working config

2020-05-01 02:59:59 +01:00
parent 3fc49078ab
commit c97321790b
4 changed files with 33 additions and 6 deletions
--- a/tempnotes.md
+++ b/tempnotes.md
@@ -186,3 +186,21 @@ Create another custom security group for the EC2 instance - should be private
 autoscaling should have current public security group

 Load balancer should have the current subnets
+
+Loadbalancer security group should have inbound + outbound to 80+443 on 0.0.0.0/0
+
+The option_settings: aws:elbv2:loadbalancer has two options for security groups
+
+ManagedSecurityGroup - defines the security group that is used for the load balancer itself.
+SecurityGroups - is a list of additional security groups you want to attach.
+
+If you define a ManagedSecurityGroup you should set SecurityGroups as well to the same one.
+
+Load balancer needs a security group that allows incoming 80 + 443 from anywhere
+It should also set the same for outbound as well
+
+This security group should be set in `aws:elbv2:loadbalancer` under
+`ManagedSecurityGroup` and `SecurityGroups`
+
+Additional security groups (in addition to the default one created by ELB) for the EC2 instances are defined in `aws:autoscaling:launchconfiguration` under `SecurityGroups`
+A security group will be created for you. You can ammend this (add 443 for https for example) by using `.config` file and creating a `AWS::EC2::SecurityGroupIngress` resource. (see 06-https.config)