Search code examples

Adding rule to the security group which is created automatically

I am using the AWS CDK to create an ApplicationLoadBalancer which has port 80 accepting external connections.

I want to use port 8080 of target to health check port.

const lb = new elb.ApplicationLoadBalancer(this, "LB", {
  vpc: cluster.vpc,
  loadBalancerName : loadBalancerName,
  internetFacing: true,
  vpcSubnets: {  subnetType: ec2.SubnetType.PUBLIC },
const listener = lb.addListener("Listener", { port: 80 });

const targetGroup = listener.addTargets("ECS", {
  protocol: elb.ApplicationProtocol.HTTP,
  port: 80,
  targets: [ecsAdminService]
  path: "/",
  port: "8080"

In this case ApplicationLoadBalancer makes the security group automatically.

However, it has an outbound rule only port 80. I want to add anoutbound rule port 8080

How can I change the security group so it is automatically generated?


  • When you create a Load Balancer with CDK if a security group isn't provided, the CDK will be automatically create a Security Group for you.

    So, if want to manage the Security group rules, you can create a Security Group with the rules that you need and attach to the created ALB:

    const securityGroup1 = new ec2.SecurityGroup(this, 'SecurityGroup1', { vpc });
      'allow HTTP traffic from anywhere',
    const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', {
        internetFacing: true,
        securityGroup: securityGroup1, // Optional - will be automatically created otherwise