Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Cannot enable Load Balancer in Elastic Beanstalk

0

I have an Elastic Beanstalk enviroinment where I deployed a Node.js application. I created this env without Load Balanacer in single instance mode. Now, I am trying to enable Load Balancer but I am facing issues.

Enter image description here

Themen
KalkulationVernetzung & Bereitstellung von Inhalten
Tags
AWS Elastic BeanstalkElastic Load BalancingApplication Load Balancer
Sprache
English
Muhammad
gefragt vor 7 Monaten248 Aufrufe
1 Antwort
0

Hi, it seems that your S3 bucket denied access from your Elastic Beanstalk environment. Try modify your S3 bucket policy like this (replace 111122223333 to your account ID):

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "eb-af163bf3-d27b-4712-b795-d1e33e331ca4",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::111122223333:root"
      },
      "Action": [
        "s3:ListBucket",
        "s3:ListBucketVersions",
        "s3:GetObject",
        "s3:GetObjectVersion"
      ],
      "Resource": [
        "arn:aws:s3:::elasticbeanstalk-ap-northeast-1-111122223333",
        "arn:aws:s3:::elasticbeanstalk-ap-northeast-1-111122223333/resources/environments/*"
      ]
    },
    {
      "Sid": "eb-58950a8c-feb6-11e2-89e0-0800277d041b",
      "Effect": "Deny",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:DeleteBucket",
      "Resource": "arn:aws:s3:::elasticbeanstalk-ap-northeast-1-111122223333"
    }
  ]
}
profile picture
HS
beantwortet vor 7 Monaten
  • Muhammad
    vor 7 Monaten

    This is my current bucket policy, but the issue is still the same:

    { "Version": "2008-10-17", "Statement": [ { "Sid": "eb-ad78f54a-f239-4c90-adda-49e5f56cb51e", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::427696093870:role/aws-elasticbeanstalk-ec2-role" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870/resources/environments/logs/" }, { "Sid": "eb-af163bf3-d27b-4712-b795-d1e33e331ca4", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::427696093870:root" }, "Action": [ "s3:ListBucket", "s3:ListBucketVersions", "s3:GetObject", "s3:GetObjectVersion" ], "Resource": [ "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870", "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870/resources/environments/" ] }, { "Sid": "eb-58950a8c-feb6-11e2-89e0-0800277d041b", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "s3:DeleteBucket", "Resource": "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870" } ] }

  • HS
    vor 7 Monaten

    Oh, did you use access log for your load balancer? If so, you need to grant s3:PutObject to arn:aws:iam::127311923021:root.

    NOTE: 127311923021 is an AWS account for Elastic Load Balancer in us-east-1 region and you should not replace this to your own account.

    https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt