer.

Updating an existing Elastic Beanstalk environment

You can also update an existing Elastic Beanstalk environment by adding custom configuration options to an Elastic Beanstalk application deployment file. In the scenario described in this article, the Elastic Beanstalk service would delete the existing ELB security group and update the load balancer to use the security group that matches the security group ID provided in your configuration file.

For more information about implementing custom Beanstalk application deployment options, see Advanced Environment Customization with Configuration Files (.ebextensions).


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-09-28