Menu
I'm trying to create an Application Load Balancer in CloudFormation, with a target group that forwards traffic to EC2 instances. Here is the relevant snippet, where ELBSubnets, ECSCluster, taskdefinition, and VpcId are passed in as parameters:
"EcsElasticLoadBalancer" : { "Type" : "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties" : { "Subnets" : { "Ref" : "ELBSubnets" }, "SecurityGroups": [ { "Ref": "ELBAccessSecurityGroup" } ] } }, "LoadBalancerListener": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { "DefaultActions": [{ "Type": "forward", "TargetGroupArn": { "Ref": "TargetGroup" } }], "LoadBalancerArn": { "Ref": "EcsElasticLoadBalancer" }, "Port": 80, "Protocol": "HTTP" } }, "TargetGroup": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", "Properties": { "Name": { "Fn::Join": [ "-", [ { "Ref": "AWS::StackName" }, "TargetGroup" ] ] }, "Port": 80, "Protocol": "HTTP", "VpcId": { "Ref": "VpcId" } }, "DependsOn": [ "EcsElasticLoadBalancer" ] }, "service": { "Type": "AWS::ECS::Service", "Properties" : { "Cluster": { "Ref": "ECSCluster" }, "DesiredCount": "1", "LoadBalancers": [ { "ContainerName": "main-app", "ContainerPort": 3000, "TargetGroupArn": { "Ref": "TargetGroup" } } ], "Role" : {"Ref":"ECSServiceRole"}, "TaskDefinition" : {"Ref":"taskdefinition"} } }, "ECSServiceRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ecs.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "Policies": [ { "PolicyName": "ecs-service", "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Action": [ "elasticloadbalancing:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "ec2:Describe*", "ec2:AuthorizeSecurityGroupIngress" ], "Resource": "*" } ] } } ] } } I get the following error when creating the service:
The target group with targetGroupArn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxx:targetgroup/AlbServiceStack-TargetGroup/6ba9c037c26cdb36 does not have an associated load balancer.
What am I missing? In the documentation there doesn't seem to be a way to specify a load balancer for the target group.
463
In the navigation pane, under Load Balancing, choose Target Groups. Choose Create target group. For Choose a target type, select Instances to register targets by instance ID; IP addresses to register targets by IP address; or Application Load Balancer to register an Application Load Balancer as a target.
Got it working - the problem was twofold:
"elasticloadbalancing:DeregisterTargets""elasticloadbalancing:RegisterTargets""DependsOn": [ "LoadBalancerListener" ] as an additional attribute.Updated template looks like this:
"EcsElasticLoadBalancer" : { "Type" : "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties" : { "Subnets" : { "Ref" : "ELBSubnets" }, "SecurityGroups": [ { "Ref": "ELBAccessSecurityGroup" } ] } }, "LoadBalancerListener": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { "DefaultActions": [{ "Type": "forward", "TargetGroupArn": { "Ref": "TargetGroup" } }], "LoadBalancerArn": { "Ref": "EcsElasticLoadBalancer" }, "Port": 80, "Protocol": "HTTP" } }, "TargetGroup": { "Type": "AWS::ElasticLoadBalancingV2::TargetGroup", "Properties": { "Name": { "Fn::Join": [ "-", [ { "Ref": "AWS::StackName" }, "TargetGroup" ] ] }, "Port": 80, "Protocol": "HTTP", "VpcId": { "Ref": "VpcId" } }, "DependsOn": [ "EcsElasticLoadBalancer" ] }, "service": { "Type": "AWS::ECS::Service", "DependsOn": [ "LoadBalancerListener" ], "Properties" : { "Cluster": { "Ref": "ECSCluster" }, "DesiredCount": "1", "LoadBalancers": [ { "ContainerName": "main-app", "ContainerPort": 3000, "TargetGroupArn": { "Ref": "TargetGroup" } } ], "Role" : {"Ref":"ECSServiceRole"}, "TaskDefinition" : {"Ref":"taskdefinition"} } }, "ECSServiceRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ecs.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "Policies": [ { "PolicyName": "ecs-service", "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Action": [ "elasticloadbalancing:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "ec2:Describe*", "ec2:AuthorizeSecurityGroupIngress", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:RegisterTargets" ], "Resource": "*" } ] } } ] } } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With