Lb complains if security group not specified, but says SGs are only for http LBs if I specify one

[darthcabs]

I'm trying to create a LB for my ECS Service, but I'm stuck here:

fargate lb create name --port 8000 --subnet-id subnet-a218a38d [!] Could not find EC2 security group

fargate lb create name --port 8000 --security-group-id sg-d1d0cca5 --subnet-id subnet-a218a38d [!] Security groups can only be specified for HTTP/HTTPS load balancers

I've read somewhere that LBs require two subnets, but providing them in those commands doesn't help either.

Am I missing something? Is there a workaround? Thanks!

[mgajda]

Hi @darthcabs , did you check that your security group opens this port to the public? (I have only one subnet, but had to open load balanced ports to ingress on that port.)

[masterjg]

Actually I have same issue. For HTTP & HTTPS it works without problem, however if I use tcp: ports then fargate shows same error.

fargate lb create aml-service-lb --port tcp:80 --security-group-id sg-05e3a638d5d4ada93 --cluster core-master --region eu-west-1 - security groups can only be specified for HTTP/HTTPS load balancers

[masterjg]

apparently aws does not support security groups on network lb. https://www.linkedin.com/pulse/aws-new-network-elastic-load-balancernlb-few-silvio-l-de-morais/

[mgajda]

May it be that your script used application load balancer, and now it converts to Network Load Balancer (TCP) than does not understand security groups?