Amazon web services 在AWS CloudFormation中创建TargetGroup时没有关联的负载平衡器
目标组的创建失败,因为它未与LoadBalancer关联。 但是我使用参数显式地传递它。。。这可能是一个政策问题吗Amazon web services 在AWS CloudFormation中创建TargetGroup时没有关联的负载平衡器,amazon-web-services,amazon-cloudformation,target,amazon-elb,Amazon Web Services,Amazon Cloudformation,Target,Amazon Elb,目标组的创建失败,因为它未与LoadBalancer关联。 但是我使用参数显式地传递它。。。这可能是一个政策问题吗 AWSTemplateFormatVersion: 2010-09-09 Description: CF template for Service. Parameters: ClusterArn: Type: String Description: The Cluster ARN in which to launch the service
AWSTemplateFormatVersion: 2010-09-09
Description: CF template for Service.
Parameters:
ClusterArn:
Type: String
Description: The Cluster ARN in which to launch the service.
VPCId:
Type: AWS::EC2::VPC::Id
Description: The VPC Id in which the service will be launched.
FrontEndALBHTTPListenerArn:
Type: String
Description: The listener Arn for the back-end service type.
ALBHostedZoneId:
Type: String
Description: The HZ to add the DNS Record.
LoadBalancerDNSName:
Type: String
Description: Load balancer DNS Name.
Resources:
CustomerHTTPListerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
TargetGroupArn:
!Ref FrontEndBackEndHTTPTargetGroup
Conditions:
- Field: host-header
Values:
- customer.services.company.com
Priority: 5
ListenerArn: !Ref FrontEndALBHTTPListenerArn
# Task Definition
FrontEndTaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
NetworkMode: bridge
Family: front-end
ContainerDefinitions:
-
Name: front-end
Image: 'xxx.xxx.ecr.xxx.amazonaws.com/frontend'
Memory: 128
PortMappings:
-
ContainerPort: 80
HostPort: 0
Essential: true
Environment:
- Name: ENVIRONMENT
Value: test
# Service Definition
FrontEndServiceDefinition:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref ClusterArn
DeploymentConfiguration:
MinimumHealthyPercent: 50
MaximumPercent: 200
DesiredCount: 1
HealthCheckGracePeriodSeconds: 30
LaunchType: EC2
TaskDefinition: !Ref FrontEndTaskDefinition
ServiceName: Customer
PlacementStrategies:
- Type: spread
Field: instanceId
LoadBalancers:
-
ContainerName: front-end
ContainerPort: 80
TargetGroupArn: !Ref FrontendHTTPTargetGroup
DependsOn: FrontendHTTPTargetGroup
# front-end Target Group
FrontendBackEndHTTPTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 5
HealthCheckPath: '/health'
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 3
HealthyThresholdCount: 3
UnhealthyThresholdCount: 2
Matcher:
HttpCode: 200
Name: front-end
Port: 80
Protocol: HTTP
Tags:
- Key: Name
Value: front-end
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: 10
TargetType: instance
VpcId: !Ref VPCId
以下是附加到堆栈的策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action":
"ec2:DescribeInstances",
"ec2:DescribeAddresses",
"ec2:DescribeRegions",
"ec2:DescribeSnapshots",
"ecs:DescribeTaskDefinition",
"ecs:DeregisterTaskDefinition",
"ecs:CreateService",
"ec2:DescribeVolumeStatus",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ecs:RegisterTaskDefinition",
"ec2:DescribeVolumes",
"ecs:DescribeServices",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeKeyPairs",
"ec2:DescribeNetworkAcls",
"ec2:DescribeRouteTables",
"ec2:DescribeCustomerGateways",
"ec2:DescribeVpcEndpointConnectionNotifications",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeVpc*",
"route53:ListHostedZones",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DescribeTargetGroupAttributes"
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:ModifyListener"
],
"Resource": "*"
}
]
}
拥有完全的管理员权限,它可以毫无问题地创建堆栈
我是不是错过了一项政策,dependsOn
这可能是相关的,但我没有在此堆栈中定义ALB。我在您的CloudFormation模板中看不到任何将目标组链接到负载平衡器的内容。 在查看时,似乎TargetGroup通过
侦听器链接到负载平衡器
:
ALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
DefaultActions:
Type: forward
TargetGroupArn:
Ref: ALBTargetGroup <--- Here!
LoadBalancerArn:
Ref: ApplicationLoadBalancer <--- Here!
Port: 80
Protocol: HTTP
ALBListener:
类型:AWS::ElasticLoadBalancingV2::Listener
特性:
默认操作:
类型:前进
TargetGroupArn:
Ref:ALBTargetGroup问题是侦听器和服务创建之间的竞争条件:服务是在侦听器仍在进行中或刚刚创建时创建的。
在服务上添加dependson
指令解决了问题。我有一个fargate服务,它将由网络负载平衡器公开。要使用AWS CDK Typescript解决此问题,请执行以下操作:
const fargateService = new ecs.FargateService(this, 'FunkyFargateService', {
// ...
});
const loadBalancer = new elb.NetworkLoadBalancer(this, 'LB', {
vpc: vpc,
internetFacing: true,
});
const targetGroup = new elb.NetworkTargetGroup(this, 'NetworkTargetGroup', {
vpc,
port: 50051,
deregistrationDelay: cdk.Duration.seconds(5),
targets: [fargateService],
});
const nl = new elb.NetworkListener(this, 'LoadBalancerListener', {
loadBalancer,
// certificates: certificates.map(c => ({ certificateArn: c.certificateArn })),
// protocol: elb.Protocol.TLS,
defaultTargetGroups: [targetGroup],
port: 80,
});
fargateService.node.addDependency(nl);
这将产生Fargate服务的以下云信息定义:
"FunkyFargateServiceXXXX": {
"Type": "AWS::ECS::Service",
"Properties": {
"Cluster": "funky-cluster",
"DeploymentConfiguration": {
"MaximumPercent": 200,
"MinimumHealthyPercent": 100
},
"DesiredCount": 1,
"EnableECSManagedTags": false,
"HealthCheckGracePeriodSeconds": 20,
"LaunchType": "FARGATE",
"LoadBalancers": [
{
"ContainerName": "staging-funk",
"ContainerPort": 50051,
"TargetGroupArn": {
"Ref": "NetworkTargetGroupXXX"
}
}
],
"NetworkConfiguration": {
"AwsvpcConfiguration": {
"AssignPublicIp": "DISABLED",
"SecurityGroups": [
{
"Fn::GetAtt": [
"FunkyFargateServiceSecurityGroupXXXX",
"GroupId"
]
}
],
"Subnets": [
"subnet-XXX",
"subnet-XXX"
]
}
},
"ServiceName": "staging-funk",
"TaskDefinition": {
"Ref": "FunkyTaskDefinitionXXX"
}
},
"DependsOn": [
"LoadBalancerListenerXXX"
],
"Metadata": {
"aws:cdk:path": "FunkyStack/FunkyFargateService/Service"
}
}
cloudformation给您带来了什么错误?监听器已经在另一个堆栈中定义了(不过我可以在这里定义它)。我忘记了片段中的listenerRule。我添加了它,您的侦听器(已在另一个堆栈中创建)如何指向您的TargetGroup(在此堆栈中创建)?我想我明白您的意思:)让我尝试修改我的CF模板我正在为不同的主机使用同一个侦听器(微服务体系结构)1。我需要将目标组添加到在另一个stack(complex)2中创建的侦听器中。我需要为每个堆栈3使用不同的侦听器端口。另一个解决方案?