在 CloudFormation 中创建 ALB 目标组 [英] Creating an ALB Target Group in CloudFormation

查看:32
本文介绍了在 CloudFormation 中创建 ALB 目标组的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试在 CloudFormation 中创建一个应用程序负载均衡器,其目标组将流量转发到 EC2 实例.以下是相关代码段,其中 ELBSubnets、ECSCluster、taskdefinition 和 VpcId 作为参数传入:

I'm trying to create an Application Load Balancer in CloudFormation, with a target group that forwards traffic to EC2 instances. Here is the relevant snippet, where ELBSubnets, ECSCluster, taskdefinition, and VpcId are passed in as parameters:

"EcsElasticLoadBalancer" : {
  "Type" : "AWS::ElasticLoadBalancingV2::LoadBalancer",
  "Properties" : {
    "Subnets" : { "Ref" : "ELBSubnets" },
    "SecurityGroups": [
      { "Ref": "ELBAccessSecurityGroup" }
    ]
  }
},
"LoadBalancerListener": {
  "Type": "AWS::ElasticLoadBalancingV2::Listener",
  "Properties": {
    "DefaultActions": [{
      "Type": "forward",
      "TargetGroupArn": { "Ref": "TargetGroup" }
    }],
    "LoadBalancerArn": { "Ref": "EcsElasticLoadBalancer" },
    "Port": 80,
    "Protocol": "HTTP"
  }
},
"TargetGroup": {
  "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
  "Properties": {
    "Name": { "Fn::Join": [ "-", [ { "Ref": "AWS::StackName" }, "TargetGroup" ] ] },
    "Port": 80,
    "Protocol": "HTTP",
    "VpcId": { "Ref": "VpcId" }
  },
  "DependsOn": [ "EcsElasticLoadBalancer" ]
},
"service": {
  "Type": "AWS::ECS::Service",
  "Properties" : {
    "Cluster": { "Ref": "ECSCluster" },
    "DesiredCount": "1",
    "LoadBalancers": [
      {
        "ContainerName": "main-app",
        "ContainerPort": 3000,
        "TargetGroupArn": { "Ref": "TargetGroup" }
      }
    ],
    "Role" : {"Ref":"ECSServiceRole"},
    "TaskDefinition" : {"Ref":"taskdefinition"}
  }
},
"ECSServiceRole": {
  "Type": "AWS::IAM::Role",
  "Properties": {
    "AssumeRolePolicyDocument": {
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "Service": [
              "ecs.amazonaws.com"
            ]
          },
          "Action": [
            "sts:AssumeRole"
          ]
        }
      ]
    },
    "Path": "/",
    "Policies": [
      {
        "PolicyName": "ecs-service",
        "PolicyDocument": {
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "elasticloadbalancing:Describe*",
                "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
                "ec2:Describe*",
                "ec2:AuthorizeSecurityGroupIngress"
              ],
              "Resource": "*"
            }
          ]
        }
      }
    ]
  }
}

我在创建服务时收到以下错误:

I get the following error when creating the service:

具有 targetGroupArn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxx:targetgroup/AlbServiceStack-TargetGroup/6ba9c037c26cdb36 的目标组没有关联的负载均衡器.

The target group with targetGroupArn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxx:targetgroup/AlbServiceStack-TargetGroup/6ba9c037c26cdb36 does not have an associated load balancer.

我错过了什么?文档中似乎没有为目标组指定负载均衡器的方法.

What am I missing? In the documentation there doesn't seem to be a way to specify a load balancer for the target group.

推荐答案

成功了 - 问题是双重的:

Got it working - the problem was twofold:

  1. Role PolicyDocument 中缺少以下几行:
    • "elasticloadbalancing:DeregisterTargets"
    • "elasticloadbalancing:RegisterTargets"

更新后的模板如下所示:

Updated template looks like this:

"EcsElasticLoadBalancer" : {
  "Type" : "AWS::ElasticLoadBalancingV2::LoadBalancer",
  "Properties" : {
    "Subnets" : { "Ref" : "ELBSubnets" },
    "SecurityGroups": [
      { "Ref": "ELBAccessSecurityGroup" }
    ]
  }
},
"LoadBalancerListener": {
  "Type": "AWS::ElasticLoadBalancingV2::Listener",
  "Properties": {
    "DefaultActions": [{
      "Type": "forward",
      "TargetGroupArn": { "Ref": "TargetGroup" }
    }],
    "LoadBalancerArn": { "Ref": "EcsElasticLoadBalancer" },
    "Port": 80,
    "Protocol": "HTTP"
  }
},
"TargetGroup": {
  "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
  "Properties": {
    "Name": { "Fn::Join": [ "-", [ { "Ref": "AWS::StackName" }, "TargetGroup" ] ] },
    "Port": 80,
    "Protocol": "HTTP",
    "VpcId": { "Ref": "VpcId" }
  },
  "DependsOn": [ "EcsElasticLoadBalancer" ]
},
"service": {
  "Type": "AWS::ECS::Service",
  "DependsOn": [ "LoadBalancerListener" ],
  "Properties" : {
    "Cluster": { "Ref": "ECSCluster" },
    "DesiredCount": "1",
    "LoadBalancers": [
      {
        "ContainerName": "main-app",
        "ContainerPort": 3000,
        "TargetGroupArn": { "Ref": "TargetGroup" }
      }
    ],
    "Role" : {"Ref":"ECSServiceRole"},
    "TaskDefinition" : {"Ref":"taskdefinition"}
  }
},
"ECSServiceRole": {
  "Type": "AWS::IAM::Role",
  "Properties": {
    "AssumeRolePolicyDocument": {
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "Service": [
              "ecs.amazonaws.com"
            ]
          },
          "Action": [
            "sts:AssumeRole"
          ]
        }
      ]
    },
    "Path": "/",
    "Policies": [
      {
        "PolicyName": "ecs-service",
        "PolicyDocument": {
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "elasticloadbalancing:Describe*",
                "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
                "ec2:Describe*",
                "ec2:AuthorizeSecurityGroupIngress",
                "elasticloadbalancing:DeregisterTargets",
                "elasticloadbalancing:RegisterTargets"
              ],
              "Resource": "*"
            }
          ]
        }
      }
    ]
  }
}

这篇关于在 CloudFormation 中创建 ALB 目标组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆