创建目标组失败,因为它没有与LoadBalancer关联。 但是我正在使用参数显式传递它……这可能是一个政策问题吗?
AWSTemplateFormatVersion: 2010-09-09
Description: CF template for Service.
Parameters:
ClusterArn:
Type: String
Description: The Cluster ARN in which to launch the service.
VPCId:
Type: AWS::EC2::VPC::Id
Description: The VPC Id in which the service will be launched.
FrontEndALBHTTPListenerArn:
Type: String
Description: The listener Arn for the back-end service type.
ALBHostedZoneId:
Type: String
Description: The HZ to add the DNS Record.
LoadBalancerDNSName:
Type: String
Description: Load balancer DNS Name.
Resources:
CustomerHTTPListerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
TargetGroupArn:
!Ref FrontEndBackEndHTTPTargetGroup
Conditions:
- Field: host-header
Values:
- customer.services.company.com
Priority: 5
ListenerArn: !Ref FrontEndALBHTTPListenerArn
# Task Definition
FrontEndTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
NetworkMode: bridge
Family: front-end
ContainerDefinitions:
-
Name: front-end
Image: 'xxx.xxx.ecr.xxx.amazonaws.com/frontend'
Memory: 128
PortMappings:
-
ContainerPort: 80
HostPort: 0
Essential: true
Environment:
- Name: ENVIRONMENT
Value: test
# Service Definition
FrontEndServiceDefinition:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref ClusterArn
DeploymentConfiguration:
MinimumHealthyPercent: 50
MaximumPercent: 200
DesiredCount: 1
HealthCheckGracePeriodSeconds: 30
LaunchType: EC2
TaskDefinition: !Ref FrontEndTaskDefinition
ServiceName: Customer
PlacementStrategies:
- Type: spread
Field: instanceId
LoadBalancers:
-
ContainerName: front-end
ContainerPort: 80
TargetGroupArn: !Ref FrontendHTTPTargetGroup
DependsOn: FrontendHTTPTargetGroup
# front-end Target Group
FrontendBackEndHTTPTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 5
HealthCheckPath: '/health'
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 3
HealthyThresholdCount: 3
UnhealthyThresholdCount: 2
Matcher:
HttpCode: 200
Name: front-end
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: front-end
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: 10
TargetType: instance
VpcId: !Ref VPCId
以下是附加到堆栈的策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action":
"ec2:DescribeInstances",
"ec2:DescribeAddresses",
"ec2:DescribeRegions",
"ec2:DescribeSnapshots",
"ecs:DescribeTaskDefinition",
"ecs:DeregisterTaskDefinition",
"ecs:CreateService",
"ec2:DescribeVolumeStatus",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ecs:RegisterTaskDefinition",
"ec2:DescribeVolumes",
"ecs:DescribeServices",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeKeyPairs",
"ec2:DescribeNetworkAcls",
"ec2:DescribeRouteTables",
"ec2:DescribeCustomerGateways",
"ec2:DescribeVpcEndpointConnectionNotifications",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeVpc*",
"route53:ListHostedZones",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DescribeTargetGroupAttributes"
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:ModifyListener"
],
"Resource": "*"
}
]
}
具有完全的管理员权限,它可以毫无问题地创建堆栈。
我是否错过了一项政策,取决于?
这可以与Creating an ALB Target Group in CloudFormation相关,但是我没有在此堆栈中定义ALB。
答案 0 :(得分:0)
我无法在您的CloudFormation模板中看到将目标组链接到负载均衡器的任何内容。
在查看AWS::ElasticLoadBalancingV2::TargetGroup - AWS CloudFormation时,似乎TargetGroup通过Listener链接到负载均衡器:
ALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
Type: forward
TargetGroupArn:
Ref: ALBTargetGroup <--- Here!
LoadBalancerArn:
Ref: ApplicationLoadBalancer <--- Here!
Port: 80
Protocol: HTTP
答案 1 :(得分:0)
问题是侦听器与服务创建之间的竞争状态:服务是在侦听器仍在进行中或刚刚创建时创建的。
在服务上添加dependson指令可以解决此问题。
答案 2 :(得分:0)
我有一个Fargate服务,它将由网络负载平衡器公开。要使用AWS CDK Typescript解决此问题,请执行以下操作:
const fargateService = new ecs.FargateService(this, 'FunkyFargateService', {
// ...
});
const loadBalancer = new elb.NetworkLoadBalancer(this, 'LB', {
vpc: vpc,
internetFacing: true,
});
const targetGroup = new elb.NetworkTargetGroup(this, 'NetworkTargetGroup', {
vpc,
port: 50051,
deregistrationDelay: cdk.Duration.seconds(5),
targets: [fargateService],
});
const nl = new elb.NetworkListener(this, 'LoadBalancerListener', {
loadBalancer,
// certificates: certificates.map(c => ({ certificateArn: c.certificateArn })),
// protocol: elb.Protocol.TLS,
defaultTargetGroups: [targetGroup],
port: 80,
});
fargateService.node.addDependency(nl);
为Fargate服务生成以下CloudFormation定义:
"FunkyFargateServiceXXXX": {
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": "funky-cluster",
"DeploymentConfiguration": {
"MaximumPercent": 200,
"MinimumHealthyPercent": 100
},
"DesiredCount": 1,
"EnableECSManagedTags": false,
"HealthCheckGracePeriodSeconds": 20,
"LaunchType": "FARGATE",
"LoadBalancers": [
{
"ContainerName": "staging-funk",
"ContainerPort": 50051,
"TargetGroupArn": {
"Ref": "NetworkTargetGroupXXX"
}
}
],
"NetworkConfiguration": {
"AwsvpcConfiguration": {
"AssignPublicIp": "DISABLED",
"SecurityGroups": [
{
"Fn::GetAtt": [
"FunkyFargateServiceSecurityGroupXXXX",
"GroupId"
]
}
],
"Subnets": [
"subnet-XXX",
"subnet-XXX"
]
}
},
"ServiceName": "staging-funk",
"TaskDefinition": {
"Ref": "FunkyTaskDefinitionXXX"
}
},
"DependsOn": [
"LoadBalancerListenerXXX"
],
"Metadata": {
"aws:cdk:path": "FunkyStack/FunkyFargateService/Service"
}
}