Can I re-use backend-sg for other NLBs?

[dohnto]

Hi,

I have few NLBs which need to be created outside of ALBC. I use ALBC to fill the AWS TargetGroups using TargetGroupBinding. This is parallel to some NLBs which are already managed by ALBC.

I also need to manage the network flow between the NLB and TargetGroups as I am using Preserve Client IP attribute on the TargetGroups. IIUC ALBC uses Backend Security Groups for exactly that purpose.

Is it wise to re-use this security group and assign it to my terraform managed NLBs and Kubernetes TargetGroupBinding or I am risking for example deletion of it/malfunction of ALBC?

Thanks for your guidance.

[shraddhabang]

@dohnto We dont recommend using the LBC managed resources outside of the LBC as their lifecycle are strictly tied to LBC. However, you could create a shared backend security group outside of the controller and have controller use that through this-,backend%2Dsecurity%2Dgroup,-string) flag. This way all of your NLBs will be using the same security group and you will be in control of the lifecycle of the security group.