1. 首页
  2. 问答
  3. 在CloudFormation中创建ALB目标组

在CloudFormation中创建ALB目标组

2016-09-15 77 views
15

我正尝试在CloudFormation中创建应用程序负载平衡器,并将目标组转发到EC2实例。下面是相关片段,其中的ELBSubnets,ECSCluster,taskdefinition和VpcId被作为参数传入:在CloudFormation中创建ALB目标组

"EcsElasticLoadBalancer" : { 
    "Type" : "AWS::ElasticLoadBalancingV2::LoadBalancer", 
    "Properties" : { 
    "Subnets" : { "Ref" : "ELBSubnets" }, 
    "SecurityGroups": [ 
     { "Ref": "ELBAccessSecurityGroup" } 
    ] 
    } 
}, 
"LoadBalancerListener": { 
    "Type": "AWS::ElasticLoadBalancingV2::Listener", 
    "Properties": { 
    "DefaultActions": [{ 
     "Type": "forward", 
     "TargetGroupArn": { "Ref": "TargetGroup" } 
    }], 
    "LoadBalancerArn": { "Ref": "EcsElasticLoadBalancer" }, 
    "Port": 80, 
    "Protocol": "HTTP" 
    } 
}, 
"TargetGroup": { 
    "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", 
    "Properties": { 
    "Name": { "Fn::Join": [ "-", [ { "Ref": "AWS::StackName" }, "TargetGroup" ] ] }, 
    "Port": 80, 
    "Protocol": "HTTP", 
    "VpcId": { "Ref": "VpcId" } 
    }, 
    "DependsOn": [ "EcsElasticLoadBalancer" ] 
}, 
"service": { 
    "Type": "AWS::ECS::Service", 
    "Properties" : { 
    "Cluster": { "Ref": "ECSCluster" }, 
    "DesiredCount": "1", 
    "LoadBalancers": [ 
     { 
     "ContainerName": "main-app", 
     "ContainerPort": 3000, 
     "TargetGroupArn": { "Ref": "TargetGroup" } 
     } 
    ], 
    "Role" : {"Ref":"ECSServiceRole"}, 
    "TaskDefinition" : {"Ref":"taskdefinition"} 
    } 
}, 
"ECSServiceRole": { 
    "Type": "AWS::IAM::Role", 
    "Properties": { 
    "AssumeRolePolicyDocument": { 
     "Statement": [ 
     { 
      "Effect": "Allow", 
      "Principal": { 
      "Service": [ 
       "ecs.amazonaws.com" 
      ] 
      }, 
      "Action": [ 
      "sts:AssumeRole" 
      ] 
     } 
     ] 
    }, 
    "Path": "/", 
    "Policies": [ 
     { 
     "PolicyName": "ecs-service", 
     "PolicyDocument": { 
      "Statement": [ 
      { 
       "Effect": "Allow", 
       "Action": [ 
       "elasticloadbalancing:Describe*", 
       "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", 
       "elasticloadbalancing:RegisterInstancesWithLoadBalancer", 
       "ec2:Describe*", 
       "ec2:AuthorizeSecurityGroupIngress" 
       ], 
       "Resource": "*" 
      } 
      ] 
     } 
     } 
    ] 
    } 
}

创建服务时,我得到了以下错误:

的目标群体与targetGroupArn阿尔恩:aws:elasticloadbalancing:us-east-1:xxxxxxxx:targetgroup/AlbServiceStack-TargetGroup/6ba9c037c26cdb36没有关联的负载均衡器。

我错过了什么?在文档中似乎没有为目标组指定负载平衡器的方法。

来源

2016-09-15 MungeWrath

回答

23

得到它的工作 - 问题是双重的:

  • "elasticloadbalancing:DeregisterTargets"
  • "elasticloadbalancing:RegisterTargets"
  • 服务所需"DependsOn": [ "LoadBalancerListener" ]为:

    1. 下面的几行是从角色PolicyDocument失踪一个额外的属性。

    更新的模板看起来是这样的:

    "EcsElasticLoadBalancer" : { 
    "Type" : "AWS::ElasticLoadBalancingV2::LoadBalancer", 
    "Properties" : { 
    "Subnets" : { "Ref" : "ELBSubnets" }, 
    "SecurityGroups": [ 
     { "Ref": "ELBAccessSecurityGroup" } 
    ] 
    } 
}, 
"LoadBalancerListener": { 
    "Type": "AWS::ElasticLoadBalancingV2::Listener", 
    "Properties": { 
    "DefaultActions": [{ 
     "Type": "forward", 
     "TargetGroupArn": { "Ref": "TargetGroup" } 
    }], 
    "LoadBalancerArn": { "Ref": "EcsElasticLoadBalancer" }, 
    "Port": 80, 
    "Protocol": "HTTP" 
    } 
}, 
"TargetGroup": { 
    "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", 
    "Properties": { 
    "Name": { "Fn::Join": [ "-", [ { "Ref": "AWS::StackName" }, "TargetGroup" ] ] }, 
    "Port": 80, 
    "Protocol": "HTTP", 
    "VpcId": { "Ref": "VpcId" } 
    }, 
    "DependsOn": [ "EcsElasticLoadBalancer" ] 
}, 
"service": { 
    "Type": "AWS::ECS::Service", 
    "DependsOn": [ "LoadBalancerListener" ], 
    "Properties" : { 
    "Cluster": { "Ref": "ECSCluster" }, 
    "DesiredCount": "1", 
    "LoadBalancers": [ 
     { 
     "ContainerName": "main-app", 
     "ContainerPort": 3000, 
     "TargetGroupArn": { "Ref": "TargetGroup" } 
     } 
    ], 
    "Role" : {"Ref":"ECSServiceRole"}, 
    "TaskDefinition" : {"Ref":"taskdefinition"} 
    } 
}, 
"ECSServiceRole": { 
    "Type": "AWS::IAM::Role", 
    "Properties": { 
    "AssumeRolePolicyDocument": { 
     "Statement": [ 
     { 
      "Effect": "Allow", 
      "Principal": { 
      "Service": [ 
       "ecs.amazonaws.com" 
      ] 
      }, 
      "Action": [ 
      "sts:AssumeRole" 
      ] 
     } 
     ] 
    }, 
    "Path": "/", 
    "Policies": [ 
     { 
     "PolicyName": "ecs-service", 
     "PolicyDocument": { 
      "Statement": [ 
      { 
       "Effect": "Allow", 
       "Action": [ 
       "elasticloadbalancing:Describe*", 
       "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", 
       "elasticloadbalancing:RegisterInstancesWithLoadBalancer", 
       "ec2:Describe*", 
       "ec2:AuthorizeSecurityGroupIngress", 
       "elasticloadbalancing:DeregisterTargets", 
       "elasticloadbalancing:RegisterTargets" 
       ], 
       "Resource": "*" 
      } 
      ] 
     } 
     } 
    ] 
    } 
}

    • 来源

    2016-09-15 22:06:36 MungeWrath

    +0

    DependsOn属性:http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html – lasec0203

    +1

    对于我来说,关键是'AWS :: ECS :: Service'必须具有'LoadBalancerListener' *和'AWS :: ElasticLoadBalancingV2 :: TargetGroup'的'DependsOn'必须具有'DependsOn'和'EcsElasticLoadBalancer',你不要在你的双重答案中喊出来。另外,我建议你使用官方的AWS PolicyDocument'arn:aws:iam :: aws:policy/service-role/AmazonEC2ContainerServiceRole'而不是自己创建。 – Pete

    相关问题

     相关问题