AWS security group support using kong ingress controller annotation in NLB

itsmepakky · November 25, 2025, 5:53am

Hello Community,

We are currently running Kong Ingress Controller (KIC) version 2.8.1 and Kong Proxy version 3.1 within an AWS EKS cluster, where the Kong proxy Service is exposed via an AWS Network Load Balancer (NLB).

We recently installed the latest version of KIC, but encountered an issue when attempting to attach an existing AWS Security Group (SG) to the provisioned NLB using the standard Kubernetes Service annotation:

YAML

"service.beta.kubernetes.io/aws-load-balancer-security-groups": "sg-02d6474e862ee694a"

Problem: After deploying the new Ingress Controller, the NLB was created, but no Security Group was attached to it.

Key Questions

Annotation Support: Does the latest version of the Kong Ingress Controller officially support the service.beta.kubernetes.io/aws-load-balancer-security-groups annotation for attaching an SG directly to the NLB Service in AWS?
IP Restriction Alternative: If direct SG attachment via annotation is not supported, what is the recommended method to restrict traffic on ports 80 and 443 to only a specific list of public source IP addresses (CIDRs) for a public-facing NLB in this EKS setup?

Thank you for your guidance.

Regards, Pankaj

Topic		Replies	Views
Kong ingress readiness/liveness probes failed when use AWS Security group for kong pods Questions kubernetes	7	4118	July 29, 2021
Ssl-policy annotations with AWS NLB in Kong Ingress Controller Questions kubernetes	6	2750	April 16, 2021
EKS: Avoid exposing port 80 via AWS NLB for Kong ingress controller Questions kubernetes	3	2564	August 9, 2021
Kong + AWS Network Load Balancer + SSL kong-gateway	0	1084	November 21, 2022
The recommended ELB type on AWS EKS kubernetes	5	2322	January 28, 2022

AWS security group support using kong ingress controller annotation in NLB

Key Questions

Related topics