aws/elastic-beanstalk-roadmap

[Feature Request] Network Load Balancers (NLB) to support EIPs to enable AWS Shield

vahobrsti opened this issue ยท 0 comments

vahobrsti commented

Community Note

  • Please vote on this issue by adding a ๐Ÿ‘ reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave "+1" or "me too" comments. They generate extra noise for issue followers and do not help prioritize the request.

Tell us about your request
What do you want us to build?

If I want to enable Advanced Shield protection for the NLB assoicated with Beanstalk. To do that, the NLB must have EIPs; however, when I choose NLB for EB, it injects Subnets by default which prevents me using EB extension and using SubnetMappings. CloudFormation docs say

SubnetMappings:

The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both.

To protect NLB by AWS shield, NLB must have EIPs and with the current implementation, there is no way to use Resources type of EB extension.

Is this request specific to an Elastic Beanstalk platform?

Nope. This is for ALL of them

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?

I have created an NLB through Beanstalk and I would like to protect it using aws shield

Are you currently working around this issue?

No workaround has been found

Additional context

I tried to replace the whole cloudformation syntax for load balancer and still doesn't work. Example:


Parameters:
  NLBSubnetA:
    Type: String
    Description: Used to reference first subnet for NLB
    Default: subnet-xxxx
  NLBSubnetB:
    Type: String
    Description: Used to reference second subnet for NLB
    Default: subnet-yyyyy
Resources:
  AWSEBV2LoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      IpAddressType: ipv4
      Scheme: internet-facing
      SubnetMappings: 
        - AllocationId:
            "Fn::GetOptionSetting": 
              Namespace: "aws:elasticbeanstalk:customoption"
              OptionName: "EIPAllocationA"
          SubnetId: { "Ref" : "NLBSubnetA" }
        - AllocationId:
            "Fn::GetOptionSetting": 
              Namespace: "aws:elasticbeanstalk:customoption"
              OptionName: "EIPAllocationB"
          SubnetId: { "Ref" : "NLBSubnetB" }
      LoadBalancerAttributes:
        - Key: load_balancing.cross_zone.enabled
          Value: true

Attachments

If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)